All scripts
compliance
Expert
4–12 min

NIST CSF Network Control Auditor

Map network config checks to NIST CSF functions (ID/PR/DE/RS/RC): access control, encryption-in-transit, logging, segmentation and recovery config — scored HTML report.

Cisco
Juniper
Arista
Palo Alto
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • NIST CSF function mapping
  • Access control (PR.AC)
  • Encryption-in-transit (PR.DS)
  • Logging/monitoring (DE.CM)
  • Segmentation checks
  • Recovery config (RC.RP)
  • Scored HTML report

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Pass score (%)
pass_threshold
number85
Check encryption-in-transit
check_encryption
booltrue
CSF version
framework_version
string2.0

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Cisco, Juniper, Arista, …) so the generated compliance logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Pass score (%), Check encryption-in-transit, CSF version instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can nIST CSF function mapping and access control (PR.AC). Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
[2026-06-12] INFO  Auditing 47 devices against NIST CSF 2.0...
FUNCTION   CONTROL                       PASS/TOTAL  SCORE
PR.AC      AAA + role-based access        44/47       93%
PR.DS      Encryption-in-transit (SSH/TLS)39/47       83% ←
DE.CM      Centralised logging            47/47       100%
Overall CSF posture: 89% (PASS, threshold 85%)
Report → nist_csf.html