The National Cyber Security Centre (NCSC) has made changes in the Cyber Assessment Framework (CAF).
It said the most substantial change to CAF 3.1 is in the introduction of a ‘partially achieved’ level to the indicator of good practice for media and equipment sanitisation in recognition of the risk to the confidentiality of data managed by the public sector.
This is particularly relevant to public sector organisations with the adoption of CAF 3.1 being one of two core pillars in the Government Cyber Security Strategy.
There are also revisions focused on language to improve clarity and consistency in the framework for the principles, contributing outcomes and indicators of good practice.
CAF’s core users are organisations within the UK critical national infrastructure, those subject to Network and Information Systems (NIS) Regulations and those involved in cyber related public safety.
NCSC said that during the latest review the importance of using the supporting guidance alongside the framework came to the fore.
The Government has previously indicated that adoption of CAF is to take place this year, with tiered profiles to respond to varying threats to government functions.
