Both v2.0 workbooks ship with 45 visible tabs, 701 sub-requirements, and every required artifact mandated by PCI and NIST. Take the guided tour below — six panels per product, ~3 minutes each. The live SAQ Selector and interactive tab navigator are the same widgets that ship inside the workbooks. Each product tour now also includes a free interactive tool you can run right here — finish it and get a free sample workbook by email.
Each tour has six guided panels: a workbook view on the left, a "what you're seeing" callout on the right. Click any card to start.
All 10 official SAQ types, 595 sub-requirements, and every artifact a QSA expects — TRA, CCW, CAW, Scope, Diagrams. Dynamic Roadmap auto-prioritized from your status entries.
All 106 CSF subcategories with NIST's official Implementation Examples and Informative References cross-walked to ISO 27001, NIST 800-53, and CIS Controls. Radar Executive Summary.
Everything in both v2.0 packs, plus NIST 800-53 Rev. 5 (Q3 2026), CRI Profile 2.0, CCM v4, and COBIT 2019 as they release — at no extra cost.
Every SAQ type, every required artifact, every workpaper your auditor expects to see. Drop in your status, let the Roadmap rank what to fix first.
Use the tabs below or the prev/next arrows. Panel 02 previews the SAQ Selector that ships inside the workbook — and you can try the full interactive version free, no download required, then get a sample workbook emailed to you.
Try the free interactive PCI SAQ Selector — answer your own questions and get your SAQ type instantly, no download required. Finish it and you can have a free sample workbook emailed to you.
The PCI — SAQ Selector mirrors the workbook’s 8-question logic and resolves all 10 SAQ types with proper precedence. It shows your result first, then offers the email capture — nothing to install, no signup to use it.
Add your details (name + email required, company + role optional) and we’ll email a free sample of the PCI SAQ Prep Workbook — a generous teaser faithful to the real workbook (same columns, real example rows), trimmed and watermarked: a “Free Sample” cover, 3–6 example rows per key tab, “··· N more rows in the full version ···” notes, a “Get Full Version” tab, and a SAMPLE footer on every sheet.
Click any tab name below to see what's inside it. The two hidden tabs (Master List and Branding) are admin-only — unhide them to white-label or audit formulas.
The PCI Council mandates these artifacts by name. Most free templates handle two or three; this one handles all of them.
Eight guided yes/no questions; a nested formula computes your SAQ type from all ten possibilities with proper precedence rules. No more puzzling over which form fits.
A, A-EP, B, B-IP, C, C-VT, P2PE, SPoC, D-Merchant, D-Service Provider — every official PCI v4.0.1 type, 595 sub-requirements total, with assessor testing procedures pre-loaded.
Targeted Risk Analysis (§12.3.1), Compensating Control Worksheet (App. C), Customized Approach Worksheet (App. E), Scope Definition, Network & CHDFD diagrams — the artifacts PCI mandates by name.
Mark a control "Not in Place" anywhere; it appears on the Roadmap automatically. Add Effort and Impact, get a 1–9 integer Priority Score and P1/P2/P3 tier — no copy-paste, no drift.
Sign-off block, document control, 10 industry-standard tickmarks, AICPA-aligned sampling guidance, PCAOB deficiency classification — built for audit-grade workpapers, not pretty checklists.
Status dropdowns with PCI's official AoC wording (In Place / In Place with CCW / In Place with CA / N/A / Not Tested / Not in Place). Color-coded with WCAG 2.1 AA accessibility.
Flat Export tab normalizes every row for ingestion into Archer, ServiceNow GRC, OneTrust, AuditBoard. CSV-friendly column structure that stays stable across versions.
Hidden Branding tab lets you (or your consulting clients) rebrand in one place. Sheet protection, print-ready layout, and Excel / Google Sheets / LibreOffice compatibility.
One-time purchase. Instant download. Open in Excel, Microsoft 365, Google Sheets, or LibreOffice and start your first SAQ this afternoon.
Every subcategory, every Implementation Example, every Informative Reference. Tier Self-Assessment, Organizational Profile, and a Risk-Adjusted Roadmap that ranks gaps by Function criticality.
CSF 2.0 has four constructs — Core, Tiers, Organizational Profile, Informative References. This tour shows all four and how they connect.
The NIST — Maturity Snapshot asks twelve quick questions (two per CSF function) on a 5-point scale, then builds an instant radar of maturity by function, your overall maturity level, and your two biggest gaps — exactly what the workbook’s Executive Summary produces.
Add your details (name + email required, company + role optional) and we’ll email a free sample of the NIST CSF 2.0 Gap Assessment Workbook — a generous teaser faithful to the real workbook (same columns, real example rows), trimmed and watermarked: a “Free Sample” cover, 3–6 example rows per key tab, “··· N more rows in the full version ···” notes, a “Get Full Version” tab, and a SAMPLE footer on every sheet.
Click any tab to see what's inside. The Function tabs are organized GV → ID → PR → DE → RS → RC, matching the order NIST publishes the framework.
CSF 2.0 isn't just six functions on a 0–5 scale. The four constructs NIST publishes — Core, Tiers, Profile, References — all live in this workbook.
Every outcome NIST published — GV (31), ID (21), PR (22), DE (11), RS (13), RC (8). Each row scored Current vs Target on a 0–5 maturity scale with auto-computed Gap.
Populated verbatim from NIST's published catalog for all 106 subcategories. Plus an "Internal Notes" column for your own client-specific commentary.
NIST's official Partial / Risk Informed / Repeatable / Adaptive descriptors across all three CSF Tier dimensions, scored per Function. Separated from the Maturity scale — Tiers and Maturity are not the same construct.
Current Profile vs. Target Profile per NIST SP 1302 — the central artifact of CSF practice. Profile Scope/Context block plus a row per subcategory with narrative, score, and priority.
239 reference rows mapping subcategories to ISO/IEC 27001:2022, NIST SP 800-53 Rev. 5, and CIS Controls v8. Filterable by Function, subcategory, or framework.
Radar chart of 6 Functions (Current vs Target), conditional-formatted gap heatmap across all 106 subcategories, and formula-driven KPI tiles. Auto-calculated — no manual rollup.
Auto-pulls every Gap > 0 subcategory and ranks by Risk-Adjusted Priority (Gap × Function Criticality). Criticality is yours to set on the Cover — weighted to your business.
Sign-off, revision history, 10-symbol tickmark legend, AICPA-aligned sampling, PCAOB deficiency classification, COSO 2013 Control Attributes. Flat Export for GRC ingestion. White-label-ready.
One-time purchase. Instant download. Score your 106 subcategories this afternoon and walk a board-ready Profile by end of week.
Both v2.0 workbooks plus every framework on the roadmap — NIST 800-53 Rev. 5, CRI Profile 2.0, CCM v4, COBIT 2019 — as they release, at no extra cost. One price, forever.
Both workbooks today plus four roadmap frameworks. The math gets better with every release.
Every Vault buyer gets all future releases at no extra cost. The roadmap is firm; dates are best estimates.
106 subcategories with NIST Implementation Examples, Informative References cross-walk, Tier Self-Assessment, Org Profile, radar Executive Summary.
All 10 SAQ types, 595 sub-requirements, TRA / CCW / CAW / Scope / Diagrams artifacts. Dynamic Roadmap with P1/P2/P3.
Control families AC through SR. Low / Moderate / High baselines. POAM tracker + SSP outline.
Cyber Risk Institute's financial-services profile mapped to NIST CSF 2.0 and FFIEC CAT, with regulator-ready reporting tabs.
Cloud Controls Matrix with CAIQ-style questionnaire, shared-responsibility mapping, and provider evidence collection.
Governance and management objectives with capability scoring, design factors workbook, and goals cascade worksheet.
Both current workbooks plus every future framework. One payment. Priority support. Early access. Save $400+ over buying individually.