Don't show again

🧑‍💼

🏢

🏢

🚨

🎯

🔐 👤 💻 🌐 📧

🚀

Build Your Security Program

Assess each domain to create a comprehensive security maturity roadmap aligned with NIST CSF 2.0

Security Program Maturity

0 of 13 domains assessed

0%

Tier 1: Foundation 0/5

Tier 2: Detection 0/3

Tier 3: Governance 0/2

Tier 4: Advanced 0/3

Tier 1

Foundation - Implement First

Core security controls that form the foundation of your security program

No login required

🔐

Identity & Access Management

Authentication, authorization, privileged access, and identity lifecycle management

Not assessed

No login required

💻

Endpoint Security

EDR/XDR, antivirus, patch management, device hardening, and mobile device security

Not assessed

No login required

🌐

Network Security

Firewalls, segmentation, IDS/IPS, DNS security, and DDoS protection

Not assessed

No login required

💾

Data Security & Encryption

Data classification, encryption at rest/transit, DLP, and data lifecycle management

Not assessed

📧

Email Security

Anti-phishing, DMARC/SPF/DKIM, email DLP, secure email gateways, and BEC protection

Not assessed

Tier 2

Detection & Response

Advanced monitoring and response capabilities to identify and contain threats

🎯

Security Monitoring & Detection

SIEM, SOC operations, threat intelligence, log management, and anomaly detection

Not assessed

🔍

Vulnerability Management

Vulnerability scanning, patch management, penetration testing, and attack surface management

Not assessed

🚨

Incident Response & Recovery

IR plans, playbooks, forensics, backup/DR, and business continuity

Not assessed

Tier 3

Governance & Culture

Strategic oversight and human-focused security controls

📋

Governance, Risk & Compliance

Security policies, risk assessments, compliance frameworks (SOC 2, ISO 27001, PCI-DSS), and audit readiness

Not assessed

🎓

Security Awareness & Training

Phishing simulations, security training programs, and security culture metrics

Not assessed

Tier 4

Advanced & Specialized

Specialized capabilities for modern infrastructure and supply chain

☁️

Cloud Security

CSPM, CWPP, cloud IAM, container security, serverless security, and multi-cloud governance

Not assessed

⚙️

Application Security

Secure SDLC, SAST/DAST, code review, API security, and WAF

Not assessed

🤝

Third-Party Risk Management

Vendor security assessments, SLA management, supply chain security, and fourth-party risk

Not assessed

Security Program Overview

Comprehensive view of your security posture across all 13 domains

Overall Security Maturity

0.0

out of 4.0

0 of 13 domains assessed

Domain Maturity Heat Map

Level 3-4: Managed/Optimized Level 2: Defined Level 1: Developing Level 0: Initial Not Assessed

✓

0

Assessed Domains

⚠️

0

High Priority Gaps

📊

0.0

Average Maturity

🎯

0

Total Gap to Target

Top Priorities Across All Domains

Security Assessment Reports

Generate professional reports for executives, auditors, and stakeholders

📊

Recommended

Executive Summary

Board-ready overview of your security posture with key metrics, priorities, and recommendations

⏱️ 2 min read 📄 5-7 pages 👔 C-Level

📋

Coming Soon

Detailed Assessment

Comprehensive technical analysis across all 13 security domains with capability breakdowns

⏱️ 30 min read 📄 40+ pages 🔧 Technical

✅

Coming Soon

Compliance Mapping

NIST CSF 2.0 and NIST 800-53 control coverage analysis with gap identification

⏱️ 15 min read 📄 15-20 pages ⚖️ Auditors

📈

Coming Soon

Progress Over Time

Historical trend analysis showing security program improvement and ROI metrics

⏱️ 10 min read 📄 10-12 pages 📊 Metrics

🎯

Coming Soon

Remediation Plan

Actionable 30/60/90-day roadmap with prioritized initiatives and resource requirements

⏱️ 20 min read 📄 25-30 pages 🚀 Planning

💰

Coming Soon

Budget Justification

Investment recommendations with ROI analysis and risk-based funding priorities

⏱️ 10 min read 📄 8-10 pages 💼 Finance

Settings

Customize your security assessment experience

🏢 Organization Profile

Help us provide more accurate benchmarks by telling us about your organization

Organization Name Optional - used for reports and exports

Organization Size

Industry Sector

💡 Why this matters: Your organization size and industry determine which benchmark data we use for comparison. For example, financial services companies are compared against other financial services, not small businesses.

📊 Benchmark Preferences

Control how industry benchmarks are displayed

Show benchmark comparisons in reports and dashboards Displays how your security maturity compares to industry averages

Active Benchmark Profile Choose which peer group to compare against. "Auto" uses your organization profile.

☁️ Account & Cloud Sync

Manage your account and cloud backup settings

⚠️ Danger Zone

Permanently delete your account and all associated data. This action cannot be undone.

IAM Maturity Assessment

Current vs Target Maturity

0

Level 0

Initial / Ad-hoc

1

Level 1

Developing

2

Level 2

Defined

3

Level 3

Managed

4

Level 4

Optimized

Current State (Level 2)

Target State (Level 3)

Target Recommendation (Level 3):

Based on your profile (mid-market, regulated data, internet-facing services, high uptime requirements), we recommend achieving Level 3 maturity. This provides robust identity controls with centralized management, MFA enforcement, and role-based access without over-engineering for your organization's size and risk profile.

← Your IAM Roadmap

Retake Assessment

📋 Framework Version: This roadmap uses NIST Cybersecurity Framework (CSF) 2.0 categories mapped to NIST SP 800-53 Rev 5 controls per official NIST guidance.

Q1 2026

Jan - Mar

Q2 2026

Apr - Jun

Q3 2026

Jul - Sep

Q4 2026

Oct - Dec

📅 Timeline Planning Notes:

Timelines are estimated based on typical mid-market implementations. Actual duration depends on resource availability, vendor selection, and organizational complexity. Critical dependencies are sequenced appropriately (e.g., MFA before PAM).

⚠️ Critical Gaps Identified

The table below shows your current maturity level vs. recommended target for each capability. Gaps of 2+ levels are considered high-priority risks.

Capability	Current	Target	Gap	Priority	Impact

Total Gaps Identified

8

Critical Priority Items

3

📋 Capability View Tutorial

What This View Shows

The Capability View organizes your security roadmap into three strategic phases based on your assessment results:

Now (0-3 months): Critical priorities that address your largest gaps and highest risks
Next (3-9 months): Important capabilities that build on foundational work
Later (9-18 months): Advanced capabilities for long-term maturity

How to Read Each Card

Title: The security capability to implement
Description: What you'll build and why it matters
NIST Tags: Framework mappings to NIST CSF 2.0
Gap: How many maturity levels you need to advance
Duration: Estimated implementation time
Dependencies: Prerequisites that must be completed first

How Priorities Are Calculated

Capabilities are prioritized based on:

Gap size (larger gaps = higher priority)
Current maturity level (lower levels = higher risk)
Dependencies (foundation before advanced features)

📅 Timeline View Tutorial

What This View Shows

The Timeline View provides a calendar-based roadmap showing when each capability will be implemented across the year.

How to Read the Timeline

Timeline Bars: Each colored bar represents one capability implementation
Bar Position: Shows which quarter(s) the work will occur
Bar Width: Indicates duration of implementation
Bar Color:
- Blue (Now) = Immediate priorities
- Purple (Next) = Near-term goals
- Gray (Later) = Long-term vision
Duration Label: Estimated weeks to complete

Understanding the Schedule

Capabilities are sequenced to:

Tackle critical risks first
Build foundations before advanced features
Respect dependencies (e.g., MFA before PAM)
Distribute workload across quarters

📌 Note: Timelines are estimates based on typical mid-market implementations. Adjust based on your team's capacity and vendor selection.

📊 Gap Analysis Tutorial

What This View Shows

The Gap Analysis provides a detailed comparison of your current security maturity versus recommended target levels for each capability.

Understanding the Table

Capability: The security practice being evaluated
Current: Your maturity level from the assessment (0-4)
- 0 = None/Ad-hoc
- 1 = Initial/Basic
- 2 = Managed/Developing
- 3 = Defined/Mature
- 4 = Optimized/Advanced
Target: Recommended level based on your organization's risk profile
Gap: Difference between target and current (Target - Current)
Priority:
- Critical = Gap ≥3 or (Gap ≥2 and Current ≤1)
- High = Gap ≥2 or (Gap ≥1 and Current =0)
- Medium = Gap ≥1
- Low = Gap <1
Impact: Business and security consequences of the gap

How to Use This View

Focus on Critical and High priority gaps first
Review the Impact column to understand business risks
Use this data to justify security investments to leadership
Track progress by retaking the assessment quarterly

Summary Statistics

The cards at the bottom show:

Total Gaps: How many capabilities need improvement
Critical Priority Items: Urgent risks requiring immediate attention