Cyber Assessment Framework for Local Government

About the Cyber Assessment Framework for Local Government (LG CAF)

Local Digital is supporting councils in England to assess and improve their cyber posture, in line with the ambitions set out in the Government Cyber Security Strategy 2022-2030.

Our previous research highlighted that English local authorities are lacking a clear baseline standard when it comes to cyber security.

We’re currently exploring how the Cyber Assessment Framework (CAF) devised by the National Cyber Security Centre (NCSC) could be used across the sector in England to meet this need and help drive cyber resilience.

This page explains how we’re piloting a CAF profile for local government and how you can start using the profile within your organisation.

Next steps for the CAF

We are now conducting an in-depth pilot with 8 councils over 6 months as part of our Future Councils programme. You can read regular updates on the progress of this pilot.

While we feel confident that the CAF and the local government profile is the right approach for the sector, we plan to continue working closely with the local government sector in England to design and develop the process that councils will follow to assess themselves using the CAF.

In the long-term, we think the CAF could be a central part of the post-Public Services Network (PSN) cyber landscape, and a routine part of good risk-management at local authority level.

Following a common framework will also help grow our understanding of sector-level risks and vulnerabilities, and help DLUHC and other organisations to target support where it’s needed most.

Start using the CAF within your council

We’re encouraging councils to familiarise themselves with the CAF and start thinking about how they would apply it within their organisation.

If you’re interested in receiving an introduction to the CAF, the workbook template, and guidance from DLUHC, please email caf@localdigital.gov.uk.