Independent NCSC Cyber Assessment Framework (CAF) assessment for UK public sector, CNI, and regulated organisations. All 14 principles. Structured scoring. Evidence gap analysis. A prioritised improvement plan built to prepare you for regulatory review — before the regulator asks.
From £TBC — fixed fee, scoped after your Ignite AssessmentThe NCSC Cyber Assessment Framework is comprehensive and demanding — 14 principles across four objectives, each with indicators of good practice that require both technical controls and documented evidence. Many organisations in scope for CAF have reasonable security controls in place, but struggle with the evidence and documentation layer that regulators need to assess their achievement level. A gap between your actual security posture and your demonstrable security posture is what catches organisations out.
Our CAF assessment works through all 14 principles collaboratively with your team — scoring your current position, identifying evidence gaps, and producing a clear picture of where you are versus where you need to be. For organisations facing formal regulatory assessment, we run the independent CAF engagement as preparation — so there are no surprises when the regulator assesses you.
The CAF assessment spans the first two phases of our lifecycle. If you then want to close the gaps we find, we work through the remaining phases with you — implementing controls and building evidence.
A free 30-minute call with a senior security architect. For CAF, you leave with a sense of which principles are most likely to have gaps, what the evidence challenges are likely to be, and whether a full CAF assessment engagement is the right next step. No pitch deck, no obligation.
Whether you need a full independent CAF assessment, pre-regulatory preparation, or remediation support — we'll tell you exactly where you stand against the framework.
Book Ignite Assessment