Quick Start
This tool helps you build, track, and report on a cybersecurity risk treatment plan. Add treatment items, assign owners and deadlines, track checklist progress, and generate reports.
Recommended Workflow
1. Complete a CSF assessment using the
NIST CSF 2.0 Assessment Tool and save the results.
2. Click
Import CSF Assessment above to load that saved file. Treatment items are auto-generated from your gaps.
3. Review, assign owners, set deadlines, and add detail to each item.
4. Track progress by checking off completed steps.
5. Click
Summary Report to review your progress.
Button Guide
| Open Plan | Load a previously saved treatment plan from your computer. Opens a file picker. Select the .json file you saved earlier. |
| Save Plan | Downloads your current plan as a .json file to your Downloads folder. Each save creates a new file — your browser may append a number if a file with the same name already exists. Save often. |
| Import CSF Assessment | Loads a completed NIST CSF 2.0 Assessment file and auto-generates treatment items from every gap (subcategories scored at Tier 1 or Tier 2). You must run the CSF Assessment Tool and save results first. |
| Export to Excel | Downloads your plan as a .csv file, which opens directly in Microsoft Excel, Google Sheets, or any spreadsheet tool. Useful for sharing with stakeholders who need a spreadsheet format. |
| Summary Report | Opens a read-only summary of your plan with status breakdowns, risk distribution, and a per-item table. For formatted PDF reports and executive dashboards, see our Premium Toolkits. |
Important: Your data stays on your computer. Nothing is sent to any server. Save your plan file regularly — if you close the browser without saving, your work is lost.