Welcome to the NIST Cybersecurity Assessment Template!

This template is intended to help Cybersecurity and other IT suppliers to quickly establish cybersecurity assessments to engage with their clients and prospects. It is envisaged that each supplier will change it to meet the needs of their particular market.

To best understand how the assessment works from start to finish, we recommend that you answer the questions, as one of your buyers would.  Then you will receive the feedback report - which is the big benefit of the system.  If you implement Brilliant Assessments and the template your buyers would receive the same high-value report immediately.  You get a blind copy too, which is a great way to starting your engagement with them.

Let's get started!

This assessment is based on the NIST Cybersecurity Framework (CSF). It has been modified to give a comprehensive maturity rating for an organization. 

The NIST CSF is separated into 5 functions:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Each Function is broken down into categories:


  • Asset Management(ID.AM)
  • Business Environment (ID.BE)
  • Governance (ID.GV)
  • Risk Assessment (ID.RA)
  • Risk Management Strategy (ID.RM)       


  • Access Control (PR.AC)
  • Awareness and Training (PR.AT)
  • Data Security (PR.DS)
  • Information Protection Processes and Procedures (PR.IP)
  • Maintenance (PR.MA)
  • Protective Technology (PR.PT)


  • Anomalies and Events (DE.AE)
  • Security Continuous Monitoring (DE.CM)
  • Detection Processes (DE.DP) 


  • Response Planning (RS.RP)
  • Communications (RS.CO)
  • Analysis (RS.AN)
  • Mitigation (RS.MI)
  • Improvements (RS.IM) 


  • Recovery Planning (RC.RP)
  • Improvements (RC.IM)
  • Communications (RC.CO)

Instructions for use:

To use the assessment, answer each question with the level of compliance that matches the posture of your organization. 

Each question contains the main question, and often several explanatory sub-questions. The sub-questions are for your consideration when deciding on your response.

Interpreting the answers

Each answer is categorized as to the level of compliance with the controls the question embodies, from “Don't Comply” to “Completely Comply”.

Once a question is answered with the level of compliance your organization is currently achieving, the assessment gives a rating and recommendations on how to raise your level of compliance to the next level.