CyFun® ESSENTIAL certification deadline — 18 April 2027 — d — h — m — s BASIC/IMPORTANT self-assessment deadline (18 Apr 2026) has already passed
CA CyFun AutomationCOMPLIANCE EVIDENCE ENGINE Book a scoping call
REF. CYFUN® · NIS-2

Audit-ready evidence, continuously — not once a year.

CyFun Automation turns the security systems you already run into a live, scored, auditor-ready evidence trail for the CyFun® framework (CCB Belgium) and NIS-2 — so the week before an audit stops being a fire drill.

VERIFIED APPROACH
Built on the public CyFun® taxonomy
  • Read-only API connections — no agents, no new attack surface
  • Every control scored 1–5 on documentation & implementation maturity
  • Auditor-ready PDF + Excel output, regenerated on every run
  • Gaps surface on a dashboard, not in week 3 of the audit
90
CyFun® controls scored across BASIC / IMPORTANT / ESSENTIAL
30+
Security systems integrated out of the box — IAM, EDR, backup, SIEM, patching…
Weeks → Hours
Typical reduction in audit-evidence preparation time
Method

Four steps. No new agents on your endpoints.

Most organisations already run most of what NIS-2 asks about — identity, endpoint, backup, logging. What's usually missing isn't the tooling, it's the time and know-how to turn what those tools already know into audit-ready evidence. The pipeline reads what your security tools already know — it doesn't ask you to deploy anything new.

01

Connect

Read-only API connections to the identity, endpoint, network, backup and logging systems you already run — Entra ID, EDR/AV, SIEM, ITSM, backup platforms, update managers, firewalls and more.

02

Score

Every CyFun® control is scored 1–5 on documentation and implementation maturity, mapped directly to CyFun® / NIST CSF-aligned control identifiers — no manual spreadsheet wrangling.

03

Report

Auditor-ready evidence per control, plus a pre-filled CyFun® Excel self-assessment — regenerated automatically every time the pipeline runs.

04

Track

A live dashboard shows coverage, open gaps and score trend over time, so leadership sees compliance posture — not just a once-a-year snapshot.

Scope

Built on the CyFun® taxonomy, end to end.

CyFun® (CyberFundamentals®) is the Centre for Cybersecurity Belgium's official cybersecurity framework, aligned to NIST CSF 2.0. It's a registered trademark of the CCB — the authoritative source is cyfun.eu. CyFun Automation is an independent tool covering every certification tier of that framework.

TIER 1
BASIC
28 controls, including the 9 CCB "shall" key measures every organisation is expected to meet first.
TIER 2
IMPORTANT
71 controls — a superset of BASIC, for organisations with a higher risk profile.
TIER 3
ESSENTIAL
All 90 controls — full CyFun® scope, matching NIS-2 essential-entity expectations.
GV · Govern ID · Identify PR · Protect DE · Detect RS · Respond RC · Recover
Product — demo instance, sample data

What the auditor — and your leadership team — actually see.

Screenshots below are from a demo instance seeded with fictional data, for illustration only.

EXHIBIT A CyFun Automation coverage dashboard showing coverage percentage, key measures and domain breakdown
Dashboard

One screen, one number: are we covered?

Coverage percentage, CCB key-measure status, maturity distribution and per-domain breakdown — refreshed on every pipeline run, not once a year before the audit.

EXHIBIT B CyFun Automation controls table with per-control implementation and documentation scores
Controls

Every control, filterable by domain or gap.

Filter by CyFun® domain, key measures only, or "gaps only" to see exactly what's missing evidence — before an auditor finds it for you.

EXHIBIT C CyFun Automation control detail view showing score trend over time and linked evidence sources
Control detail

Score trend, linked sources, evidence records.

Drill into any control to see its maturity trend over time, which systems feed it evidence, and who owns it internally.

EXHIBIT D CyFun Automation run history showing a full audit trail of evidence-collection runs
Run history

A full audit trail, by design.

Every evidence-collection run is logged — mode, scope, coverage, status — building the audit trail auditors ask for, automatically.

Illustrative example

What a first NIS-2 self-assessment typically looks like once evidence stops being manual.

Based on a typical mid-size deployment across 30+ security systems. Figures are illustrative, not a specific client disclosure.

61%94%
CyFun® coverage (BASIC + IMPORTANT) over 6 weeks
3 weeks<1 day
Evidence preparation time per audit cycle
9 / 9
CCB key measures at maturity ≥ 3
Get started

Scope it in one call.

Every environment is different. A short scoping call is enough to map your existing security stack to the CyFun® controls it already covers, and to size what's left — before any commitment.

Compliance shouldn't be expensive. Pricing is per connector, not by the hour — you only pay for the systems you actually connect. Onboarding is first come, first served.

Built and operated independently by Filip Truyens, a Belgium-based security & compliance consultant.

FT
Filip Truyens
Independent security & compliance consultant
Based inBelgium
ScopeBelgium & EU
CyFun® (CyberFundamentals®) is a registered trademark of the Centre for Cybersecurity Belgium (CCB) — see cyfun.eu for the authoritative source. CyFun Automation is an independently built tool that implements the public CyFun® taxonomy — it is not affiliated with, endorsed by, or produced by CCB. Messages sent to the address above go directly to Filip Truyens and are not stored on this site or shared with third parties.