Organisation Name *
Website
Country / Jurisdiction
Your Role Select role Chief Information Security Officer (CISO) Chief Risk Officer (CRO) IT / cybersecurity team Risk / compliance team Internal audit Board / executive leadership External consultant / assessor Other
Team / Org Size Select size 1–10 employees 11–50 employees 51–200 employees 201–500 employees 501–1000 employees 1001–5000 employees 5001+ employees
Current CSF Tier (self-assessed) Select current tier Tier 1 — Partial (ad hoc, reactive, no formalised processes) Tier 2 — Risk Informed (risk-aware but not organisation-wide) Tier 3 — Repeatable (formally approved policies, consistent practices) Tier 4 — Adaptive (continuous improvement, threat-informed, organisation-wide)
Target CSF Tier Select target tier Tier 1 — Partial (ad hoc, reactive, no formalised processes) Tier 2 — Risk Informed (risk-aware but not organisation-wide) Tier 3 — Repeatable (formally approved policies, consistent practices) Tier 4 — Adaptive (continuous improvement, threat-informed, organisation-wide)
Sector Select sector Technology / SaaS Financial services / banking Healthcare Energy / utilities / critical infrastructure Government / public sector Manufacturing Retail / e-commerce Education Professional services Other
CSF Version in Use Select version NIST CSF 1.1 (current) NIST CSF 2.0 (transitioning) NIST CSF 2.0 (fully adopted) Not yet using NIST CSF