CAF Dependencies
Analysis of the dependencies of the 39 contributing outcomes of the CAF.
An analysis shows the dependencies of the 39 contributing outcomes as defined in the Cyber Assessment Framewor (CAF) created by the National Cyber Security Centre.
Three of the contributing outcomes were seen as being fundamental to a CAF assessment and had a large number of other contributing outcomes that depend on them. These dependencies have been removed from the below content due to their high frequency.
Fundamental CAF Contributing Outcomes:
- A2.a – Risk Management Process
- A3.a – Asset Management
- B6.b – Cyber Security Training
The following contributing outcomes do not depend on any others so could be good places to start a CAF assessment:
- A1.a – Board Direction
- A3.a – Asset Management
- B1.a – Policy and Process Development
- B2.c – Privileged User Management
- B3.a – Understanding Data
- B3.e – Media/Equipment Sanitisation
- B4.d – Vulnerability Management
- B5.a – Resilience Preparation
Is depended on by :
C1.e: Monitoring Tools & Skills
D1.b: Response & Recovery Capability
Depends on:
Is depended on by :
Is depended on by:
B2.a Identity Verification, Authentication and Authorisation
B3.e: Media/Equipment sanitisation
B4.c: Secure Management
Depends on:
Depends on:
Is depended on by:
Depends on:
Is depended on by:
Depends on:
Is depended on by:
Depends on:
Depends on:
Is depended on by :
No dependencies
No dependencies
Depends on:
Depends on: