The NCSC Cyber Assessment Framework (CAF) v3.1 provides a systematic and comprehensive approach for organisations-particularly those managing essential functions or critical national infrastructure-to assess and improve their cyber resilience and security posture. The framework is structured around four primary security objectives: managing security risk, protecting against cyber-attack, detecting cyber security events, and minimising the impact of cyber security incidents. These objectives are underpinned by 14 outcome-focused principles, each further detailed through contributing outcomes and supported by structured Indicators of Good Practice (IGPs), which organisations use to evidence their level of achievement-now including a “Partially Achieved” level for greater assessment nuance in v3.115. CAF v3.1 focuses on clarity and consistency, with minor language revisions and a more substantial update to media/equipment sanitisation requirements, and is designed for both self-assessment and independent review, supporting regulatory compliance and continuous improvement in cyber security management.
Home / Function (NIST CSF 2.0) / GV - Govern / OC - Org. Context
NCSC Cyber Assessment Framework V3.1
This document focuses on:Maturity