13 March 2026

NIST 2.0 Cybersecurity Assessment
Evaluate your security posture for free

All news
·CybersecurityNIST 2.0AssessmentSelf-Assessment
Questions106
Time required~15 minutes
NIST functions6 areas

What is the NIST CSF 2.0 assessment

A free cybersecurity self-assessment tool, developed by AtWorkStudio and based on the NIST Cybersecurity Framework (CSF) 2.0, is available at nist.atws.app. The application allows any organisation to independently evaluate its cybersecurity posture by answering 106 structured questions in approximately 15 minutes. Upon completion, a detailed report is sent immediately via email.

Why NIST CSF 2.0

The NIST Cybersecurity Framework 2.0 is the internationally recognised standard for cyber risk management, published by the National Institute of Standards and Technology (NIST) in the United States. Version 2.0, released in 2024, introduces the Govern function and extends its applicability to all organisations, not just critical infrastructure. Using NIST CSF 2.0 as the foundation for the assessment ensures a recognised, structured approach aligned with international best practices.

The framework also underpins the requirements of the NIS2 Directive and the DORA Regulation: an assessment based on NIST CSF 2.0 is the ideal starting point for a compliance journey.

The 6 framework functions

The assessment covers all six NIST CSF 2.0 functions:

  • 1Govern— Cybersecurity governance: policies, roles, responsibilities and risk management at the organisational level.
  • 2Identify— Asset inventory, understanding the business context and risk assessment.
  • 3Protect— Security measures to safeguard systems, data and infrastructure.
  • 4Detect— Capabilities to promptly identify security events and anomalies.
  • 5Respond— Plans and procedures for managing security incidents.
  • 6Recover— Strategies for restoring services and operations after an incident.

How it works

The process consists of three simple steps:

  1. 1Answer the questions— 106 questions written in accessible language, designed for business decision-makers, not just technical staff.
  2. 2Receive your report— Upon completion, a detailed report with scores for each of the 6 functions is sent immediately to your email.
  3. 3Act on the results— Use the report to identify areas for improvement and set intervention priorities with the support of our cybersecurity services.

Who it is for

The assessment has been designed for entrepreneurs, managers and business decision-makers. The questions are written in accessible language, avoiding technical jargon, to enable anyone leading an organisation to understand and evaluate their cyber risk exposure. It is useful for businesses of any size and sector, from SMEs to large organisations.

It is particularly suited to organisations subject to the NIS2 Directive or the DORA Regulation, which need an initial security posture assessment before embarking on a structured compliance programme.

Privacy and GDPR

The application is GDPR compliant. The data collected is used exclusively to generate the report and can be deleted upon request. AtWorkStudio is ISO/IEC 27001, 27017, 27018 and ISO 9001 certified, ensuring information security and process quality.

Frequently asked questions

What is AtWorkStudio's NIST CSF 2.0 assessment?

It is a free cybersecurity self-assessment tool based on the NIST Cybersecurity Framework 2.0. It allows any organisation to evaluate its security posture by answering 106 structured questions in approximately 15 minutes, with a detailed report sent immediately via email.

How long does the assessment take?

The assessment takes approximately 15 minutes. It consists of 106 questions written in accessible language, designed for business decision-makers, not just technical staff. The report is sent immediately upon completion.

What areas does the assessment cover?

The assessment covers all six NIST CSF 2.0 functions: Govern (cybersecurity governance), Identify (asset inventory and risk assessment), Protect (safeguarding systems and data), Detect (identifying anomalies), Respond (incident management) and Recover (restoring operations).

Is the assessment really free?

Yes, the assessment is completely free and accessible without prior registration. There are no hidden costs. AtWorkStudio provides it as a first step to help organisations understand their cyber risk exposure.

Is my data safe?

The application is GDPR compliant. The data collected is used exclusively to generate the report and can be deleted upon request. AtWorkStudio is ISO/IEC 27001, 27017, 27018 and ISO 9001 certified.

Sources

Learn more

Cybersecurity ServicesNIS2 DirectiveDORA RegulationVAPTCSIRT OutsourcingCertifications

Evaluate your security posture

106 questions, 15 minutes, immediate report. The assessment is free, requires no registration and is based on the NIST CSF 2.0 framework. If you need support to improve your results, get in touch.

Start the assessment Contact us