13 March 2026

NIST 2.0 Cybersecurity Assessment
Evaluate your security posture for free

All news
·CybersecurityNIST 2.0Assessment

What is the NIST CSF 2.0 assessment

A new free cybersecurity self-assessment tool, developed by AtWorkStudio and based on the NIST Cybersecurity Framework 2.0, is now available at nist.atws.app. The application allows any organisation to independently evaluate its cybersecurity posture by answering 106 structured questions in approximately 15 minutes. Upon completion, a detailed report is sent immediately via email.

Why NIST CSF 2.0

The NIST Cybersecurity Framework 2.0 is the internationally recognised standard for cyber risk management, published by the National Institute of Standards and Technology (NIST) in the United States. Version 2.0, released in 2024, introduces the Govern function and extends its applicability to all organisations, not just critical infrastructure. Using NIST CSF 2.0 as the foundation for the assessment ensures a recognised, structured approach aligned with international best practices.

The 6 framework functions

The assessment covers all six NIST CSF 2.0 functions:

  • Govern – Cybersecurity governance: policies, roles, responsibilities and risk management at the organisational level.
  • Identify – Asset inventory, understanding the business context and risk assessment.
  • Protect – Security measures to safeguard systems, data and infrastructure.
  • Detect – Capabilities to promptly identify security events and anomalies.
  • Respond – Plans and procedures for managing security incidents.
  • Recover – Strategies for restoring services and operations after an incident.

How it works

The process consists of three simple steps:

  1. Answer the questions – 106 questions written in accessible language, designed for business decision-makers, not just technical staff.
  2. Receive your report – Upon completion, a detailed report with scores for each of the 6 functions is sent immediately to your email.
  3. Act on the results – Use the report to identify areas for improvement and set intervention priorities.

Who it is for

The assessment has been designed for entrepreneurs, managers and business decision-makers. The questions are written in accessible Italian, avoiding technical jargon, to enable anyone leading an organisation to understand and evaluate their cyber risk exposure. It is useful for businesses of any size and sector.

Privacy and GDPR

The application is GDPR compliant. The data collected is used exclusively to generate the report and can be deleted upon request. AtWorkStudio is ISO/IEC 27001 and ISO 9001 certified, ensuring information security and process quality.

The assessment is completely free and accessible without prior registration. To start your evaluation, visit nist.atws.app.

Start the assessmentContact us