Interactive Tool — 10 Minutes — Free

Where Does Your Org Fall on the NIST CSF 2.0 Maturity Scale?

23 questions. All 6 CSF 2.0 Functions — Govern, Identify, Protect, Detect, Respond, Recover. Get a function-by-function maturity score mapped to real NIST categories (GV.OC, ID.AM, PR.AA, DE.CM, RS.MA, RC.RP).

Question 1 of 23
0
/ 230
⚠ Your Three Biggest Gaps
CSF 2.0 Function Scorecard
Category Heatmap
Get a free NIST CSF 2.0 implementation roadmap →
Where should we send your NIST CSF 2.0 report?
We'll email a function-by-function maturity breakdown with your top 3 gaps and a next-step implementation roadmap — plus copy john@corerecon.com so you can schedule a free consultation.
↺ Retake the quiz
⚡ Why CSF 2.0 Now?
NIST released CSF 2.0 in February 2024 — the first major revision since 2014. The new Govern function is the biggest addition: organizational context, risk strategy, and supply chain oversight now have equal weight to operational controls.
✦ 6 Functions (was 5 — Govern added)
✦ 106 categories (from 98)
✦ Supply chain risk now explicit
✦ Broadly adopted by TX regulators & insurers
CSF 2.0 Tier Guide
Tier 4 — Adaptive
>85% · 196–230 pts
Tier 3 — Repeatable
65–85% · 150–195 pts
Tier 2 — Risk-Informed
40–65% · 92–149 pts
Tier 1 — Partial
<40% · 0–91 pts
📊 Mid-Market Reality Check
IBM X-Force 2026: manufacturing is now the #1 attacked sector in Texas. Most mid-market orgs without a formal framework score at Tier 1–2 — which means gaps in detection, response, and supply chain that cyber insurers are actively underwriting against.

Scoring based on NIST CSF 2.0 (February 2024). 23 questions across 6 functions, max 230 points. Results are indicative, not a formal CSF assessment or certification.

For a certified NIST CSF gap assessment with implementation roadmap, contact john@corerecon.com or call (800) 955-2596.

CoreRecon · Free Assessment · Manufacturers · Breach Calculator