Cyber Assessment
Framework (CAF)

Navigate NCSC's Cyber Assessment Framework with deep regulatory expertise, practical remediation and ASSURE-accredited consultancy.

Book a free consultation
Explore services
Cyber assessment framework consultancy

Security that meets standards,
consultancy that exceeds them.

 

Using CAF as one of our foundational assessment models, CSA Cyber has supported a wide range of organisations in aligning to evolving regulations and driving cyber maturity across multiple sectors. As experienced ASSURE consultants, we’ve guided some of the UK’s most critical infrastructure, including major airports, through CAF alignment, remediation and beyond.

accred-caa-1
NCSC Cyber Incident Response Logo
CHECK Penetration Testing (Dark Logo)
37838_Crest icons_2022_4_VA + PT + STAR PT + CSIR + SOC--1
MISA Member badge_white background_MS Security logo-1
accred-iso27001-1
accred-iso9001-1
accred-ceceplus
accred-ccoe
accreds-pciqsa-1
Untitled design (87)

Why CAF 4.0 demands immediate attention

The latest iteration of CAF, version 4.0, published in August 2025, introduces major updates that could leave previously compliant organisations exposed, making reassessment essential.

Key changes include:

  • A stronger focus on proactive threat monitoring and intelligence
  • New controls for secure software development
  • Greater emphasis on supply chain security and due diligence

As AI becomes embedded into operational environments, organisations in critical infrastructure sectors should consider how development, governance, and risk management practices align with CAF 4.0.

Alignment to the CAF can also support with effective regulatory compliance for directives such as NIS 2.

 

Start with our CAF essentials:

Not yet ready to take the next step or want to continue exploring the framework? Our CAF resource hub offers practical insights and essential guidance to help you build confidence and stay up-to-date with the latest requirements.

Cyber Assessment Framework (CAF): A guide for practitioners

A practical roadmap designed for organisations and teams responsible for aligning with the CAF; helping in benchmarking cyber maturity, closing compliance gaps and confidently meeting the demands of CAF 4.0.

Download the guide

CAF 4.0 explained: What's new and why it matters

Explore the key updates in CAF 4.0, from threat hunting to secure software development, and learn the action your organisation must take to align with evolving cyber resilience standards.

Read the article

Our CAF consultancy services

Whether you're starting from scratch or refining your cyber posture, our consultancy services are designed to equip you with expert support and strategy at every stage of CAF alignment, from scoping and assessment to remediation and continuous improvement.

These services include:

Scoping & readiness planning
Including NIS2 alignment and stakeholder mapping.

CAF assessment & gap analysis
Governance and technical interviews, policy reviews and control validation.

Remediation roadmap development
Prioritised actions and long-term planning.

Follow-up audits
Re-testing areas of concern and validating improvements.

Continuous improvement consulting
Ongoing support to embed resilience and meet evolving standards.

CSA Cyber in action

CSA Cyber has supported some of the UK’s most critical transport hubs in aligning with CAF, embedding secure-by-design principles, and delivering measurable improvements in cyber resilience. Below are just two of many examples of how we’ve helped organisations navigate complex regulatory environments and implement lasting change.

Secure-by-design for critical infrastructure

CSA Cyber has supported major UK airports in embedding secure-by-design principles for new critical systems under NIS-D scope, ensuring CAF alignment and developing corrective action plans through to full remediation.

ASSURE audits for Aviation
compliance

Through our acquisition of the ASSURE-accredited specialists at SureCloud, we have built a strong pedigree in conducting CAF-aligned audits for the country's largest aviation organisations, helping them meet Indicators of Good Practice and demonstrate compliance.

Book a free consultation

Setting the standard for CAF compliance

As consultants, we aren't just here to advise, we're recognised CAA ASSURE auditors with hands-on experience assessing and implementing CAF controls across some of the UK’s most critical infrastructure, including the nation's largest airports. Our approach is collaborative, strategic, and tailored to your sector’s unique challenges.

Tailored remediation

We identify specific gaps and vulnerabilities, developing targeted actions aligned to sector-specific needs.

Compliance planning

We help you build a strategic roadmap to monitor and continuously improve alignment with evolving regulatory requirements, from CAF to NIS2.

Expert-led delivery

Our highly qualified consultants bring years of experience in implementing CAF controls and aligning with indicators of good practice (IGPs).

Talk to our specialists about CAF

Our team of ex-Government, ex-military and commercially experienced specialists are here to support your CAF journey, bringing deep expertise in cyber risk, compliance, remediation and beyond.

Book a free discovery consultation today by completing this form.