PLATFORM CAPABILITY

Maturity assessments that show the next step, not just the gap.

Auto-scored against Essential Eight ML0–ML3, ISO 27001 Annex A, and NIST CSF. Every assessment ships with a prioritised remediation path your team can actually execute.

Start your baseline → See how it works

4 standards out of the box 30 min to first score Board-ready on day one

WHAT YOU GET

Three things, every time you run an assessment.

No 90-page guide. No 8-hour workshop. The platform does the scoring, the maths, the pack.

Auto-scored maturity, every control.

Plain-English questions roll up into a level per control family, a level per strategy, and an overall score. Recalculates the second evidence lands.

Per control · Per family · Overall

The next step, surfaced.

For every score, the highest-impact next control to lift it. Ranked by effort vs maturity gain, with the evidence you'd need and an owner suggestion.

Prioritised · Effort-scored · Owned

A board-ready maturity report.

One-click PDF. Cover page, scope, methodology, scores per family, prioritised next steps, evidence appendix. Versioned, signed-off, regulator-friendly.

PDF · Versioned · White-label

IN THE PRODUCT

Every control, assessed and tracked.

Drill into any control for its reference definition, implementation status, target date, evidence, and cross-standard reach — the unit of work behind every maturity score.

app.cybereen.com / controls / applied / AAT-01

LIVE

Applied control detail — AAT-01 AI & Autonomous Technologies Governance: reference control, implementation status, target date, and Evidence / Cyber at Scale / Audit History tabs.

HOW IT WORKS

Three steps. 30 minutes to first score.

From "we should probably do an assessment" to "here's our ML1.4 and the next step", in one sitting.

Step 01

Pick your standard.

Choose Essential Eight, ISO 27001 Annex A, NIST CSF 2.0, APRA CPS 234, or any combination. Cybereen pre-loads the control list. Bring a custom XLSX/CSV if you have one.

E8 ISO 27001 NIST CSF CPS 234 CUSTOM

✓ 2 frameworks selected · 152 controls

Step 02

Answer the questions.

Plain-English, with examples and inline guidance. Attach evidence as you go. Collaborate with field-level audit trail. Save and resume across sessions.

✓ MFA on external services

✓ Patch apps within 48 hours

· Backups tested daily

· User app hardening

Step 03

See your maturity score.

Radar chart per control family, ML score per strategy, prioritised next steps with effort-vs-gain ranking. Export to PDF, share with the board, hand off to your partner.

Overall · ML1.4 Target · ML2.0 Gap · +0.6

IN PRACTICE

What an Essential Eight uplift looks like.

Government teams and regulated businesses use Cybereen to move from a scattered ML0/ML1 to an audit-defensible ML2 — with the next step always ranked, never guessed.

ILLUSTRATIVE · ESSENTIAL EIGHT · ML0 → ML2

From a scattered baseline to audit-defensible ML2, on one control library.

A typical journey starts at a scattered ML0/ML1 across the eight strategies. Cybereen surfaces the highest-impact next steps — daily restore-tested backups, macro hardening, an OS patch SLA, admin-privilege time-boxing — ranked by what moves maturity fastest. Your team owns the implementation; the platform tracks the evidence and scores the progress.

ML0–ML3

Auto-scored
per strategy

Next step

Ranked by impact,
not guesswork

Evidence

Captured & dated
as you answer

Board pack

Auto-generated
from the same data

PART OF THE PLATFORM

One assessment. Many surfaces it feeds.

Maturity assessments don't sit on an island. They consume evidence, drive multi-standard mapping, and roll up into the reports your auditor and board actually open.

Feeds in

Evidence Library

screenshots · configs · sign-offs

Multi-Standard Mapping

one answer → many standards

YOU ARE HERE

Maturity assessments

Auto-scores the controls you've answered, surfaces the next step, drafts the report. Recalculates the moment evidence lands.

E8 ISO 27001 NIST CSF CPS 234

Feeds out

Reporting

board · auditor · regulator packs

Risk Register

residual ratings & treatment

ONE EVIDENCE MODEL

Answer a control once. It scores in every standard that asks for it, rolls into the report that needs it, and updates the residual risk it touches. No retyping. No reconciling.

FAQ

The three we get asked first.

How long does an initial assessment take? +

30 minutes for a starter Essential Eight baseline. 2–4 hours for a full ISO 27001 Annex A walkthrough. Most teams answer roughly half the questions on the first sitting and resume the rest over the week — the assessment auto-saves at the field level.

Can multiple people answer the same assessment? +

Yes. Assessments are collaborative, with a field-level audit trail — who answered, when, with what evidence. Assign control owners, request review, lock answers for sign-off. Every change is versioned, so a reviewer can see exactly what shifted between draft and final.

Do you support custom frameworks? +

Yes. Bring any XLSX or CSV control list, or write your own directly in Cybereen. Custom frameworks score the same way as the built-in ones, map to the same evidence library, and feed the same reports. Common asks include SOC 2, PCI DSS, internal control catalogues, and parent-company frameworks for AU subsidiaries.

Score your baseline in 30 minutes.

Pick a standard, answer the questions, get the next step. No 90-page guide. No 8-hour workshop. No new spreadsheet.

Start your baseline → See the full platform