🔐
NIST CSF 2.0 Workbook
NIST Cybersecurity Framework (CSF) 2.0 Self-Assessment Working copy – not an official NIST form
Use this page to capture assessment notes and status for a organization's CSF 2.0 readiness (plain-language guide). Progress can be saved locally, exported to JSON, or printed.
Important: Unofficial tool + local-only storage
Read before use
- Unofficial resource: Not an official NIST workbook and not endorsed by NIST.
- No sensitive data: Do not enter secrets or regulated/sensitive data into this workbook.
- Storage: “Save Session” uses your browser’s localStorage on this device. It is not encrypted. Don’t use on shared/public computers.
- Authority: Your governing policies, auditors, and legal counsel are the authoritative sources for requirements and interpretations.
- Official references: NIST Cybersecurity Framework (CSF) · CSF 2.0 Core (CSWP 29) · CSRC Reference Tool
CSF Core Coverage
Cities/Counties friendly
Leadership + IT collaboration
1. Organization & Scope
Context & identifiers
Agency Name *
Org/Dept Identifier
State/Region (optional)
Assessment Date
Assessor
Contact Email
Scope Notes
Helpful for documenting what is (and is not) in-scope: critical services, systems, cloud apps, and key vendors.
Assessment Type
Adjust language in notes to match purpose (formal vs. informal).
2. Governance & Key Contacts
Governance (GV) focus
IT/Security Lead (or Designee)
IT/Security Contact
Security Officer / Point of Contact
Security POC Contact
IT / ISO Lead
IT / ISO Contact
Leadership & Cyber Contacts
Evidence of assigned roles/responsibilities and points of contact.
Core Cyber Policies (plain language)
View suggested governance evidence
3. CSF Functions & Categories — Assessment Items
Functions: GV / ID / PR / DE / RS / RC
Use the controls below to track status by CSF Function. The main goal is to capture practical status for the organization:
how each control is implemented, any gaps, and follow-up actions.