Releases: SentiConSecurity/NIST_CSF_Maturity_Tool
NIST CSF 2.0 Tool v1.1
Release Notes: June 6, 2025
-- Added the Year-over-Year tracker to the repository. Thanks to SA for notifying.
Disregard the tar/zip files in the release. They are empty. Download the files individually.
NIST CSF 2.0 Tool v1.0.3
Disregard the tar/zip files in the release. They are empty. Download the files individually.
February 15, 2025
-- This is a documentation update only. Clarified instructions.
NIST CSF 2.0 Tool v1.0.2
Disregard the tar/zip files in the release. They are empty. Download the files individually.
October 6, 2024
-- Updated the ranges in the Spider Chart. The spider chart did not display all of the NIST categories even though they were in the table.
NIST CSF 2.0 Tool v1.0.1
Disregard the tar/zip files in the release. They are empty. Download the files individually.
August 18, 2024
- Documentation update only. No functional changes are necessary.
-- Updated links within the 'References' tab of the spreadsheet.
-- Added CSF v2.0 to v1.1 cross-reference file for users of the previous version of the tool.
March 4, 2024
As promised, I have updated the CSF tool to reflect the new NIST CSF 2.0 version released on February 26, 2024.
While the tool has maintained much of its heritage from prior versions, there have also been some much-needed UI improvements for this release.
- Readability enhancements : Cleaner fonts, better spacing, and highlighting make the summary page easier to read.
- Added the number of controls each category contains.
- Added ‘reasoning’ sections to the scoring page so the justification for the assigned scores can also be tracked.
- Corrected conditional formatting on the CSF and Privacy summary tabs to function cleanly.
- Removed the password protection of cells.
Full Changelog: Retired...CSF2.0_v1.0.1
NIST CSF 2.0 Tool v1.0.0
March 4, 2024
As promised, I have updated the CSF tool to reflect the new NIST CSF 2.0 version released on February 26, 2024.
While the tool has maintained much of its heritage from prior versions, there have also been some much-needed UI improvements for this release.
- Readability enhancements : Cleaner fonts, better spacing, and highlighting make the summary page easier to read.
- Added the number of controls each category contains.
- Added ‘reasoning’ sections to the scoring page so the justification for the assigned scores can also be tracked.
- Corrected conditional formatting on the CSF and Privacy summary tabs to function cleanly.
- Removed the password protection of cells.
NIST CSF 1.1 Tool v2.1
Retired version NIST CSF 1.1
This worksheet is the culmination of over a decade of measuring the maturity of various security programs. This current iteration is founded on the 2018 NIST Cybersecurity Framework (CSF) with the addition of maturity levels for both policy and practice.
- Policy Maturity: How well do your corporate policies, procedures, standards, and guidelines satisfy the NIST CSF requirements?
- Practice Maturity: How well do your actual operational practices satisfy the NIST CSF requirements regardless of what your policies & standards say?
The goal of the Maturity Level descriptions is to provide some guidance around what good practices look like. If, for example, you believe that a 5% policy exception rate is to high for a Level 3 maturity, feel free to change it to better suit your needs.
Finally, this is in no way intended to infringe upon any work the good folks over at NIST have done. All of the questions and associated information on the ‘NIST CSF Details’ tab is completely owned by NIST. Certain cells are protected so the user doesn't accidentally step on a formula. You can unprotect the worksheet using password '2018NISTCMM'
NIST CSF Framework v1.1 (April, 2018) - https://www.nist.gov/cyberframework
NIST Privacy Framework 1.0 (January, 2020) - https://www.nist.gov/privacy-framework
I hope you find this useful.