United Kingdom

National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF)

Objective A: Managing security risk

  1. A1 Governance
  2. A2 Risk management
  3. A3 Asset management
  4. A4 Supply chain

Objective B: Protecting against cyber attack

  1. B1 Service protection policies and processes
  2. B2 Identity and access control
  3. B3 Data security
  4. B4 System security
  5. B5 Resilient networks and systems
  6. B6 Staff awareness and training

Objective C: Detecting cyber security events

  1. C1 Security monitoring
  2. C2 Proactive security event discovery

Objective D : Minimising the impact of cyber security incidents

  1. D1 Response and recovery planning
  2. D2 Lessons learned

Cyber Essentials

  1. Firewalls
  2. Secure Configuration
  3. Security Update Management
  4. User Access Control
  5. Malware Protection
Scroll to Top