NCSC CAF

The Cyber Assessment Framework (CAF) is a set of guidelines developed by the UK's National Cyber Security Centre (NCSC). It helps organisations assess and improve how well they manage cyber risks, especially for those providing services that are essential to the UK's economy, public safety, or national security. CAF is not a certification, but is rather a structured approach to measure and strengthen the cybersecurity of a business.

The CAF framework is structured around four key outcomes:

1. Managing security risk - Making sure cyber risks are understood and managed across the organisation.

2. Protecting against cyber attack - Putting technical and procedural controls in place to reduce the risk of incidents.

3. Detecting cyber security events - Monitoring networks and systems to identify potential threats or breaches.

4. Minimising the impact of cyber incidents - Ensuring there are plans to respond to and recover from cyber incidents quickly.

Each of these outcomes are supported by multiple 'detailed objectives' and 'Indicators of Good Practice' which help businesses measure how well they are doing, and to identify areas of improvement.