National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF)
Objective A: Managing security risk
- A1 Governance
- A2 Risk management
- A3 Asset management
- A4 Supply chain
Objective B: Protecting against cyber attack
- B1 Service protection policies and processes
- B2 Identity and access control
- B3 Data security
- B4 System security
- B5 Resilient networks and systems
- B6 Staff awareness and training
Objective C: Detecting cyber security events
- C1 Security monitoring
- C2 Proactive security event discovery
Objective D : Minimising the impact of cyber security incidents
- D1 Response and recovery planning
- D2 Lessons learned
Cyber Essentials
- Firewalls
- Secure Configuration
- Security Update Management
- User Access Control
- Malware Protection