)
)
16 Dec 2025
NCSC Cyber Assessment Framework (CAF)
)
What is the NCSC CAF?
The CAF is a structured approach to assessing and improving cybersecurity maturity across organisations that support the UK's essential services. It is structured around four key objectives and 14 security principles covering:
- Managing Security Risk - Governance, Risk Management, Asset Protection & Supply Chain Security.
- Protecting Against Cyber Attacks - Access Control, Data Security, System Security & Network Resilience.
- Detecting Cyber Security Events - Security Monitoring & Proactive Threat Discovery.
- Minimising the Impact of Cyber Incidents - Incident Response, Recovery Planning and Lessons Learned.
Why It Matters To You:
- Ensure Compliance with UK Cybersecurity Requirements - Align with the NCSC Cyber Strategy.
- Strengthen Cyber Resilience - Secure essential services against cyber threats and attacks.
- Prepare for Cyber Oversight Body Assessments - Demonstrate security governance and risk management maturity.
- Improve Incident Response & Recovery - Minimise operational downtime during cyber incidents.
- Reduce Regulatory & Financial Risk - Avoid penalties and demonstrate proactive risk mitigation.