Solutions
Solutions

Explore cyber security solutions trusted by CNI, Government and other highly regulated industries to protect and transform critical functions.
Risk Management

Cyber Risk Review (CRR)

Cyber Assessment Framework (CAF)

Cyber Risk Analysis Services

Security Architecture:

Cross-Domain Architecture

SECRET Mobile Data Security Architecture

Security Architecture Design & Review

Virtual CISO Services & Advisory

Security Monitoring:

Advanced Security Operations Centre (SOC)
Products

Products

RiskTree makes risk easier. You input the threats; it will output risk levels with clear priorities. It’ll visualise these to allow everyone in your organisation to see the situation, and it is easy to evolve the data in parallel with your projects.

Risktree:

Quantify your risk in minutes, not months

Find Out More
Industries
Industries

2T Security is a trusted service provider in high-assurance cybersecurity solutions. Designed to assist high-threat organisations in overcoming their security challenges.
Key Industries:

Defence & Intelligence

Telecoms

Critical National Infrastructure

UK Central Government
Frameworks

Frameworks

Framework agreements are a quick and easy way for public sector organisations to procure the services they need from accredited suppliers.

Frameworks:

CCS and DPS Framework Agreements

Find Out More
About 2T

About 2T Security

Why 2T:

2T Security has defended the UK’s critical data against the most complex cyber threats since 2013. Our dedication and commitment to our customers and their work is what sets us apart. We are passionate about security, sharing our knowledge and getting the job done.

Find Out More

Meet The Experts:

2T Security is trusted by organisations, including those responsible for critical national infrastructure, to solve their IT security and information assurance problems – helping clients prevent £-millions in fraud, avoid security incidents, and reputational damage.

Find Out More
Resources

Case Studies:

DCMS Broadcast Sector Cyber Risk Reviews

Working closely with technical leads, we ran in-depth workshops to map end-to-end architectures, operating processes and security controls. Using the National Cyber Security Centre’s CAF,...

Read More

More Case Studies

News & Insights:

A brilliant start: My first two weeks at 2T Security – A CyberFirst Summer Placement Experience.

Starting a new placement can be daunting, but my first two weeks at 2T Security have been nothing short of inspiring. My CyberFirst summer placement...

Read More

More Insights

Events:

DSEI – Excel, London

Find us at DSEI, London, Sept 9-12, 2025. Speak with our Cross Domain, secure tactical comms, and Mission Intelligence experts....

Read More

More Events

CyberFirst Schools

East Midlands Pilot – Building the Next Generation of Cyber Talent
Cyber is one of the fastest-growing and most rewarding careers for young people.

Find Out More

Edit Content

Solutions
Solutions

Explore cyber security solutions trusted by CNI, Government and other highly regulated industries to protect and transform critical functions.
Risk:

Cyber Risk Review (CRR)

Cyber Assessment Framework (CAF)

Cyber Risk Analysis Services

Security Architecture:

Cross-Domain Architecture

SECRET Mobile Data Security Architecture

Security Architecture Design & Review

Virtual CISO Services & Advisory

Security Monitoring:

Advanced Security Operations Centre (SOC)
Products

Products

RiskTree makes risk easier. You input the threats; it will output risk levels with clear priorities. It’ll visualise these to allow everyone in your organisation to see the situation, and it is easy to evolve the data in parallel with your projects.

Risktree:

Quantify your risk in minutes, not months

Find Out More
Industries
Industries

2T Security is a trusted service provider in high-assurance cybersecurity solutions. Designed to assist high-threat organisations in overcoming their security challenges.
Key Industries:

Defence & Intelligence

Telecoms

Critical National Infrastructure

UK Central Government
Frameworks

Frameworks

Framework agreements are a quick and easy way for public sector organisations to procure the services they need from accredited suppliers.

Frameworks:

CCS & DPS Framework Agreements

Find Out More
About 2T

About 2T Security

Why 2T:

2T Security has defended the UK’s critical data against the most complex cyber threats since 2013. Our dedication and commitment to our customers and their work is what sets us apart. We are passionate about security, sharing our knowledge and getting the job done.

Find Out More

Meet The Experts:

2T Security is trusted by organisations, including those responsible for critical national infrastructure, to solve their IT security and information assurance problems – helping clients prevent £-millions in fraud, avoid security incidents, and reputational damage.

Find Out More
Resources

Case Studies:

DCMS Broadcast Sector Cyber Risk Reviews

Working closely with technical leads, we ran in-depth workshops to map end-to-end architectures, operating processes and security controls. Using the National Cyber Security Centre’s CAF,...

Read More

More Case Studies

News & Insights:

A brilliant start: My first two weeks at 2T Security – A CyberFirst Summer Placement Experience.

Starting a new placement can be daunting, but my first two weeks at 2T Security have been nothing short of inspiring. My CyberFirst summer placement...

Read More

More News & Insights

Events:

DSEI – Excel, London

Find us at DSEI, London, Sept 9-12, 2025. Speak with our Cross Domain, secure tactical comms, and Mission Intelligence experts....

Read More

More Events

CyberFirst Schools

Building the Next Generation of Cyber Talent
Cyber is one of the fastest-growing and most rewarding careers for young people.

Find Out More

Cyber Security News and Insights

Category: CAF

CAF 4.0 is here – what does that mean for my organisation?

CAF 4.0 has arrived, bringing major updates to the UK’s Cyber Assessment Framework. Compared to version 3.2, it introduces new contributing outcomes, over 100 new Indicators of Good Practice, and significant restructuring, especially in Objective C (cybersecurity monitoring and threat hunting). While many changes are minor or clarifications, around 60 require closer review, meaning organisations transitioning from CAF 3.2 will need to reassess key areas. Our blog breaks down where to focus your efforts when updating your assessment process.

My CyberFirst Summer Placement at 2T Security

Thanks to the CyberFirst Bursary program, I secured a summer placement at 2T Security. On my first day, the team outlined what I’d be learning and doing during the placement, and I’ll admit—I felt a bit overwhelmed and nervous about taking it all in.

How we made the GovAssure profiles

In this article, we discuss the approach to creating GovAssure profiles. We didn’t want to assume that government could use the existing CAF baseline profile based on a different threat profile to the private sector. Read more about how we ensured that the chosen profile reflected the threats faced by government.

Using the Cyber Assessment Framework (CAF) in practice

A brief guide to using the Cyber Assessment Framework (CAF) in practice. If you’ve read our earlier blogs about the Cyber Assessment Framework (CAF), you'll know that it isn’t intended to be a checklist - find out more about outcome level dependencies and chord diagrams...

The Five W’s of CAF

If you want to know more about the Cyber Assessment Framework you've come to the right place. In this article, we'll explain the what, why, who, where and when of the CAF!

2T Security Offering GovAssure Services

Throughout the development and implementation of GovAssure, 2T Security has closely collaborated with the Government Security Group and the National Cyber Security Centre. Read about our expertise in CAF.

Solutions

Products

Industries

Frameworks

About 2T Security

DCMS Broadcast Sector Cyber Risk Reviews

A brilliant start: My first two weeks at 2T Security – A CyberFirst Summer Placement Experience.

DSEI – Excel, London