About the Cyber Assessment Framework (CAF)
To provide a clear cyber security standard for the local government sector, DLUHC will be introducing the Cyber Assessment Framework (CAF) for Local Government from 2024.
The Cyber Assessment Framework (CAF) was developed in 2018 by the National Cyber Security Centre (NCSC). It’s designed to help organisation’s take a systematic approach to assessing the extent to which they are managing their own cyber security risks.
Lead government departments are required to adapt the CAF in a way that is appropriate for the public sector organisations within their scope. DLUHC is currently developing supporting documentation, guidance and templates to guide the local government sector through the CAF.
What the CAF will mean for councils
The aim of the CAF is to promote and introduce good cyber security and resilience in organisations, so that the impact of attacks can be minimised. This means cyber attacks can be more quickly detected, and are easier to recover from.
Once the CAF for Local Government has launched, councils will be responsible for undertaking the CAF and using the assessment to manage their own cyber security.
DLUHC will use the results to understand any risks or issues within the sector. We will then consider how these risks can be addressed.