The Cyber Assessment Framework is a mechanism designed by NCSC for assuring the security of organisations.
The CAF is tailored towards the needs of Critical National Infrastructure, to meet the NIS regulations,[1] but the objectives can be used by other organisations.
[2] In addition to national public-sector and infrastructure bodies, the CAF is also being used by local government.
[3] The CAF has fourteen objectives, grouped into four categories:[4] These set high-level objectives which fit the needs of organisations handling high-impact data or performing essential functions.
Organisations are expected to self-assess, and to draw up an improvement roadmap.