Frameworks

Framework Workbench

Visualize controls and capture assessment evidence in one place. Add interview notes and paste tool output directly against each framework control.

Select framework

Organize interview evidence and scan output by core cybersecurity functions.

Autosaved locally

Govern

Control

Status

Interview Notes

Tool Output

gv-1

Risk management strategy

Define how cybersecurity risk is identified, assessed, and managed.

Status

Interview Notes

Tool Output

gv-2

Roles and accountability

Establish ownership for cybersecurity decisions and operations.

Status

Interview Notes

Tool Output

Protect

Control

Status

Interview Notes

Tool Output

pr-1

Identity and access management

Ensure users and systems get least-privilege access to resources.

Status

Interview Notes

Tool Output

pr-2

Awareness and training

Train personnel to recognize threats and follow secure practices.

Status

Interview Notes

Tool Output

Detect

Control

Status

Interview Notes

Tool Output

de-1

Anomaly and event detection

Identify abnormal behavior and potentially malicious activity.

Status

Interview Notes

Tool Output

de-2

Continuous monitoring

Monitor systems and networks for security-relevant events.

Status

Interview Notes

Tool Output

Respond & Recover

Control

Status

Interview Notes

Tool Output

rs-1

Incident response execution

Contain, eradicate, and communicate during active incidents.

Status

Interview Notes

Tool Output

rc-1

Recovery planning and lessons learned

Restore services and improve controls after incidents.

Status

Interview Notes

Tool Output

Assessment Guidance

Use interview notes to capture policy/process context and tool output for technical evidence. Controls marked as gaps can be prioritized for remediation planning and final reporting.