CAF Dependencies

The dependencies of the the 39 contributing outcomes as defined in the Cyber Assessment Framework created by the National Cyber Security Centre are displayed below.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

CAF Dependencies

A1.a: Board Direction

A1.b: Roles & Responsibilities

A1.c: Decision-making

A2.a: Risk Management Process

A2.b: Assurance

A3.a: Asset Management

A4.a: Supply Chain

B1.a: Policy & Process Development

B1.b: Policy & Process Implementation

B2.a Identity Verification, Authentication and Authorisation

B2.b: Identity Verification

B2.c: Privileged User Management

B2.c: IDAC Management & Maintenance

B3.a: Understanding Data

B3.b: Data in Transit

B3.c: Stored Data

B3.d: Mobile Data

B3.e: Media/Equipment Sanitization

B4:a: Secure by Design

B4.b: Secure Configuration

B4.c: Secure Management

B4.d: Vulnerability Management

B5.a: Resilience Preparation

B5.b: Design for Resilience

B5.c: Backups

B6.a: Cyber Security Culture

B6.b: Cyber Security Training

C1.a: Monitoring Coverage

C1.b: Securing Logs

C1.c: Generating Alerts

C1.d: Identifying Security Incidents

C1.e: Monitoring Tools & Skills

C2.a: System Abnormalities for Attack Detection

C2.b: Proactive Attack Discovery

D1.a: Response Plan

D1.b: Response & Recovery Capability

D1.c: Testing and Exercising

D2.a: Incident Root Cause Analysis

D2.b: Using Incidents to Drive Improvements

Sign up to UK Government Security