The most comprehensive NIST CSF 2.0 documentation toolkit available. Anchored on the official MS-ISAC 2024 Policy Template Guide. Cross-mapped to ISO 27001:2022 and CIS Controls v8. AI security extensions included. Deploy a complete governance programme in days, not months.
Every document traces back to a specific NIST CSF 2.0 subcategory. Every cross-reference is built in. Open, customise, deploy.
Governance policies, cybersecurity strategy, roles & responsibilities, risk management strategy, supply chain risk management, oversight reporting.
Asset management, risk assessment, business environment analysis, improvement planning, vulnerability management.
Access control, awareness & training, data security, platform security, information protection processes, technology infrastructure resilience.
Continuous monitoring, adverse event analysis, detection processes, security event logging and alerting.
Incident management, response procedures, reporting & communication, mitigation. Standard adds 5 scenario-specific playbooks.
Recovery planning, recovery execution procedures, communication coordination, business continuity restoration.
AI acceptable use, risk assessment, security controls, incident response โ mapped to NIST AI RMF 1.0 and OWASP Top 10 for LLMs 2025.
Master cross-reference workbook, compliance mapping, security metrics & KPI dashboards, audit readiness checklists, exception management.
README, quick-start guide. Standard adds RACI matrix, board presentation, customisation guide, governance meeting template, implementation tools.
Step-by-step runbooks for the most critical threat scenarios. Each playbook includes detection triggers, containment procedures, communication templates, and recovery checklists.
Containment, negotiation framework, recovery sequencing, evidence preservation.
Notification workflow, regulatory response, evidence preservation, stakeholder comms.
Detection indicators, investigation process, HR coordination, legal chain.
Financial fraud response, account recovery, payment reversal procedures.
Cloud containment, identity reset, configuration audit, service restoration.
Standard tier also includes: RACI Responsibility Matrix, Board Presentation Template, Customisation & Implementation Guide, and Governance Meeting Template.
Both tiers include full NIST CSF 2.0 coverage. Standard adds operational governance tools and incident playbooks.
| Feature | Essentials | Standard โ |
|---|---|---|
| Total documents | 111 | 131 |
| Policies (18) | โ | โ |
| Standards (12) | โ | โ |
| Processes (10) | โ | โ |
| Procedures (18) | โ | โ |
| Forms & Templates (20) | โ | โ |
| AI Security Extension (8) | โ | โ |
| Cross-Cutting Tools (16) | โ | โ |
| Master Cross-Reference Workbook | โ | โ |
| RACI Responsibility Matrix | โ | โ |
| Board Presentation Template | โ | โ |
| 5 Incident Response Playbooks | โ | โ |
| Customisation & Implementation Guide | โ | โ |
| Governance Meeting Template | โ | โ |
| $197 | $497 |
Instant download ยท Editable DOCX & XLSX ยท 14-day money-back guarantee
Not blank templates โ comprehensive, implementation-ready content with full framework traceability.
Every document maps to specific subcategories. Auditors and assessors see exact coverage at a glance.
ISO 27001:2022 Annex A and CIS Controls v8 cross-referenced throughout. One framework, three compliance pathways.
Editable .docx and .xlsx with [Organisation Name] placeholders. Add your logo, adjust scope, publish.
Built on the official CIS / MS-ISAC Policy Template Guide โ the authoritative public-domain mapping of CSF subcategories.
Every document includes dedicated ownership, accountability, and review obligations.
Eight documents covering AI governance, risk, and incident response โ mapped to NIST AI RMF 1.0 and OWASP Top 10 for LLMs 2025.
A cybersecurity consultant charges $250โ$400 per hour. Writing a single policy takes 2โ4 hours. You have up to 131 documents to produce.
All documents are Microsoft Word (.docx) and Excel (.xlsx). Fully editable โ no PDFs or locked files. Organised in a clear folder structure you can unzip and start customising immediately.
Both. Each document is fully written with real, implementation-ready content โ not just headers and placeholders. They're comprehensive enough to use almost as-is, but designed for you to customise for your organisation's context.
Three things: (1) Every document is traceable to a specific NIST CSF 2.0 subcategory. (2) Every document includes ISO 27001 and CIS Controls cross-references. (3) They're all part of a coherent, interconnected system โ not scattered, disconnected files. Plus you get AI security extensions no free template covers.
Essentials (111 documents, $197) gives you complete policy, standard, process, procedure, and form coverage. Standard (131 documents, $497) adds 20 operational governance tools: RACI matrix, board presentation, five incident response playbooks, customisation guide, and governance meeting template. Essentials documents your governance. Standard helps you execute it.
NIST CSF 2.0 (49 high-priority subcategories), MS-ISAC 2024 Policy Template Guide (credibility anchor), ISO 27001:2022 (Annex A cross-references), CIS Controls v8 (safeguard mappings), NIST AI RMF 1.0, and OWASP Top 10 for LLM Applications 2025.
No. These are customisable template documents. Organisations should seek qualified professional advice for their specific circumstances and jurisdiction.
14-day money-back guarantee. If the documentation doesn't meet your expectations, we'll refund your purchase.
Framework-aligned. Cross-mapped. Implementation-ready. Choose your tier and start building your governance programme today.
Instant download ยท Editable DOCX & XLSX ยท 14-day money-back guarantee