You can’t plan a journey without knowing where you’re starting from.
The Current State Profile is NexaCore’s honest assessment of where the organization’s cybersecurity program stands right now: before improvements, before investments, and before the rest of this program takes shape. It captures what controls exist, what evidence supports them, and where the gaps are across each of the six NIST CSF 2.0 functions.
This document maps to all six functions of NIST CSF 2.0: Govern, Identify, Protect, Detect, Respond, and Recover. It is the baseline against which every other document in this lab will be measured.
What you’re assessing in this document:
Tip:
Be honest, not aspirational. The value of this assessment comes entirely from its accuracy. A rating of Not Implemented is not a failure: it is useful data. NexaCore has just come through a serious incident, so the current state is expected to be immature in several areas. Rate based on what genuinely exists today, and use the Gap field to note what would need to change to reach the next tier.
The scorecard at the top of the results view will automatically count your tier ratings, giving you an at-a-glance picture of NexaCore’s overall security posture.