ASPHALIA · CYFUN TOOL

Your CyberFundamentals Assessment, Simplified.

A free, browser-based tool to conduct, track and export your NIS2 / CyFun self-assessment — Basic, Important and Essential levels. No account. No server. Fully offline.

Launch Free Tool → Learn more ↓

CONTEXT

NIS2 & CyFun: what you need to know

The NIS2 Directive

The EU NIS2 Directive (2022/2555) entered into force on 16 January 2023 and was transposed into Belgian law on 26 April 2024. It significantly broadens the scope of cybersecurity obligations, covering essential and important entities across 18 sectors. Affected organisations must implement appropriate security measures and may face audits or certifications.

CCB official resources → Safeonweb@Work →

The CyFun® Framework

CyberFundamentals (CyFun®) is the cybersecurity framework published by the Belgian Centre for Cybersecurity (CCB). Rooted in the NIST Cybersecurity Framework, it defines 218 requirements across 6 functions — Identify, Protect, Detect, Respond and Recover — at three assurance levels: Basic, Important and Essential. CyFun compliance is the recognised path for Belgian organisations to meet their NIS2 obligations.

Diagram showing the Belgian NIS2 compliance ecosystem: EU directive, Belgian law, CCB/CyFun framework, and accredited CAB audits

THE FRAMEWORK

A structured, risk-based model

CyFun® maps cybersecurity measures to five maturity levels and three assurance levels, giving organisations a clear, graduated path from basic hygiene to full certification.

218
Requirements
6
Functions
172
Key Measures
3
Assurance Levels
5
Maturity Levels
CyFun maturity levels staircase diagram: Level 1 Initial through Level 5 Optimizing, with descriptions

The 5 maturity levels of CyFun® — from Initial to Optimizing

ASSURANCE LEVELS

Three levels, one framework

Your required level depends on your NIS2 classification. The tool supports all three.

Basic
NIS2 Essential & Important entities (entry)

Self-assessment verified by an accredited CAB. Covers foundational cybersecurity hygiene with a Verified Claim as evidence.

Start Basic assessment →
Important
NIS2 Important entities

Self-assessment verified by an accredited CAB under ISO/IEC 17029. Delivers a formal Verified Claim with stronger controls.

Start Important assessment →
Essential
NIS2 Essential entities

Full certification audit (ISO/IEC 17021-1) on a 3-year cycle. Produces a Certificate as assurance evidence.

Start Essential assessment →
Side-by-side comparison of CyFun Basic, Important and Essential assurance levels showing type, method, standard, frequency and evidence

Assurance levels overview (source: CCB)

NIS2 administrative sanctions
€10M or 2% global turnover — Essential entities
€7M or 1.4% global turnover — Important entities
Know where you stand. Start free assessment →

HOW IT WORKS

Four steps to compliance clarity

Create

Set up your organisation profile and select your assurance level (Basic, Important or Essential).

Assess

Score each requirement: documentation maturity and implementation maturity, guided by use-case examples.

Analyse

Instant dashboard with radar chart, gap analysis, function-level scores and priority recommendations.

Act

Generate a structured roadmap and prepare your CAB audit package with exportable PDF reports.

PRICING

Simple, transparent pricing.

The full tool is free. Go Pro for cloud sync, unlimited organisations and advanced analytics.

Available now
Free
€0
forever
  • All assurance levels (Basic, Important, Essential)
  • Up to 2 organisations
  • Full assessment workflow (Create → Assess → Analyse → Act)
  • Dashboard, radar chart & gap analysis
  • All exports (PDF, XLSX, PPTX, JSON)
  • Roadmap, evidence engine & NIS2 wizard
  • Fully offline & private — no account required
Launch Free Tool →
New
Pro
€29
/ month · or €249/year (save 28%)
  • Everything in Free
  • Cloud sync across devices
  • Unlimited organisations
  • Sector benchmark comparison
  • History restore & version comparison
  • Progress reports (snapshot comparison)
Upgrade to Pro →

DISCLAIMER

Important notice

This tool is provided by Asphalia Consulting SRL for informational purposes only and does not constitute legal or regulatory advice. Results are indicative and should not be relied upon as a definitive assessment of NIS2 or CyFun compliance. For definitive scope determination, certification or formal verification, consult the Centre for Cybersecurity Belgium (CCB) or a qualified, accredited advisor. The tool is based on the CyFun® 2025 framework documentation published by the CCB and the Belgian Law of 26 April 2024 transposing NIS2. Asphalia Consulting SRL is not affiliated with the CCB and this tool is not an official CCB product.

OFFICIAL RESOURCES

Useful links & official references

CCB CyFun® Framework

Official CyberFundamentals framework documentation, requirements and toolbox published by the Centre for Cybersecurity Belgium.

CyFun Framework →

CyFun Toolbox

Practical tools, templates and guidance to support your CyFun self-assessment and certification process, from the Safeonweb@Work portal.

Open Toolbox →

NIS2 Belgian Law

The Belgian law of 26 April 2024 transposing the EU NIS2 Directive (2022/2555) into national law — the legal basis for cybersecurity obligations.

Read the Law →

CyFun.eu

The official CyFun portal with sector-specific guidance, FAQs, accredited CAB lists, and news about the CyberFundamentals Framework.

Visit CyFun.eu →

CONTACT

About Asphalia Consulting

Asphalia Consulting is a Belgian cybersecurity consultancy specialising in NIS2 compliance, CyFun assessments, and cyber risk management. We build free tools to help organisations navigate Belgium's cybersecurity landscape.

VAT BE 0804.870.960
asphaliaconsulting.be → Asphalia Analytics → NIS2 Scope Tool → LinkedIn → contact@asphaliaconsulting.be
CyFun tool dashboard showing a radar chart with 6 NIST function scores, gap analysis and compliance status