These pages are based on the self-assessment tool for the CyberFundamentals Framework version 2025 (cyfun.eu) and DOES NOT replace the official Excel self-assessment tool. It just provides an alternative way of assessing your maturity and readiness.
The CyberFundamentals Framework is developed by the Centre for Cybersecurity Belgium (CCB). The framework includes a set of concrete measures to protect data, significantly reduce the risk of the most common cyber-attacks, and increase the cyber resilience of organisations.
The CyberFundamentals Conformity self-declaration is based on a self-assessment using the original tool. The self-declaration can be verified by an independent third-party Conformity Assessment Body (CAB) and will then result in a label, a verified claim or a certificate in accordance with the Conformity Assessment Scheme.
Directions (as per original XLS)
Assurance levels
The CyberFundamentals self-assessment is available for the three assurance levels: Basic, Important and Essential.
By selecting the appropriate assurance level you can evaluate yourself against the appropriate set of controls for that assurance level.
Structure of the tool
The self-assessment tool is organised around the six CyberFundamentals functions:
Assessment method
Each control is evaluated based on:
📄 Documentation maturity — how well the control is documented.
⚙️ Implementation maturity — how well that documentation is put into practice.
Each control's maturity is determined using the definitions in the Maturity Levels, and the organisation must give each dimension of every control a score from 1 to 5 based on those definitions.
Calculation of results
For each subcategory and category, the tool automatically calculates the maturity score based on the input provided.
Summary overview
The Summary page shows the maturity score and indicates whether the organisation meets the thresholds set in the CyFun® Conformity Assessment Scheme.
Additional features
The self-assessment tool provides additional filtering options, including a filter that shows only the controls relevant to the selected assurance level.
Excluded measures
For the Essential assurance level, five measures may be excluded.
For each excluded measure, the option "N/A" may be selected. If "N/A" is used more than five times, the affected cells are highlighted in red. Each "N/A" selection results in a score of 3 being applied in the calculation.
Controls linked to management aspects
At the Important and Essential assurance levels, controls linked to management aspects are identified with a ⚙ MA badge and can be filtered in the GUI.
These controls must be reviewed during every certification audit — whether an initial audit, surveillance audit, or recertification audit — when auditing the CyFun® "Essential" assurance level.