NIST CSF Maturity Assessment

Our client for this engagement was a high-profile Australian brand which gathers and holds very sensitive data on Australian consumers.


The client’s executive management team approached elevenM as they were finding it difficult to articulate their cyber security posture to their non-executive governance committees.

Our role

elevenM was asked to produce an independent assessment of the client’s current cyber maturity level and to outline where elevenM thought investment was needed.

What we did

  • To deliver this engagement we leveraged our cyber maturity assessment platform.  This platform is based on the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) v1.1.*
  • The assessment was completed through interviews with key stakeholders and through the review of relevant artefacts.
  • Upon completion of the assessment we provided the client with an executive report outlining their current and desired maturity against each category of the CSF. We also provided the executive team with practical insights on how to lift their maturity in order to mitigate the threats in which their business operated.

*As the CSF lacks any measurements or indications of maturity, we have (using our collective experiences) developed a set of maturity measures against each CSF sub-category.

Example platform reports

Maturity by NIST CSF Function

by function

Maturity by NIST CSF Category

by category

Comparison to previous maturity by NIST CSF Category

We subsequently provided an update to the original assessment which now enables the client to leverage a comparison report to their previous current state.