The Cyber Assessment Framework (CAF)


Publication date: 2022

Author: National Cyber Security Centre (NCSC) United Kingdom



The National Cyber Security Centre (NCSC), as the United Kingdom’s national technical authority for information assurance, published a framework for a systematic and comprehensive approach to assessing and improving the cyber resilience and cyber security of organisations. Foremost, the framework is intended to help inform expert judgement, applicable across organisations and to varying contexts.

The Cyber Assessment Framework (CAF) is intended to be used by organisations as a tool for self-assessment or by an independent external qualified entity. The framework is based on 14 cyber security and resilience principles, which are written in terms of outcomes, with accompanying Indicators of Good Practice (IGPs). The latest, revised version of the Cyber Assessment Framework (CAF) v3.1 was published in April, 2022.