Terms of service

The agreement between you and Defender IT Consulting when you use this assessment tool.

Last updated: 2026-05-28

By using the NIST CSF 2.0 self-assessment tool at nist-csf.com, you agree to these terms.

What you can use the tool for

The assessment is provided for your internal informational use, to help you understand your cybersecurity posture and identify areas where Defender IT may be able to help.

You can:

  • Take the assessment as many times as you want.
  • Share your results internally with your team, your board, or other internal stakeholders.
  • Reference your results in conversations with Defender IT about a potential engagement.

You cannot:

  • Resell, sublicense, or commercialize the assessment tool itself.
  • Use the assessment results as a certified compliance attestation.
  • Reverse-engineer the scoring logic to build a competing tool.
  • Use the tool to scrape supplier data or contact information.

What we promise

We promise to:

  • Operate the assessment honestly. The scoring is based on the answers you provide, not manipulated to push you toward a particular supplier or service.
  • Protect your data per our privacy policy.
  • Be straight with you about the limits of the tool (it is a self-assessment, not a certified audit).

We do not promise:

  • That the tool will be available 100% of the time. We aim for high uptime but cannot guarantee it.
  • That your maturity score is a substitute for a formal cybersecurity audit, penetration test, or compliance review.
  • That the supplier recommendations are exhaustive or that they are the cheapest available options. The matches reflect Defender's network and judgment.

Complimentary review

If you book a complimentary 30 minute review through this tool, the review is provided at no cost and with no obligation. You are not committing to any paid engagement, contract, or future service by booking the review.

Limitation of liability

The assessment is provided as-is. To the maximum extent permitted by law, Defender IT Consulting is not liable for any direct, indirect, incidental, special, or consequential damages arising from your use of the assessment, including any business or compliance decision you make based on the results. Use professional judgment and engage certified auditors for any decision where the stakes warrant it.

Changes to these terms

We may update these terms as the tool evolves. The "last updated" date at the top will reflect any changes. Continued use of the tool after a change means you accept the new terms.

Governing law

These terms are governed by the laws of the state in which Defender IT Consulting is registered. Any dispute will be resolved in the courts of that state.

Contact

Questions about these terms:

Defender IT Consulting
alana@defenderit.consulting

Self-assessment, informational only. Not a certified audit. Defender IT Consulting is not a certified NIST auditor.
© 2026 Defender IT Consulting. All rights reserved.
AboutPrivacyTerms
alana@defenderit.consulting
Alana Haney, CMMC RP