The National Cyber Security Centre (NCSC) has released Cyber Assessment Framework 3.2 in response to increased threat levels to critical national infrastructure (CNI).
Announcing the framework, NCSC said it was two years since the last update and that the landscape had changed dramatically. It said that an analysis of attacks on critical national infrastructure around the world had led to the need for “significant changes” to cyber assessment framework policy towards remote access, privileged operations, user access level and multi-factor authentication.
Alignment with the Cyber Essentials requirements has also been included in the update.
Inevitably, NCSC said the latest framework reflected the rise of artificial intelligence (AI), in particular the sections of the framework that deal with automated functions and automated decision making technologies. NCSC said it will be considering the impact of AI in more detail for the next iteration of the cyber assessment framework.
The last framework was released two years ago, before the attack on Ukraine by Russia and the conflict in Gaza. NCSC has also updated its collection of materials for organisations securing critical national networks and information systems.