cyberguard-icon CyberGuard

Cyber Assessment Framework

CAF made simple: a 4-stage support guide for local government

Helping you progress your Cyber Assessment Framework submission, whatever stage you are at.

Trustpilot
Enquire now

The Cyber Assessment Framework (CAF) provides a structured way for local authorities to understand, evidence, and improve their cyber resilience. Even though it is not mandatory, it is increasingly seen as a practical benchmark for demonstrating good governance and for prioritising investment. Different councils find themselves at different stages, and our role is to offer the right level of support, whether you are just beginning or looking to embed continuous assurance.

Stage 1: Starting the CAF journey

Some organisations are still at the starting line. CAF may feel complex, time‑consuming, or difficult to justify to senior leadership, particularly when roles and responsibilities are not yet defined. At this stage, the priority is establishing clarity, creating structure, and building confidence that the organisation is beginning in the right way.

How we support stage 1

  • Strategic planning to outline a realistic approach to CAF
  • Engagement sessions with senior leaders and boards to explain CAF in practical terms
  • Guidance on defining internal roles and responsibilities
  • Access to virtual C‑level expertise to provide direction and assurance

Let us help you on your CAF journey, whatever stage you’re at
caf-stage-2

Stage 2: Building understanding and capability

Many councils begin gathering information only to discover visibility gaps, uncertainty around tool alignment, or difficulty in deciding where to focus effort. The challenge often lies in using existing investments effectively and understanding how they map to CAF requirements.

How we support stage 2

  • Visibility assessments that establish a clear baseline for CAF evidence
  • Support integrating and configuring existing tools to improve efficiency
  • Review of end‑of‑life or ageing equipment with practical recommendations
  • Help articulating the operational and security benefits of proposed changes

Stage 3: Managing complexity and assurance

At this stage, councils have often completed a significant amount of groundwork, but the environment itself is too complex to present clearly. Multiple management platforms, overlapping tools, and complicated infrastructure can make assessment and evidence gathering challenging.

How we support stage 3

  • Consolidation of tools and functions into fewer, more manageable platforms
  • Reduction of management overhead by simplifying how systems are monitored
  • Support completing the self‑assessment and preparing evidence
  • Guidance on establishing a sustainable improvement cycle
caf-stage-3
caf-stage-4

Stage 4: Moving towards continuous assurance

Once the initial CAF work is complete, many authorities aim to maintain progress throughout the year rather than repeating a large assessment at set intervals. Continuous assurance relies on consistent reporting, clear visibility, and well‑structured evidence.

How we support stage 4

  • Regular automated reporting to maintain year‑round assurance
  • Mapping against relevant government guidance to keep evidence aligned
  • Future planning support to help maintain and increase cyber maturity
  • Optional SIEM integration where enhanced visibility is required

Let us help you on your CAF journey, whatever stage you’re at.

Talk to us