The CAF is outcome-based, focusing on results rather than prescribing solutions. It evaluates each system using a baseline or enhanced profile, depending on the perceived threat level.
Our risk experts can assist organisations with their CAF assessments and also help train companies conducting these assessments.
Our team of risk specialists provided in-depth technical analysis to help shape the NCSC’s Cyber Assessment Framework during its development.
Our experts worked to construct a robust empirical model for generating the CAF profiles.
We designed and delivered tailored, hands-on training programs for independent assurance firms performing CAF assessments.
Our services encompass advisory to CNI and central government clients.
Enhance your organisation’s understanding and application of the Cyber Assessment Framework (CAF), driving tangible improvements to your security posture.
Strengthen your Critical National Infrastructure (CNI) with our comprehensive client review against the CAF. Identify gaps, reinforce defences, and protect vital operations.
Empower your assessors and risk teams with specialised training. Refine assessment accuracy, strengthen risk management, and build a more resilient organisation.
We can operate as trusted advisors to your team or take on the assessment on your behalf, meeting compliance and maintaining the integrity of your organisation.
Get in touch to learn more about our approach to risk and how we can help you.
This diagram shows the dependencies between the 39 Contributing Outcomes defined in the Cyber Assessment Framework created by the NCSC.
|
Click on a circle or arrow to explore.
|
To simplify the diagram, it is assumed that Risk Management (A2.a), Asset Management (A3.a), and Cyber Security Training (B6.b) are already in place, and hence not all links are shown back to these.
Thanks to the Government Security Group, National Cyber Security Centre, and Cyber GSeC Team for the work that we did in compiling the data for this diagram.