Directions

• Review the ‘Maturity Levels’ tab to gain an understanding of how to rank each of the controls in the ‘NIST CSF Details’ tab. There are different meanings for each level of maturity between policy column versus the practices column. The expectations reflected in these maturity levels are based on years of experience in multiple organizations. However, feel free to adjust them as needed for your particular circumstances.

• On the ‘CSF Summary’ tab, review the Target Scores for applicability within your organization. In most cases, the target of some controls will be different than others. This is meant to be an ‘end goal’ of what you think is the right level of control for your organization.

• Using the 1-5 values in the Maturity tab, enter a value in each of the Policy/Practice cells. To provide as much functionality as possible, you are not locked into a hard 0-5 value; partial values (i.e. 2.5) are permitted.

Caution

Sample values are provided only to demonstrate the chart's functionality on the ‘CSF Summary’ page.

Clear the existing values in rows G and I in the 'CSF 2.0' tab before beginning your assessment.