NIST CSF 2.0 Maturity Assessment

1. Initial

Reactive, ad-hoc practices; success depends on individuals.

2. Repeatable

Basic processes exist and can be repeated with some consistency.

3. Defined

Processes are documented, standardized, and communicated.

4. Managed

Processes are measured, monitored, and controlled for quality.

5. Optimizing

Continuous improvement through feedback, metrics, and innovation.