• Security

How the updated NCSC CAF 3.2 and the new IGP can help you improve your cyber security posture

By Gareth Jones29 April 20242 min read

The National Cyber Security Centre (NCSC) has recently released the updated version of its Cyber Assessment Framework (CAF) 3.2, which provides a comprehensive and consistent way of assessing the cyber security of organisations. The CAF 3.2 is now closer aligned with the 14 principles of the Cyber Essentials Scheme, the government-backed certification scheme for cyber security.

The CAF 3.2 have made significant changes to sections of the CAF covering remote access, privileged operations, user access levels and multi-factor authentication (all of which are covered in Principles B2a and B2c).

The CAF collection is aimed at helping an organisation achieve and demonstrate an appropriate level of cyber resilience about certain specified essential functions performed by that organisation.

By completing the CAF indicators of Good Practice (IGP), organisations can gain a better understanding of their information governance maturity and identify any gaps or areas for improvement. The IGP can also help organisations demonstrate their compliance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as well as other relevant standards and frameworks, such as ISO 27001 and NIST SP 800-53.

At Methods, we are committed to helping our clients improve their cyber security posture and achieve their cyber security goals. We have extensive experience in conducting CAF assessments and providing tailored recommendations and guidance on how to implement the CAF principles and the IGP questions. We can also help you prepare for the Cyber Essentials certification and provide ongoing support and advice on maintaining and enhancing your cyber security practices.

If you are interested in learning more about how we can help you with the CAF 3.2 and the IGP, please get in touch with us at cyber@methods.co.uk or visit our website.