Seventeen questions. Five domains. Your AnchorOne Score calculated immediately — with a branded findings report.
Progress
0 / 17
01Identity30 points
Question 01
Does your organization require every user to verify their identity through a second factor — such as an authenticator app — every time they access company systems?
Yes
Partially
No
Question 02
Are those requirements applied to every user in the organization — including executives and ownership — with no carve-outs or exceptions?
Yes
Partially
No
Question 03
Does your organization control access based on the health and compliance status of the device being used — not just the username and password?
Yes
Partially
No
Question 04
Are administrative accounts in your environment restricted so that elevated access is granted only when needed and automatically expires?
Yes
Partially
No
Question 05
Are administrative accounts entirely separate from everyday user accounts — so that no one logs into daily work using an account with administrative privileges?
Yes
Partially
No
02Devices20 points
Question 06
Are all employee devices enrolled in a central management system that enforces security policies automatically?
Yes
Partially
No
Question 07
Are all devices encrypted, with that encryption verified and monitored continuously — not just enabled at setup?
Yes
Partially
No
Question 08
When a new device is set up, is it configured automatically to your organization's standard — without manual setup by IT?
Yes
Partially
No
03Security25 points
Question 09
Does your organization have active threat detection running on every endpoint that blocks threats automatically — not just generates alerts?
Yes
Partially
No
Question 10
Are your systems monitored continuously for vulnerabilities, with findings tracked and resolved on a defined schedule?
Yes
Partially
No
Question 11
Has your organization's incident response process been formally reviewed in the last twelve months?
Yes
Partially
No
04Email15 points
Question 12
Are your email domains configured with authentication records that prevent other parties from sending email on your behalf?
Yes
Partially
No
Question 13
Does your organization have active protection against phishing, malicious links, and impersonation attempts on every mailbox?
Yes
Partially
No
Question 14
Is outbound email monitored to prevent unauthorized data from leaving the organization?
Yes
Partially
No
05Backup & Documentation10 points
Question 15
Are your Microsoft 365 environments — email, files, and collaboration tools — backed up independently and tested for recovery on a regular schedule?
Yes
Partially
No
Question 16
Does your organization maintain current documentation of its technology environment that could be produced for an auditor or carrier on request?
Yes
Partially
No
Question 17
Has your organization's security posture been formally assessed or reviewed in the last twelve months?
Yes
Partially
No
Your AnchorOne Score is calculated immediately. The summary includes your score, domain breakdown, and framework alignment across NIST CSF, CIS Controls, and Cyber Insurance Baseline.
Please answer all 17 questions to generate your score.
AnchorOne Score
0
/ 100
—
—
—
NIST CSF
—
CIS Controls
—
Cyber Insurance Baseline
—
Domain Breakdown
Score by environment component
Identity
— / 30
Security
— / 25
Devices
— / 20
Email
— / 15
Backup & Documentation
— / 10
Your Detailed Report
Get your findings in writing
A branded report based on your answers — domain findings, specific gaps, and your score with your organization's name on the cover. Generated immediately.
See what the standard covers, how the environment is structured, and what operating inside it actually means. The baseline assessment uses Microsoft's own telemetry to document where your environment stands against the standard — not a sales process, but a fit determination.