Cyber Assessment Framework for Local Government

About the Cyber Assessment Framework for Local Government (LG CAF)

Local Digital is supporting councils in England to assess and improve their cyber posture, in line with the ambitions set out in the Government Cyber Security Strategy 2022-2030.

Our previous research highlighted that English local authorities are lacking a clear baseline standard when it comes to cyber security.

We’re currently exploring how the Cyber Assessment Framework (CAF) devised by the National Cyber Security Centre (NCSC) could be used across the sector in England to meet this need and help drive cyber resilience.

This page explains how we’re piloting a CAF profile for local government and how you can start using the profile within your organisation.

The LG CAF pilot (Autumn 2022)

In 2022 we conducted a pilot with 10 councils in England to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to help assess and manage cyber risks across the sector.

The pilot was our first step in understanding how a cyber security baseline for local government might work.

To find out how we conducted the pilot and what we learned, download the final report (PDF).

Next steps for the CAF

We are now conducting an in-depth pilot with 8 councils over 6 months as part of our Future Councils programme. You can read regular updates on the progress of this pilot.

While we feel confident that the CAF and the local government profile is the right approach for the sector, we plan to continue working closely with the local government sector in England to design and develop the process that councils will follow to assess themselves using the CAF.

In the long-term, we think the CAF could be a central part of the post-Public Services Network (PSN) cyber landscape, and a routine part of good risk-management at local authority level.

Following a common framework will also help grow our understanding of sector-level risks and vulnerabilities, and help DLUHC and other organisations to target support where it’s needed most.

Start using the CAF within your council

We’re encouraging councils to familiarise themselves with the CAF and start thinking about how they would apply it within their organisation.

If you’re interested in receiving an introduction to the CAF, the workbook template, and guidance from DLUHC, please email caf@localdigital.gov.uk.

Follow the progress of the CAF

Subscribe to the Local Digital newsletter to receive regular updates on our cyber work, plus news and events relevant to those working in and around local government cyber security.

How we're measuring the impact of the CAF

We have commissioned an independent evaluation of the Cyber Assessment Framework (CAF) to create a baseline that will help to support councils to adopt the CAF in the future.

To do this, we’ll be tracking progress against different areas of the CAF over time including working closely with cyber teams to understand practical next steps taken after the CAF.

Learn more about the evaluation study.

Learn more