In October 2024 we launched the Cyber Assessment Framework (CAF) for local government, setting a clear cyber security standard for the sector. Since then, 90 councils have completed a CAF assessment and many more are working on theirs.

Across the sector, councils are making significant progress strengthening their cyber resilience. Councils have told us that starting their CAF journey has helped them:

• access technical advice and guidance tailored to their needs
• use a structured framework to focus attention, resources, and effort
• raise cyber awareness across different departments, including keeping it high on their Senior Leadership Team’s agenda

Here’s what we have planned for 2026.

Building a more web-based, user-centred service

This year we’re going to evolve the CAF user journey, online guidance and resources to make it easier and quicker to complete CAF assessments. We’re looking to replace the self-assessment spreadsheets and submission tool with a web application to make completing and submitting assessments more user-friendly and secure.

We’ll also be making the transition to version 4.0 of the CAF, which includes updates that reflect the evolving cyber threat landscape, such as AI-related risks.

You can help us improve the CAF for local government by sharing your feedback.

Testing a new model of cyber support

We’ll be testing a new model of support to help councils that have completed a CAF assessment to accelerate improvements to their cyber resilience. The model will build on learnings from our Cyber Support programme.

CAF Support will provide funding, direct support, and peer learning opportunities to help the pilot councils implement priority actions from their organisational implementation and improvement plans (IIPs). Together, we’ll identify best practice approaches and expertise to share with the wider sector.

Addressing the compliance burden

We know many councils struggle with the number of competing cyber standards and compliance regimes that exist. We’ll continue to work with other government departments to better align and, where possible, reduce the compliance burden on local government.

Growing our engagement with the sector

We’re working hard to raise awareness of the CAF and strengthen sector connections. In 2025, we attended or spoken at 40 sector events around the country, including WARP and C-TAG meetings, and we know this year will be just as busy!

We’ll also continue to partner with the LGA and SOCITM to identify opportunities for joint working, tackle shared challenges, and ensure consistent messaging.

Encouraging peer collaboration

We’re delighted to see how a strong community has grown around the CAF, with councils collaborating and helping one another.

Northern and Southern peer support groups have been set up by the sector, where members share their experiences, challenges, and solutions throughout their CAF journey.

We regularly attend these meetings to offer tailored guidance and resources, and we look forward to continuing to support these communities this year.

• Learn about the Northern CAF Peer Support Group
• Learn about the Southern CAF Peer Support Group by emailing the organiser, Matt Smith [email protected]

Get started with the CAF for local government

If you’ve not started the CAF for local government yet, why not make it a make it a goal for this year?

1. Start by finding out what the CAF is and how it can benefit your council
2. Then, learn about what it involves and how much time is needed
3. You can then prepare for the self-assessment

We know you still have a lot of questions about how to approach the CAF, so we’ve published answers to common questions on our website. Email us on [email protected] if you have any additional questions or need support.

Stay in touch

• Connect with us on LinkedIn
• Subscribe to the CAF newsletter
• Subscribe to the MHCLG Digital blog