All scripts
compliance
Expert
4–12 min
NIST CSF Network Control Auditor
Map network config checks to NIST CSF functions (ID/PR/DE/RS/RC): access control, encryption-in-transit, logging, segmentation and recovery config — scored HTML report.
Cisco
Juniper
Arista
Palo Alto
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in →
Capabilities
- NIST CSF function mapping
- Access control (PR.AC)
- Encryption-in-transit (PR.DS)
- Logging/monitoring (DE.CM)
- Segmentation checks
- Recovery config (RC.RP)
- Scored HTML report
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
Pass score (%) pass_threshold | number | 85 | — |
Check encryption-in-transit check_encryption | bool | true | — |
CSF version framework_version | string | 2.0 | — |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce — used as a stylistic and structural target.
terminal
[2026-06-12] INFO Auditing 47 devices against NIST CSF 2.0... FUNCTION CONTROL PASS/TOTAL SCORE PR.AC AAA + role-based access 44/47 93% PR.DS Encryption-in-transit (SSH/TLS)39/47 83% ← DE.CM Centralised logging 47/47 100% Overall CSF posture: 89% (PASS, threshold 85%) Report → nist_csf.html