HOME

TheInfoList



Click Here for Items Related To - Cyber Assessment Framework
OR:
Cyber Assessment Framework on:   [Wikipedia]   [Google]   [Amazon]

The Cyber Assessment Framework is a mechanism designed by NCSC for assuring the security of organisations. The CAF is tailored towards the needs of Critical National Infrastructure, to meet the NIS regulations, but the objectives can be used by other organisations. In addition to national public-sector and infrastructure bodies, the CAF is also being used by local government.


Principles

The CAF has fourteen objectives, grouped into four categories: These set high-level objectives which fit the needs of organisations handling high-impact data or performing essential functions. These have some similarities, but are not identical, to the categories of controls used by ISO 27001:2013. Objective A: Managing security risk * A.1 Governance * A.2 Risk management * A.3 Asset management * A.4 Supply chain Objective B: Protecting against cyber attack * B.1 Service protection policies and procedures * B.2 Identity and access control * B.3 Data security * B.4 System security * B.5 Resilient networks and systems * B.6 Staff awareness and training Objective C: Detecting cyber security events * C.1 Security monitoring * C.2 Anomaly detection Objective D: Minimising the impact of cyber security incidents * D.1 Response and recovery planning * D.2 Improvements Each of these are linked to "outcomes" and "contributing outcomes". There are a total of 14 outcomes and 39 contributing outcomes. NCSC has published Indicators of Good Practice; IGP tables can be used to assess whether each objective has been "Achieved", "Not achieved", or "Partially achieved". Organisations are expected to self-assess, and to draw up an improvement roadmap. Competent Authorities review the assessment and the roadmap.


Further reading


Introduction to the Cyber Assessment Framework


See also

*
ISO 27001 ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
*
GovAssure GovAssure is a new cybersecurity regime for the UK government, starting in 2023. History The process was announced in 2022. Compared to previous cybersecurity for UK government bodies, the main change is the adoption of the NCSC's Cyber Assessmen ...
*
Cyber Essentials Cyber Essentials is a United Kingdom certification scheme designed to show an organisation has a minimum level of protection in cyber security through annual assessments to maintain certification. Backed by the UK government and overseen by the ...
*
Security Policy Framework The Security Policy Framework (or "SPF") is a set of high-level policies on security, mainly affecting the UK government and its suppliers. The structure has changed over time. Version 11 was published in October 2013; it has 20 "Mandatory Requirem ...


References

{{reflist, 40em Cybercrime in the United Kingdom Government of the United Kingdom Information technology organisations based in the United Kingdom National security of the United Kingdom Information assurance standards Information governance