SMB cybersecurity governance scorecard — CIS Controls v8 assessment, risk findings, maturity scoring, and remediation roadmap for small businesses
Project description
cyberscorecard
SMB cybersecurity governance scorecard — CIS Controls v8 assessment, risk findings, maturity scoring, and actionable remediation roadmap for small businesses.
4 in 5 SMBs have been breached. Average breach cost: $3.31M. There are only 35,000 CISOs for 359M businesses globally. cyberscorecard gives every Python developer the tools to build CISO-grade governance into any platform.
Installation
pip install cyberscorecard
Quick Start
from cyberscorecard import SecurityAssessor, ControlStatus
assessor = SecurityAssessor() # Pre-loaded with CIS Controls v8 IG1
# Self-assessment: provide status for each control
responses = {
"CIS-5.2": ControlStatus.IMPLEMENTED, # Unique passwords
"CIS-6.3": ControlStatus.PARTIAL, # MFA — partially deployed
"CIS-8.2": ControlStatus.IMPLEMENTED, # Automated backups
"CIS-3.3": ControlStatus.NOT_IMPLEMENTED, # Data access control
"CIS-5.4": ControlStatus.NOT_IMPLEMENTED, # Admin privilege separation
}
scorecard = assessor.assess(
org_id="ACME-001",
org_name="Acme Corp",
control_responses=responses,
)
print(f"Overall score: {scorecard.overall_score}/100")
print(f"Maturity: {scorecard.maturity.value}")
print(f"Critical findings: {len(scorecard.critical_findings())}")
print(scorecard.summary())
Maturity Levels
| Level | Score | Description |
|---|---|---|
| Initial | 0–20 | Ad hoc, reactive — no formal processes |
| Developing | 20–40 | Some controls in place, inconsistently applied |
| Defined | 40–65 | Documented and repeatable processes |
| Managed | 65–85 | Measured and controlled |
| Optimized | 85–100 | Continuous improvement culture |
Security Domains
10 domains are assessed and scored individually:
access_control, data_protection, network_security, endpoint_security, incident_response, vulnerability_management, backup_recovery, security_awareness, third_party_risk, compliance
CIS Controls v8 IG1 Baseline
Pre-loaded controls include:
- CIS-1.1: Enterprise Asset Inventory
- CIS-3.3: Data Access Control Lists
- CIS-5.2: Unique Passwords
- CIS-5.4: Admin Privilege Separation
- CIS-6.3: MFA for External Applications
- CIS-7.1: Vulnerability Management Process
- CIS-8.2: Automated Backups
- CIS-9.4: Network Service Restriction
- CIS-14.1: Security Awareness Program
- CIS-17.1: Incident Response Owner
Each control includes severity, remediation steps, and framework tags.
Advanced Features
Pipeline
from cyberscorecard import AssessmentPipeline
pipeline = (
AssessmentPipeline()
.filter(lambda f: f.severity.value in ["critical", "high"], name="critical_high_only")
.map(lambda findings: sorted(findings, key=lambda f: f.severity.value), name="sort_by_severity")
.with_retry(count=2)
)
prioritized = pipeline.run(scorecard.findings)
print(pipeline.audit_log())
Caching
from cyberscorecard import ScorecardCache
cache = ScorecardCache(max_size=100, ttl_seconds=86400)
@cache.memoize
def run_assessment(org_id):
return assessor.assess(org_id, org_name, responses)
cache.save("scorecard_cache.pkl")
print(cache.stats())
Score Trend & Regression Tracking
from cyberscorecard import ScoreTrend, RegressionTracker
trend = ScoreTrend(window=6)
tracker = RegressionTracker()
for quarterly_scorecard in history:
trend.record(quarterly_scorecard.overall_score)
tracker.record(quarterly_scorecard)
print(trend.trend()) # "improving"
print(trend.volatility()) # 3.2
print(tracker.latest_regression()) # None if no regression
Export Reports
from cyberscorecard import ScorecardExporter
print(ScorecardExporter.to_json(scorecard))
print(ScorecardExporter.to_csv(scorecard))
print(ScorecardExporter.to_markdown(scorecard))
Diff Between Assessments
from cyberscorecard import diff_scorecards
diff = diff_scorecards(last_quarter, this_quarter)
print(diff.summary()) # {'added': 0, 'removed': 2, 'modified': 3, 'score_change': 12.5}
print(diff.to_json())
Batch Assessment (Multi-Tenant)
from cyberscorecard import batch_assess, abatch_assess
# Sync — assess multiple orgs
scorecards = batch_assess(
org_ids=["ORG-1", "ORG-2", "ORG-3"],
assess_fn=lambda org_id: assessor.assess(org_id, org_names[org_id], responses_map[org_id]),
max_workers=4,
)
# Async
scorecards = await abatch_assess(org_ids, assess_fn, max_concurrency=8)
Validation
from cyberscorecard import ControlValidator, ControlRule
validator = ControlValidator()
validator.add_rule(ControlRule("evidence_required", True, "All implemented controls need evidence"))
validator.add_rule(ControlRule("required_framework", "CIS Controls v8"))
errors = validator.validate_batch(scorecard.controls)
Streaming
from cyberscorecard import stream_findings, findings_to_ndjson
for finding in stream_findings(scorecard.findings):
send_to_dashboard(finding)
for line in findings_to_ndjson(scorecard.findings):
output.write(line)
Audit Log
from cyberscorecard import AuditLog
log = AuditLog()
log.record("assessed", "ACME-001", detail="score=72.4")
log.record("finding_resolved", "ACME-001", detail="CIS-3.3")
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cyberscorecard-1.0.0.tar.gz.
File metadata
- Download URL: cyberscorecard-1.0.0.tar.gz
- Upload date:
- Size: 16.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
76ad598630d5567ac65147b54778cd6dff5bacd3904e874982553b107a4aed80
|
|
| MD5 |
74db21b6da1309288fb980fee5ee3303
|
|
| BLAKE2b-256 |
f35e81b27e4bf943414a6e993f0e9142003cbd17354c595e11603556ddbd0dfb
|
File details
Details for the file cyberscorecard-1.0.0-py3-none-any.whl.
File metadata
- Download URL: cyberscorecard-1.0.0-py3-none-any.whl
- Upload date:
- Size: 14.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
86df20fe2a037c222090923b3249bec1037630ec7f50b969679b0686671bddef
|
|
| MD5 |
b1c4f2ca8422a0a3b34793a5621f6f31
|
|
| BLAKE2b-256 |
7b72a169d7dcefec63ba61129888bdf90587338ec04061d58743641624dec7fb
|
