The Ministry of Housing, Communities and Local Government (MHCLG) has launched the Cyber Assessment Framework (CAF) for local government.
Its Local Digital team said the framework, based on the original developed by the National Cyber Security Centre, will provide a clear cyber security standard for the sector.
It will help councils to assess their current cyber resilience and identify and mitigate any vulnerabilities that could disrupt their important services.
The ministry indicated last year, before it was renamed, that it intended to develop a version of CAF tailored to local government.
It said the initial stages are available for use now and the framework will be further developed based on feedback from local authorities. The full service is expected to be available by spring 2025.
The framework is voluntary and can be completed alongside other cyber security standards.
Crucial features
Key steps include: identifying critical systems; completing self-assessments; an independent assurance review; and developing an improvement and implementation plan to address vulnerabilities.
Ben Cheetham, deputy director of digital at MHCLG, said: “To date, MHCLG's cyber support for councils has focused on remediating serious vulnerabilities to help improve the sector's resilience to malware and ransomware. With the evolving cyber threat, it is now time to turn our attention to how we support councils to strengthen their cyber resilience for years to come.
“The CAF for local government helps organisations assess and improve their cyber security through a risk based and holistic approach. This requires collaboration across the organisation, breaking down perceptions that cyber security is purely an IT issue.
“This is a step change that's needed to protect important local government services in an ever changing threat landscape. I would like to thank all the local authorities who have helped pilot the CAF for local government over the past couple of years and work with us to ensure that it will be a success.”
The development reinforces the growing recognition as the CAF as a prime element of cyber security for the public sector, following last month’s announcement by NHS England that it planned to adopt the framework as its main mechanism for assurance.
