Phase 1 · Class A · Static NIST · Govern → Recover

Your cyber posture, honestly scored.

About 30 plain questions across the six NIST CSF 2.0 Functions. No account, no scan, nothing stored. You get one 0-100 posture index, your strongest and weakest Function, an indicative financial exposure band, and the five highest-impact actions - each tied to a named control.

✓ What this is

A self-declared posture index and a prioritised action list, mapped to NIST, CIS, Cyber Essentials and ISO. A credible baseline you can act on and share.

✕ What this is not

Not an audit, not a scan, not a certification. It reflects what you tell it. For evidence-backed assurance, that's where a Hallatec review comes in.

Posture Index · Your organisation

-

-

Posture across the six Functions

Higher is more mature. Data table below for screen readers.

Function sub-scores

Indicative annual financial exposure

how we estimate this

AED -

A calm, order-of-magnitude range from your posture and size - not a prediction, and not from your accounts.

Your five highest-impact actions

Ordered by the points they recover. Each names the control so your IT partner knows exactly what to do.

Optional - fuse with an ExposureX outside-in scan

Your questionnaire is the inside-out view. ExposureX is the outside-in view. The honest headline is the weakest link of the two - because attackers use whichever is weaker.

Inside-out (H-Score)
-
Outside-in (ExposureX)
68/100
illustrative
Fused headline
-
weakest-link
How H-Score is calculated - the full rubric

Answer scale (per question): 0 None · 1 Ad-hoc · 2 Defined · 3 Managed · 4 Automated.

Function score = weighted average of its questions, scaled to 0-100. High-impact questions (MFA, patching, tested backups) carry more weight.

Overall = weighted blend of the six Functions (Protect and Recover weighted higher by breach impact).

Floor rules (hard gates): no enforced MFA, or backups never restore-tested, cap the headline at Developing until fixed - with the exact control named.

Bands: 0-24 Exposed · 25-49 Developing · 50-74 Managed · 75-89 Resilient · 90-100 Optimised.

AED band is an order-of-magnitude estimate from posture and size - indicative only.

Next step

Turn this baseline into a plan.

H-Score shows you where you stand. A Hallatec baseline review validates it with evidence and sequences the fixes into a roadmap your leadership can sign off.

Book a baseline review

Self-declared posture index; reflects your answers; point-in-time. Not an audit or a scan. AED exposure is indicative and order-of-magnitude.