Benchmark¶

The Nexus SecOps benchmark is a 300+ control catalog with a maturity model, multi-framework mappings, and concrete evidence and test procedures. It is built so a small team can self-assess without bringing in an audit shop just to plot the gaps.

What is Here¶

• Benchmark Overview — Scope, scoring approach, intended audience, what the benchmark is and isn't.
• Controls Catalog — 300+ controls (79 AI-specific) organized by domain. Each has rationale, expected evidence, and test procedure.
• Maturity Model — Five-level model (Initial → Optimized) with concrete behaviors per level.
• Scoring — How to convert control assessments into program-level scores you can defend in a board meeting.
• Evidence Catalog — What artifacts to collect to support each control's effectiveness.
• Test Procedures — Repeatable procedures for verifying control effectiveness, not just existence.
• Framework Mappings — Crosswalks to NIST CSF, NIST 800-53, ISO 27001, CIS v8, MITRE ATT&CK, and AI RMF.
• Workbooks — Self-assessment, findings template, risk register template.

How to Use¶

Pick a framework you already report against (NIST CSF or ISO 27001 are the common entry points). Use the mapping to translate that framework's controls into Nexus controls. Run a self-assessment using the test procedures. Score using the maturity model. The output is a defensible gap analysis you can take to leadership without external consulting spend.