Skip to content
Home / Function (NIST CSF 2.0) / GV - Govern / OC - Org. Context

NCSC Cyber Assessment Framework V3.1

This document focuses on:

The NCSC Cyber Assessment Framework (CAF) v3.1 provides a systematic and comprehensive approach for organisations-particularly those managing essential functions or critical national infrastructure-to assess and improve their cyber resilience and security posture. The framework is structured around four primary security objectives: managing security risk, protecting against cyber-attack, detecting cyber security events, and minimising the impact of cyber security incidents. These objectives are underpinned by 14 outcome-focused principles, each further detailed through contributing outcomes and supported by structured Indicators of Good Practice (IGPs), which organisations use to evidence their level of achievement-now including a “Partially Achieved” level for greater assessment nuance in v3.115. CAF v3.1 focuses on clarity and consistency, with minor language revisions and a more substantial update to media/equipment sanitisation requirements, and is designed for both self-assessment and independent review, supporting regulatory compliance and continuous improvement in cyber security management.


Publication's URL

https://www.ncsc.gov.uk/files/NCSC-CAF-v3-1.pdf

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *