⚠️ JavaScript Required

Hey, you NEED JavaScript for this application to work properly.

RiskTape is a modern web application that requires JavaScript to deliver secure, real-time compliance management features. Please enable JavaScript in your browser settings and reload the page.

‹ Back to Diagnose

Compliance / detail

ACME Corp

NIST CSF 2.0Primary · hub

The Rosetta Stone — every other standard maps through it.

Maturity score

81 B

Controls implemented

96/ 106

Open gaps

6

Last assessed

2 days ago

Functions

6

Govern GV

84

28/32

On track

Identify ID

90

20/21

On track

Protect PR

72

24/28

Watch

Detect DE

92

11/12

On track

Respond RS

79

8/11

Watch

Recover RC

74

5/8

Watch

Control status

106controls

Implemented 96

In progress 7

Not started 3

Recent activity

GV.OC-01

Organizational mission documented

Evidence attached

2d

PR.AA-03

Privileged-access MFA gap flagged

Linked to finding f-mfa

2d

DE.CM-09

Computing hardware monitored

Marked implemented

3d

RC.RP-04

Recovery comms plan

Remediation due Jul 1

6d

Open gaps affecting this framework

MFA not enforced for privileged cloud access

A single phished admin = card-data + PHI access. This is the control PCI and FedRAMP assessors test first.

Open →critical

Unencrypted patient data in a legacy datastore

A breach here is an automatic HIPAA + GDPR reportable event — penalties scale with revenue and record count.

Open →critical

Public S3 bucket exposes PII

A billing export bucket is world-readable and holds customer PII — a GDPR-reportable exposure.

Open →critical

Unpatched critical CVE-2026-3148

A CISA-KEV critical on a Kubernetes node, past the PCI 30-day patch window.

EDR missing on 12 endpoints

Twelve unmanaged endpoints with no detection coverage — blind spots for detect + monitoring.

Open →moderate

TLS 1.0 enabled on edge firewall

Deprecated TLS negotiated for a legacy partner link; compensating control in place.