NIST CSF Assessment
The NIST Cyber Security Framework provides a structured, globally recognised baseline for measuring and improving cyber security maturity. We conduct CSF assessments for three distinct purposes: as a security posture benchmark for any organisation; as a structured evaluation of third-party suppliers for supply chain due diligence; and in support of cyber insurance underwriting — helping insurers profile applicants, make informed go/no-go decisions and support metric-based premium calculations. We cover both IT and OT infrastructures across all market sectors.
Discuss your needsWhat's included
- Full NIST CSF assessment across all functions and categories
- Benchmark score for each CSF function and category
- Graphical compliance display for at-a-glance risk reference
- Year-on-year trend analysis where historical data is available
- IT and OT infrastructure coverage across all market sectors
- Supply chain and third-party security assessments
- Cyber insurance underwriting support and applicant profiling
- Competitive benchmarking against sector peers
- Current threat analysis for the applicant's operating sector
- Templated deliverables to minimise time and cost
- Secure report delivery to required destinations
Our approach
Scoping & Information Gathering
We establish the scope of the assessment and gather the information needed — reviewing underwriting submissions, documentation and presentations, and attending market calls where required to build an accurate profile of the organisation.
CSF Assessment & Profiling
We systematically evaluate the organisation against each NIST CSF function and category — covering Govern, Identify, Protect, Detect, Respond and Recover — across IT and OT environments as applicable.
Scoring & Analysis
We produce benchmark scores for each CSF function and category, identify gaps and prioritise risks. Where historical data is available we analyse year-on-year trends to show the direction of travel — particularly valuable for insurers reviewing repeat applicants.
Report & Delivery
We deliver clear, easy-to-digest reports with graphical compliance displays, sector threat context and — where requested — competitive benchmarking against sector peers. Reports are delivered securely to your required destinations.
Cybersecurity Maturity Assessment for Investors & Insurers
Cybersecurity risk is one of the most underweighted factors in investment due diligence and insurance underwriting — yet a single incident can wipe out years of value creation or generate a major claim. We use the NIST CSF to give investors, acquirers and cyber insurers a clear, consistent and evidence-based view of an organisation's cybersecurity maturity. Each of the six framework functions is scored on a 1–5 scale, producing a structured risk picture meaningful to both technical and non-technical stakeholders.
Pre-Deal Risk Clarity
Surface cyber risk before commitment — not as a surprise post-close. Understand exactly where a target stands before capital is deployed.
Consistent Portfolio Benchmarking
Score every portfolio company on the same scale for meaningful comparison across investments and over time.
Board & IC-Ready Output
Maturity scores and narrative findings that non-technical decision-makers — investors, board members and investment committees — can act on directly.
Ongoing Monitoring
Annual re-assessments track improvement and demonstrate value creation across the investment lifecycle.
Cyber Insurance Underwriting
NIST CSF maturity scores give underwriters an objective, structured basis for applicant profiling, risk pricing and go/no-go decisions — with annual re-assessments supporting policy renewals and tracking whether security posture improves.
Other services
PCI DSS Compliance
Qualified Security Assessor services
AWS Security Review
Is your cloud deployment secure?
Merchant Processing (USA)
Registered ISO for US B2B payment systems
Security Audit & Risk Assessment
Independent assurance from a senior practitioner
Penetration Testing
Find weaknesses before attackers do
AI Security Consultancy
Securing AI systems and harnessing AI for security
Ready to get started?
Many engagements begin with a short discovery call. There's no obligation — just an honest conversation about where we might be able to help.
Get in touch