Cyber Assessment Framework

It has been over five years since the UK’s National Cyber Security Centre (NCSC) introduced the Cyber Assessment Framework (CAF) in response to the implementation of the Network and Information Systems (NIS) Regulations. Currently in its 4th iteration, version 3.1 of the UK’s National Cyber Security Centre’s Cyber Assessment Framework (CAF) includes several clarifications and updates.

Originally designed for organisations responsible for Critical National Infrastructure designated Operators of Essential Services (OESs) as defined by the NIS Regulations, the CAF has been updated to have broader applicability and is now at the core of the government’s cybersecurity strategy. It is being used by a wider range of public sector organisations.

The CAF collection consists of four high-level objectives that are further broken down into 14 cyber security and resilience principles. It also provides guidance on their application and includes 39 Indicators of Good Practice (IGP). Unlike many generic cybersecurity practices, the CAF collection is suitable for both Information Technology (IT) and Operational Technology (OT) environments, covering various organisations that operate OT systems, ranging from power generation to pharmaceutical production. Learn more about the framework and how Dragos can help you implement it – download this solution brief today.