Skip to main content

NCSC Cyber Assessment Framework (CAF)

Practice: Cybersecurity · Type: Standard · UK-specific

The NCSC Cyber Assessment Framework (CAF) is the UK framework for assessing cyber resilience of essential and critical services, organised into 14 principles across four objectives. It underpins NIS-regulated sectors.

Benefits

  • Scored on the CAF's own scale using the Indicators of Good Practice — not a generic rubric.
  • Every score is traceable to the client's own evidence for each contributing outcome.
  • Gaps ranked by severity, focused on NIS-regulated and critical services.
  • A board-ready slide deck and a detailed report generated automatically.
  • Re-runnable to track resilience improvement across the 14 principles.

When to use it

  • For organisations operating NIS-regulated essential or critical services.
  • When a regulator or competent authority expects a CAF-based assessment.
  • To baseline cyber resilience across the four CAF objectives.
  • To re-assess after a remediation programme or regulatory cycle.

What it assesses

Celeredge assesses the client against the 14 CAF principles using the Indicators of Good Practice, scores each contributing outcome, and ranks remediation for NIS-regulated services. It covers:

  • The four CAF objectives
  • The 14 CAF principles
  • Each contributing outcome, scored against the Indicators of Good Practice

Expected output

Celeredge produces per-principle maturity scores on the CAF's own scale. Each answer carries a confidence signal and citations back to the client's evidence, and gaps are ranked by severity. The run generates a board-ready slide deck and a detailed HTML report. See Maturity Scoring, Reports and Deck Studio.

How to use it in Celeredge

  1. Collect the client's evidence — resilience policies and operational records — see Evidence Collection.
  2. In Diagnose, select NCSC Cyber Assessment Framework (CAF).
  3. Run the assessment and watch it stream — see Running Assessments.
  4. Review per-principle answers with their confidence and citations, then accept the ones you trust.
  5. Send gaps to Plan — see Gap Analysis.

FAQ

What is the NCSC Cyber Assessment Framework?

Underpinning NIS-regulated sectors, the NCSC Cyber Assessment Framework (CAF) is the UK's framework for judging the cyber resilience of essential and critical services. It is organised into 14 principles spread across four objectives.

What does a Celeredge NCSC CAF assessment deliver?

An evidence-based assessment scored on the framework's own scale, with gaps ranked by severity and an auto-generated, board-ready slide deck and detailed report — every score traceable to the evidence behind it.

How does the assessment work?

Clients upload their own evidence — policies, reports and data. An AI interviewer asks targeted follow-ups to fill anything missing, the platform scores against the framework, ranks the gaps, and generates the deliverables.

Celeredge runs an independent readiness and alignment review against this framework. It is not a certification audit and is not endorsed by the standard's owner. Framework and standard names are trademarks of their respective owners.