NIST Maturity Assessment Tool

Identify

In 'Identify' we need to understand your organisational set up to effectively manage cybersecurity risk to systems, people, assets, data, and capabilities.

ID.AM Asset Management
Are you aware of all the systems, websites, and domain names you use?
ID.GV Governance
Do you have established procedures and policy documents for risk management?
ID.RA Risk Assessment
Have you identified and taken additional measures to safeguard your company's 'crown jewels' (systems and data), both internally and externally?
Protect

The Protect category focuses on developing and implementing safeguards to ensure the continuous delivery of critical services.

PR.AC Identity Management, Authentication and Access Control
Are advanced access controls, like Multi-Factor Authentication (MFA) and Single Sign-On (SSO), implemented for email, core applications such as databases and other critical applications?
PR.AT Awareness and Training
Are all employees are regularly trained in cyber security, including spam and phishing recognition?
PR.DS Data Security
Is data protection aligned with an established risk policy to ensure confidentiality, integrity and availability?
PR.IP Information Protection Processes and Procedures
Are there clear roles and responsibilities defined for protecting information
PR.MA Maintenance
Is there a designated individual responsible for timely updates, with established SLAs?
PR.PT Protective Technology
To what extent have technical solutions been implemented to protect and defend systems and assets?
Detect

The Detect category centres on developing and implementing strategies to identify cybersecurity incidents when they occur.

DE.AE Anomalies and Events
Is your network equipped to promptly detect and respond to malicious activities?
DE.CM Security Continuous Monitoring
How are security alerts from different systems handled?
Respond

The Respond category involves the development and execution of suitable activities to respond effectively when a cybersecurity incident is detected. It encompasses the processes and actions taken to address and mitigate the impact of such incidents swiftly and efficiently.

RS.RP Response Planning
In case of a cybersecurity incident outside regular office hours, do you have confidence that it will be handled appropriately?
RS.IM Improvements
Do you have a clear understanding of past incidents and the actions taken to prevent their recurrence?
RS.AN Analysis
Do the individuals responsible for evaluating security alerts have the necessary knowledge and experience to do so effectively?
Recover

The Recover category focuses on activities to ensure resilience and restore capabilities or services impaired by cybersecurity incidents.

RE.RP Recovery Planning
How confident are you that your business would recover quickly in the event of an incident right now?
Contact info

Thank you for completing the NIST Maturity Assessment Tool. To access your personalised results, please provide your contact details below.