01
Built for operators, not just auditors
The assessment is designed for founders, IT leads, and small teams that need clarity before customer questionnaires, insurance renewals, or audits.
Prepare for security reviews before they become urgent
Find cybersecurity gaps, prioritize fixes, and prepare evidence before customers, insurers, or auditors ask for it.
No credit cardPlain-language NIST mappingEvidence-first next steps
NIST CSF 2.0ISO 27001SOC 2CIS ControlsGDPRNIS2NIST CSF 2.0ISO 27001SOC 2CIS ControlsGDPRNIS2
cybergapaudit.com / free-assessment
Security posture
0/100
Maturity: DevelopingRisk: Elevated
Maturity band · 16 controls remaining
StrongestGovern 74
WeakestDetect 46
Next review90 days
NIST CSF 2.0 coverage
Framework language becomes actionable control areas.
Govern74%
Identify68%
Protect61%
Detect46%
Respond52%
Recover44%
Top priorities
P1In progress
Enable MFA on all admin accounts
PR.AAEvidence: access-policy export
P2Planned
Centralize security log collection
DE.CMEvidence: SIEM configuration
Methodology & trust
Trust first, because security data is sensitive
CyberGapAudit is not a certification shortcut or black-box score. It is a structured readiness pass: your answers, score, next actions, and evidence needs stay traceable.
What is NIST CSF?
NIST CSF is a practical framework for organizing cybersecurity risk into areas like governance, protection, detection, response, and recovery. CyberGapAudit translates that structure into plain questions and action-oriented next steps.
Inspect a sample output02
Traceable methodology
Questions map to NIST CSF categories. Weak areas are surfaced so remediation work and evidence needs can be prioritized.
03
Honest boundaries
CyberGapAudit is not a formal audit and does not guarantee certification. It helps structure gaps and readiness work before deeper review.
GAP → PLAN
From first gap to remediation plan
Start with a guided assessment, see the weakest areas, then turn them into prioritized work, owners, and evidence.
01
Plain-Language Gap Assessment
Answer focused security questions without needing to know framework terminology first.
GUIDED30 questions
02
Risk Prioritization
Turn low-scoring categories into the first fixes your team should actually tackle.
PROTECT · 41%ranked
03
Evidence Guidance
See what kind of policy, review record, ticket, export, or process would prove improvement.
policy.pdfreview · ticket
04
Repeatable Readiness
Rerun the assessment after remediation so progress becomes visible over time.
+18 ptsre-scored
Plan ready
RISK MATRIX
Your gaps, mapped the way assessors read them
Every weak answer is plotted by likelihood and impact — so the first fixes are obvious, not buried in a score.
LowMediumHighCritical
LIKELIHOOD →
IMPACT →NEGLIGIBLE · SEVERE
Detection gapsAdmin access · MFALogging · backupsGovernance
PLANS · comparison ledger
Start free, then move into execution
Transparent plans for first-pass readiness, deeper assessment, repeat reviews, and actionable remediation roadmaps.
Free
$0
Start the first scan
- ✓Assessment depth — 30 questions
- ✓Posture score — Basic
- ✓Remediation guidance — Top priorities
- ✓Assessments / year — 1
ProfessionalPopular
$199/yr
Annual subscription
- ✓Assessment depth — 106 sectioned
- ✓Posture score — Control breakdowns
- ✓Remediation guidance — Evidence checklist
- ✓Assessments / year — 4
Enterprise
$299/yr
Annual subscription
- ✓Assessment depth — 106 sectioned
- ✓Posture score — Control breakdowns
- ✓Remediation guidance — CSF-aligned plan
- ✓Assessments / year — Unlimited
- ✓Progress + evidence tracking
- ✓Priority support
Ready to make the gaps visible?
Start with the 30-question free assessment. You get an initial risk picture and clear hints on which fixes and evidence matter next.