GovAssure Reviews against the NCSC’s Cyber Assurance Frameworks.
What is the NCSC?
NCSC is the National Cyber Security Centre. It is a UK government agency dedicated to cyber
security. It provides advice, guidance, education, training and support related to cyber security for
both industry and government, and it manages cyber incidents and collaborates with international
partners to tackle cyber threats. The NCSC developed the CAF, which assesses cyber risks and
resilience, which helps organisations manage security risks effectively.
What is GovAssure?
GovAssure is the new cyber security assurance approach for government. The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF)
We can assess your organisations critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across
government.
What is the CAF?
The CAF is a high-level framework designed to assess cyber risks and resilience. It helps organisations understand, assess, and manage security risks related to their essential functions.
Components of the CAF are as follows;
Objectives: These are the overarching goals that organisations aim to achieve.
- Objective A: Managing security risk
- Objective B: Protecting against cyber attacks
- Objective C: Detecting cyber security events
- Objective D: Minimizing the impact of cyber security incidents
- Principles: These guide the implementation of security measures. For example: governance,
risk management, data security, security architecture, and staff awareness. - Indicators of good practice (IGPs): This help assess whether an organisation is meeting the desired outcomes.
Applicability: The CAF is used by Operators of Essential Services (OES) under the Network and Information Systems regulations. It’s also relevant across the private sector, including Critical
National Infrastructure (CNI) sectors.
Benefits:
- Consistent assessment: Adopting the CAF ensures consistent and comparable cyber
resilience assessment. - Greater visibility: It provides insights into cyber capability, risk, and resilience.
- Targeted remediation: Identifies areas needing improvement.
Contact us for more information
