Cyber Assessment Framework (CAF):
A guide for practitioners

CAF 4.0, published by the NCSC in August 2025, introduces significant changes that shift the framework from reactive compliance to proactive cyber resilience. For organisations operating in critical infrastructure sectors, reassessment is essential, not only to maintain alignment with CAF, but to ensure readiness for evolving regulations like NIS2.

This guide offers a practical roadmap for those responsible for aligning with the framework, helping teams benchmark cyber maturity, identify gaps in governance and technical controls, and confidently meet the demands of CAF 4.0. Whether you're approaching CAF for the first time or refining your existing posture, this resource will support your journey toward compliance, resilience, and trust.

Submit the form below to start your journey towards CAF 4.0 alignment.