NCSC CAF guidance

CAF Collection Overview

Cyber incidents can result in a number of different consequences, depending on the nature of the computer systems targeted, and intention of the perpetrators. Circumstances in which the possible consequences of cyber incidents are extremely serious or even, perhaps, catastrophic generally require very robust levels of cyber security and resilience. It is for these circumstances that the NCSC has developed the Cyber Assessment Framework (CAF) collection which is intended for use by organisations that are responsible for services and activities that are of vital importance to us all.

As stated in the National Cyber Strategy, the CAF is being introduced as part of a new programme aimed at improving government cyber security. Outside of government, the organisations likely to find the CAF collection most useful fall into three broad categories, namely

• organisations within the UK Critical National Infrastructure (CNI)
• organisations subject to Network and Information Systems (NIS) Regulations
• organisations managing cyber-related risks to public safety

If your organisations fall into one or more of these categories we suggest that you begin by reading the relevant CAF Collection introductory section or sections via the links on the page.

If your organisation does not fall into any of the above categories and you are interested in discovering more about the CAF then please read the General Introduction.

Each area of the CAF Collection is accessible via the menu of links on each page.