Cyber Assessment Framework – The CAF

Aligning your organisation’s cyber security program to the NCSC’s Cyber Assessment Framework with the guidance and support of leading cyber security service providers. 

The National Cyber Security Centre published 14 high level security principles, a requirement for all operators of essential services but a framework to measure good security against for any business. 

Each principle is broken down into specific outcomes, which are further broken down into indicators of good practice. The IGPs are used to determine if the organisation has correctly applied the principle. 

The CAF Principles 

4 Objectives broken down into 14 Compliance Elements:

Objective A

Managing Security Risk
A.1 Governance
A.2 Risk Management
A.3 Asset Management
A.4 Supply Chain

Objective B

Protecting Against Cyber Attack
B.1 Service Protection Policies and Procedures
B.2 Identity and Access Control
B.3 Data Security
B.4 System Security
B.5 Resilient Networks and Systems
B.6 Staff Awareness and Training

Objective C

Detecting Cyber Security Events
C.1 Security Monitoring
C.2 Anomaly Detection

Objective D

Minimising the Impact of Cyber Security Incidents
D.1 Response and Recovery Planning
D.2 Improvement

Assessing your organisations security posture against frameworks such as NIST, NCSC 10 steps and accreditations like ISO27001 means our consultants have the knowledge and experience to give best practise advice and support for organisations looking to bolster their security against government recognised frameworks.

The Cyber Assessment Framework is no difference, working to understand your organisations processes, operations and risk appetite puts us in the best position to align your organisation to these frameworks to help bolster your security posture.