This comprehensive guide provides **user-friendly prompts** for using the NIST CSF 2.0 MCP Server with large language models like **Claude**, **ChatGPT**, and **Gemini**. All prompts are conversational and require no technical knowledge or JSON formatting.
Sign in to like and favorite skills
This comprehensive guide provides user-friendly prompts for using the NIST CSF 2.0 MCP Server with large language models like Claude, ChatGPT, and Gemini. All prompts are conversational and require no technical knowledge or JSON formatting.
Perfect for: Initial cybersecurity posture evaluation, executive briefings, rapid organizational insights
Simple Conversation Starter:
I want to run a quick cybersecurity assessment for my organization using the NIST Cybersecurity Framework. Please guide me through 6 key questions covering: - Governance and risk management - Asset identification and risk assessment - Protection controls and training - Detection and monitoring capabilities - Incident response procedures - Recovery and business continuity After I answer each question, create visual dashboards showing: - Maturity scores across all 6 functions - Priority recommendations for improvement - Risk heat maps with color-coded areas - Executive summary charts for leadership My organization profile is: [your-profile-id] or help me create one first.
Follow-up Prompts During Assessment:
Question 1 Response: "We have basic cybersecurity policies documented, but they're not regularly updated and some staff aren't fully trained on them. I'd say we're partially implemented." Please record this governance response and show me the next question with updated progress dashboard.
Perfect for: Enterprise assessments, compliance audits, detailed implementation planning
Conversational Setup:
I need to conduct a complete comprehensive NIST CSF 2.0 assessment, using the nist-csf mcp server, for my organization with complete visual reporting. Here are my organization details: Company Name: TechCorp Solutions Industry Sector: Technology Services Organization Size: Medium (150 employees) Primary Contact: Sarah Johnson Email: [email protected] Assessment Timeline: 8 weeks Special Requirements: Need visual dashboards for board presentation Please start the comprehensive assessment workflow and guide me through: 1. Organization profile setup with authentic data collection 2. All 740 detailed assessment questions across the framework 3. Interactive progress tracking with visual completion dashboards 4. Real-time preliminary scoring as we complete sections 5. Final comprehensive analysis with executive visualizations Start by setting up my organization profile and explaining what information you'll need from me.
Progress Tracking Prompts:
I've completed the Governance (GV) section questions. Here's a summary of my responses: - We have formal cybersecurity policies: Yes - Risk assessments happen regularly: Partially - Leadership provides adequate resources: No - We have clear roles and responsibilities: Partially Please update my progress dashboard, show preliminary scoring for the Governance function, and guide me to the next section (Identify).
Analysis Generation Prompts:
I've completed all 740 assessment questions! Please generate my comprehensive analysis package with visual dashboards: š EXECUTIVE DASHBOARD PACKAGE: - Interactive maturity radar chart showing scores across all 6 NIST functions - Risk heat map with color-coded priority areas for immediate attention - Gap analysis visualization comparing current vs. target maturity states - Implementation roadmap with phased timeline and milestone tracking - Cost estimation dashboard with ROI projections - Compliance status overview for our industry regulations š DETAILED ANALYSIS REPORTS: - Function-by-function breakdown with specific recommendations - Priority matrix showing high-impact, low-effort improvements - Resource allocation recommendations with budget estimates - Timeline visualization for 12-month implementation plan - Progress tracking dashboard template for ongoing monitoring Make all visualizations executive-ready for board presentations and include actionable next steps for our IT team.
Executive Dashboard (Board Presentation Ready):
Generate an executive dashboard for our cybersecurity assessment with: - High-level maturity radar chart showing our organization's scores across all 6 NIST CSF functions - Color-coded risk heat map highlighting areas needing immediate attention (red), near-term focus (yellow), and well-managed areas (green) - Compliance status overview showing our readiness for industry regulations - ROI projections for recommended security investments - One-page executive summary with key metrics and business impact Make this suitable for C-level executives and board presentations with clear, non-technical language.
Operational Dashboard (IT Management):
Create an operational cybersecurity dashboard for our IT team showing: - Detailed function-by-function breakdowns with specific subcategory scores - Implementation progress tracking with completion percentages - Priority action items with assigned owners and due dates - Resource allocation recommendations with estimated costs and timelines - Technical control status and configuration compliance - Alert system for critical security gaps requiring immediate action Focus on actionable insights for day-to-day security operations management.
Technical Dashboard (Security Team):
Build a technical cybersecurity dashboard with: - Granular subcategory analysis across all 185 NIST CSF controls - Gap analysis comparing current vs. target implementation states - Technical control effectiveness measurements and recommendations - Security tool integration status and coverage maps - Vulnerability correlation with framework subcategories - Detailed implementation guidance for each identified gap Optimize for security professionals who need detailed technical insights and remediation steps.
Custom Progress Tracking Dashboard:
Design a custom dashboard for tracking our cybersecurity improvement program: - Monthly progress charts showing maturity score improvements over time - Milestone tracking for our 12-month security roadmap implementation - Budget vs. actual spending analysis for security investments - Team performance metrics and training completion status - Vendor and third-party risk assessment integration - Quarterly business impact measurements and success stories Include customizable widgets that we can modify based on changing business priorities.
Maturity Radar Chart:
Create an interactive radar chart visualization showing: - All 6 NIST CSF functions (Govern, Identify, Protect, Detect, Respond, Recover) as axes - Current maturity scores (0-4 scale) plotted as colored areas - Target maturity goals shown as overlay outlines - Industry benchmark comparisons for our sector and company size - Clickable areas that drill down to specific recommendations - Color coding: Red (Critical gaps), Yellow (Improvement needed), Green (Well implemented)
Risk Heat Map Matrix:
Generate a risk heat map showing: - X-axis: Implementation difficulty (Low, Medium, High) - Y-axis: Business impact (Low, Medium, High, Critical) - Each NIST subcategory plotted as color-coded bubbles - Bubble size represents estimated cost of implementation - Quick wins highlighted in green (High impact, Low difficulty) - Priority items marked in red (High impact, any difficulty level) - Interactive tooltips with specific recommendations and timelines
Implementation Timeline:
Build a visual project timeline showing: - 12-month roadmap with quarterly milestones - Phase 1 (Months 1-3): Critical security foundations - Phase 2 (Months 4-6): Core protection and detection capabilities - Phase 3 (Months 7-9): Advanced response and recovery systems - Phase 4 (Months 10-12): Optimization and continuous improvement - Resource allocation bars showing team effort and budget requirements - Dependency arrows showing prerequisite relationships between initiatives - Progress indicators that update as milestones are completed
"I'm not sure how to answer this question about our incident response capabilities. Can you give me some examples of what 'partially implemented' would look like versus 'fully implemented'?" "We're a small company - are there specific recommendations for organizations our size when it comes to this security control?" "This section is asking about technical controls I'm not familiar with. Can you explain what this means in business terms and help me evaluate our current state?"
"The dashboard shows our Detect function scored very low. What are the top 3 most cost-effective improvements we could make in the next 6 months?" "Can you create a one-page executive summary of our results that I can present to our board next week?" "Our compliance team needs to map these results to SOX requirements. Can you show how our NIST CSF assessment aligns with financial compliance?"
"We implemented the Phase 1 recommendations from our roadmap. How do I update our assessment to reflect these improvements and recalculate our maturity scores?" "It's been 6 months since our initial assessment. What's the best way to conduct a follow-up evaluation to measure our progress?" "Can you create a quarterly dashboard template that our IT team can use to track ongoing cybersecurity metrics?"
Run a quick NIST CSF assessment for my organization. Guide me through 6 questions and create visual dashboards showing maturity scores and recommendations.
Begin a full NIST CSF 2.0 assessment for [Company Name], a [size] [industry] company. Contact: [Name] ([email]). Timeline: [weeks]. Guide me through all 740 questions with visual progress tracking.
Create executive-level visual dashboards from our assessment results with maturity charts, risk heat maps, and board-ready summaries.
Generate a visual implementation roadmap with phases, timelines, costs, and priority recommendations based on our assessment results.
Update our assessment progress and show visual dashboards comparing before/after improvements we've implemented.
Copy-paste this template and customize with your organization details:
Hi! I need help with a NIST Cybersecurity Framework assessment for my organization. Here are our details: š¢ ORGANIZATION INFO: - Company Name: [Your Company Name] - Industry: [Your Industry] - Size: [Small/Medium/Large/Enterprise - number of employees] - Primary Contact: [Your Name] - Email: [Your Email] - Assessment Goal: [Quick overview / Full compliance / Board presentation / etc.] š WHAT I NEED: - [ ] Interactive assessment questions (not technical JSON) - [ ] Visual dashboards and charts for presentations - [ ] Priority recommendations for improvements - [ ] Implementation timeline and cost estimates - [ ] Executive summary for leadership Please guide me through the assessment process step-by-step and create visual dashboards throughout. I prefer conversational guidance over technical interfaces. Ready to start!
Replace the bracketed sections with your actual information and you're ready to begin your NIST CSF assessment with full visual dashboard support!
I need to start an official NIST CSF 2.0 assessment for my organization that prevents synthetic data and ensures authentic responses. Please help me: 1. Use start_assessment_workflow to begin a comprehensive assessment for: - Organization: "Healthcare Solutions Inc" - Sector: "Healthcare" - Size: "large" - Contact: "Sarah Johnson" ([email protected]) - Timeline: 12 weeks for full framework assessment 2. Once started, use check_assessment_workflow_status to monitor progress 3. Guide me through the authentic data collection process 4. Help me understand what real organizational information is needed at each step This should create a proper audit trail and prevent any fake assessment data.
I'm a consultant managing multiple client assessments. Help me: 1. Start separate assessment workflows for three different organizations: - Small retail company (4-week timeline, specific focus on PR and DE functions) - Medium manufacturing company (8-week timeline, full framework) - Large financial services firm (16-week timeline, full framework with compliance focus) 2. Show me how to check status on all workflows and track progress 3. Demonstrate how the workflow prevents data contamination between clients 4. Guide me through proper handoff procedures for client-specific assessments
csf_lookupI need to understand the NIST CSF 2.0 subcategory "GV.OC-01" in detail. Please: - Look up this subcategory with all available examples and references - Explain how it relates to organizational cybersecurity governance - Provide practical implementation examples for a healthcare organization
search_frameworkHelp me find all NIST CSF 2.0 elements related to "incident response" across all functions. I want to: - Search for all subcategories containing incident response concepts - Focus on functions DE (Detect), RS (Respond), and RC (Recover) - Get comprehensive results with implementation guidance
get_related_subcategoriesI'm working on implementing access control measures. Please: - Find all subcategories related to "PR.AC-01" (Identity and access management) - Show me the dependencies and relationships between these controls - Identify supporting subcategories that should be implemented together
create_profileCreate a comprehensive organization profile for our company with these details: - Organization: "Global Finance Corp" - Industry: Financial services - Size: Large (5,000+ employees) - Assessment type: Current state baseline Include sector-specific risk considerations and compliance requirements.
clone_profileI have an existing organization profile (PROF-123). Please: 1. Clone it to create a target state profile representing our desired security posture in 18 months 2. Adjust the maturity levels to reflect industry best practices 3. Include aspirational goals for regulatory compliance
compare_profilesCompare our current state profile (PROF-123) with our target state profile (PROF-456): - Highlight the most significant differences between profiles - Identify areas where we've exceeded expectations - Show gaps that require immediate attention - Provide visual comparison data for executive presentation
reset_organizational_dataā ļø DESTRUCTIVE OPERATION - Use with extreme caution! I need to completely reset all organizational assessment data while preserving the NIST CSF framework: { "confirmation": "CONFIRM_RESET_ALL_ORGANIZATIONAL_DATA" } This will permanently delete: - All organization profiles and associated metadata - All assessment results and maturity scores - All gap analyses, priority matrices, and implementation plans - All reports, evidence, and audit trail records - All custom configurations and organizational settings This will preserve: - NIST CSF 2.0 framework structure (functions, categories, subcategories) - Question bank and assessment templates - Implementation examples and guidance materials - System configuration and baseline information Use only when: - Migrating to a new organizational structure - Cleaning test/demo data before production deployment - Starting fresh after major organizational changes - Decommissioning old assessment data ā ļø This action cannot be undone. Ensure you have backups if needed.
start_assessment_workflowStart a comprehensive NIST CSF 2.0 assessment with proper audit trail for my technology startup: { "org_name": "InnovateNow Technologies", "sector": "Technology", "size": "small", "contact_name": "Maria Rodriguez", "contact_email": "[email protected]", "description": "Cloud-based software development company with 45 employees", "assessment_scope": "full", "timeline_weeks": 6 } Expected outcome: Creates workflow ID, sets up authentic data collection, provides next steps for real assessment data gathering.
check_assessment_workflow_statusMonitor the progress of my assessment workflow: { "workflow_id": "workflow_67890abc" } Show me: - Current completion percentage and questions answered - What specific information I need to provide next - Timeline status and expected completion date - Quality validation status and any data authenticity issues
Start a targeted assessment focusing only on Identify and Protect functions for a healthcare organization: { "org_name": "Regional Medical Center", "sector": "Healthcare", "size": "large", "contact_name": "Dr. James Wilson", "contact_email": "[email protected]", "assessment_scope": "specific_functions", "target_functions": ["ID", "PR"], "timeline_weeks": 4 } Then monitor with check_assessment_workflow_status and guide through function-specific data collection.
quick_assessmentPerform a quick assessment for profile PROF-123 with these simplified responses: - Govern: We have basic policies but limited governance structure (partial) - Identify: Asset inventory is incomplete, risk assessments are ad-hoc (partial) - Protect: Some access controls and training in place (partial) - Detect: Basic monitoring but limited threat detection (no) - Respond: Informal incident response process (partial) - Recover: No formal disaster recovery plan (no) Analyze the results and provide immediate recommendations for improvement.
assess_maturityConduct a comprehensive maturity assessment for profile PROF-456. I want to: - Evaluate maturity across all 6 NIST CSF functions - Use our detailed assessment responses from the question bank - Calculate maturity scores with confidence intervals - Identify areas of strength and weakness - Provide benchmarking against industry standards
calculate_risk_scoreCalculate the overall cybersecurity risk score for our organization using profile PROF-123: - Assess risk across all framework subcategories - Weight risks based on business impact and threat likelihood - Include industry-specific risk factors for financial services - Provide both quantitative scores and qualitative risk descriptions
calculate_maturity_trendI want to track our cybersecurity maturity progress over time. Please: - Calculate maturity trends across the last 12 months using multiple assessment points - Identify which functions are improving and which are stagnating - Show velocity of improvement and projected timeline to target maturity - Highlight any concerning downward trends that need attention
generate_priority_matrixCreate a comprehensive priority matrix for our cybersecurity improvements: - Rank all gap areas by business impact and implementation difficulty - Consider budget constraints of $500K for the next fiscal year - Factor in regulatory compliance requirements (SOX, PCI DSS) - Provide clear implementation sequencing recommendations
estimate_implementation_costI need detailed cost estimates for implementing priority cybersecurity improvements: - Focus on the top 10 gaps identified in our assessment - Include both technology costs and human resources - Break down costs by implementation phases over 18 months - Consider ROI and cost savings from improved security posture
Suggest Next Actions (
suggest_next_actionsBased on our current assessment results, what should be our immediate next actions? Please: - Identify the top 5 most critical actions for the next 30 days - Suggest medium-term initiatives for the next quarter - Recommend long-term strategic improvements for the next year - Prioritize based on risk reduction and quick wins
Track Progress (
track_progressHelp me track our cybersecurity improvement progress for profile PROF-123: - Compare current scores against our baseline from 6 months ago - Identify completed initiatives and their impact on maturity scores - Track progress toward our target state objectives - Generate progress metrics for monthly leadership reporting
Generate Gap Analysis (
generate_gap_analysisPerform a comprehensive gap analysis between our current and target security posture: - Compare current maturity levels against industry best practices - Identify critical gaps that pose the highest risk - Analyze resource requirements to close priority gaps - Provide actionable recommendations with implementation timelines
Create Implementation Plan (
create_implementation_planCreate a detailed cybersecurity implementation plan based on our assessment results: - Develop a 24-month phased approach to address all critical gaps - Include resource allocation, budget requirements, and success metrics - Consider dependencies between different security initiatives - Align with business objectives and compliance requirements
Get Industry Benchmarks (
get_industry_benchmarksI need to understand how our cybersecurity maturity compares to industry peers: - Provide benchmarking data for technology companies with 1,000-5,000 employees - Show percentile rankings for each NIST CSF function - Identify areas where we're leading or lagging behind industry averages - Include regional and sector-specific benchmarking insights
Generate Test Scenarios (
generate_test_scenariosGenerate comprehensive test scenarios to validate our cybersecurity controls: - Create test scenarios for each NIST CSF function we've implemented - Include both technical tests and tabletop exercises - Design scenarios that test integration between different controls - Provide success criteria and evaluation metrics for each test
Get Assessment Questions (
get_assessment_questionsI need comprehensive assessment questions for a detailed cybersecurity evaluation: - Provide questions for all subcategories under the PROTECT function - Include questions across all maturity dimensions (risk, implementation, effectiveness) - Tailor questions for a healthcare organization with specific compliance needs - Include guidance on evidence collection for each question
Get Question Context (
get_question_contextHelp me understand the context and intent behind assessment question Q-GV-001: - Explain why this question is important for cybersecurity governance - Show how responses impact overall maturity scoring - Provide examples of good and poor responses - Suggest evidence that would support a high-quality answer
Validate Assessment Responses (
validate_assessment_responsesPlease validate our assessment responses for consistency and completeness: - Review responses for the IDENTIFY function across all subcategories - Flag any inconsistent or contradictory responses - Identify areas where additional evidence is needed - Ensure responses align with our stated maturity goals
Import Assessment (
import_assessmentI have assessment data from our previous security audit that I'd like to import: - Import assessment results from our external security assessment - Map findings to appropriate NIST CSF subcategories - Integrate external assessment scores with our internal evaluation - Reconcile any differences between internal and external assessments
Upload Evidence (
upload_evidenceI need to upload supporting evidence for our cybersecurity assessment: - Upload policy documents supporting our governance maturity claims - Add incident response plan documentation for RS subcategories - Include security training records and awareness materials - Organize evidence by subcategory for easy audit trail review
Validate Evidence (
validate_evidencePlease validate the evidence we've uploaded for our assessment: - Check that evidence adequately supports our maturity claims - Identify gaps where additional evidence is needed - Verify evidence currency and relevance to current operations - Ensure evidence meets audit and compliance requirements
Track Audit Trail (
track_audit_trailGenerate a comprehensive audit trail for our cybersecurity assessment process: - Document all assessment activities, changes, and decisions - Track who performed assessments and when they were completed - Include evidence of review and approval processes - Create audit-ready documentation for compliance purposes
Get Implementation Guidance (
get_implementation_guidanceI need detailed implementation guidance for improving our cybersecurity posture: - Provide specific guidance for implementing PR.AC controls (access management) - Include step-by-step implementation procedures - Suggest tools, technologies, and best practices - Address common implementation challenges and how to overcome them
Generate Report (
generate_reportGenerate a comprehensive cybersecurity assessment report for our organization: - Include executive summary with key findings and recommendations - Provide detailed analysis of each NIST CSF function - Include gap analysis, risk scoring, and improvement recommendations - Format for presentation to the board of directors
Generate Executive Report (
generate_executive_reportCreate an executive-level cybersecurity report for our CEO and board: - Focus on business impact and strategic cybersecurity positioning - Include high-level metrics and key performance indicators - Highlight major risks and recommended investments - Present cybersecurity as a business enabler, not just a cost center
Generate Compliance Report (
generate_compliance_reportGenerate a comprehensive compliance report showing our adherence to regulatory requirements: - Map our NIST CSF implementation to SOC 2, ISO 27001, and GDPR requirements - Identify compliance gaps and remediation requirements - Include evidence citations and audit trail references - Format for submission to regulators and auditors
Generate Audit Report (
generate_audit_reportCreate a detailed audit report of our cybersecurity program: - Document all assessment findings and supporting evidence - Include detailed gap analysis and risk assessments - Provide comprehensive recommendations with implementation timelines - Ensure report meets internal audit and external audit requirements
Generate Dashboard (
generate_dashboardCreate a cybersecurity dashboard for ongoing monitoring and reporting: - Include key metrics and KPIs for each NIST CSF function - Show trend analysis and progress toward target maturity - Highlight areas requiring immediate attention - Design for monthly executive reporting and operational monitoring
Create Custom Report (
create_custom_reportI need a custom report tailored for our specific stakeholder needs: - Create a technical report for our IT security team focusing on implementation details - Include specific recommendations for tools and technologies - Highlight technical gaps and remediation procedures - Format for technical audience with detailed technical specifications
Generate Milestone (
generate_milestoneGenerate project milestones for our cybersecurity improvement initiative: - Create milestones based on our 18-month implementation plan - Include success criteria and key deliverables for each milestone - Align milestones with budget cycles and business planning - Provide progress tracking mechanisms and reporting schedules
Export Data (
export_dataExport our cybersecurity assessment data for integration with other systems: - Export assessment results in CSV format for analysis in Excel - Include all assessment data, scores, and evidence references - Format data for import into our GRC platform - Ensure exported data maintains referential integrity
Get Implementation Template (
get_implementation_templateProvide implementation templates for cybersecurity control deployment: - Generate templates for implementing access control procedures - Include policy templates, procedure documentation, and checklists - Provide customizable templates that can be adapted to our environment - Include examples and best practices from similar organizations
Generate Policy Template (
generate_policy_templateGenerate comprehensive cybersecurity policy templates based on our assessment: - Create policy templates addressing our identified gaps - Include policies for data governance, incident response, and access management - Ensure policies align with NIST CSF requirements and industry best practices - Provide guidance on policy implementation and maintenance
I'm conducting a NIST CSF 2.0 assessment for a 500-bed hospital system. Please help me: 1. Create an organization profile tailored for healthcare with HIPAA considerations 2. Assess our current maturity with focus on patient data protection 3. Generate a compliance report mapping NIST CSF to HIPAA requirements 4. Develop an implementation plan that addresses both cybersecurity and patient safety 5. Create test scenarios specific to healthcare environments and medical device security
Our regional bank needs a comprehensive cybersecurity assessment. Please: 1. Establish a baseline assessment considering regulatory requirements (SOX, GLBA, FFIEC) 2. Calculate risk scores with emphasis on financial crime and fraud prevention 3. Generate a compliance report showing alignment with banking regulations 4. Create an implementation plan that addresses both cybersecurity and operational risk 5. Provide industry benchmarking against other regional banks
I'm assessing cybersecurity for our smart manufacturing facility. Help me: 1. Create a profile that addresses both IT and OT (operational technology) environments 2. Assess maturity across both corporate networks and industrial control systems 3. Generate test scenarios for both cyber and physical security controls 4. Develop implementation guidance for securing IoT devices and manufacturing systems 5. Create reporting that addresses both cybersecurity and operational continuity
It's time for our monthly cybersecurity posture review. Please: 1. Update our progress tracking against established milestones 2. Review any new assessment responses or evidence uploaded 3. Calculate updated maturity and risk scores 4. Generate a monthly dashboard for executive review 5. Suggest next actions based on current progress and emerging threats
We're conducting our annual strategic cybersecurity assessment. Please help me: 1. Compare this year's maturity scores against last year's baseline 2. Update our target state profile based on new business objectives and threat landscape 3. Generate a comprehensive gap analysis identifying new priorities 4. Create a new implementation plan for the upcoming fiscal year 5. Generate an executive report showing ROI from cybersecurity investments
We recently experienced a cybersecurity incident. Please help me: 1. Update our assessment to reflect lessons learned from the incident 2. Recalculate risk scores considering the realized threat 3. Generate updated implementation priorities based on incident findings 4. Create test scenarios to validate our response capabilities 5. Update our audit trail to document incident-driven improvements
This prompt guide covers all 36 tools available in the NIST CSF 2.0 MCP Server. For additional examples and advanced usage patterns, refer to the technical documentation and implementation guides.