CyFun Maturity Assessment Platform

Project Overview

A web application built with ASP.NET Core MVC for conducting structured cybersecurity maturity assessments of municipalities using the CyFun (Cybersecurity Framework) standard. Assessors evaluate municipalities across a hierarchical set of requirements and score each on both documentation and implementation maturity.

The platform organises cybersecurity requirements in a four-level hierarchy — functions, categories, subcategories, and individual requirements — mirroring the official CyFun standard. Each requirement carries a dual score: one for how well it is documented and one for how thoroughly it is implemented, giving assessors a nuanced picture of a municipality's security posture.

Key Features

Role-Based Access

Separate permission levels for administrators, assessors, and municipality users ensure each party only sees and interacts with what they need.

Structured Assessment Workflow

Guided workflow following the full CyFun hierarchy — functions, categories, subcategories, and requirements — keeping assessors on track.

Dual Scoring

Every requirement is scored independently on documentation maturity and implementation maturity, providing granular insight into compliance gaps.

Assessor Guidance

Built-in guidance notes per requirement help assessors apply consistent, well-informed scoring across different municipalities.

Overview Dashboard

At-a-glance dashboard listing all assessments with municipality name, assigned assessor, and overall maturity level in a single view.

Full Assessment History

Assessments are tracked over time with creation and last-updated timestamps, enabling progress monitoring across multiple review cycles.

Screenshots

Admin

Questionnaire management — Questionnaire Management

Evaluator

User

Questionnaire overview — Questionnaire Overview

Questionnaire detail — Questionnaire Detail

Fill in questionnaire — Fill in Questionnaire

Completed questionnaires — Completed Questionnaires

Technical Stack

Backend Framework: ASP.NET Core MVC providing a clean, testable architecture with built-in dependency injection, middleware, and routing.

ORM: Entity Framework Core handles all database interactions, migrations, and relationship mapping, keeping data access consistent and maintainable.

Database: SQL Server stores the full assessment hierarchy, scores, guidance notes, and historical records with proper indexing for fast queries.

Authentication & Authorisation: ASP.NET Core Identity with role-based claims controls access for administrators, assessors, and municipality users.

Architecture: Follows MVC separation of concerns with service and repository layers to keep business logic decoupled from controllers and views.

Challenges & Solutions

Hierarchical Data Model: Modelling the four-level CyFun hierarchy (functions → categories → subcategories → requirements) cleanly in a relational database required careful schema design and EF Core navigation property configuration.

Dual Scoring Consistency: Ensuring assessors apply scores uniformly across municipalities was addressed by embedding structured guidance notes directly in the assessment interface, reducing subjective interpretation.

Multi-Tenancy & Isolation: Role-based access and query-level filtering guarantee that municipality users can only view their own assessment data, while assessors can manage multiple municipalities without data bleed.

Historical Tracking: Implemented soft-versioning of assessments with timestamps so progress over successive review cycles is preserved without overwriting previous results.

Interested in learning more or collaborating on a project?

Get in Touch