NIS Regulations: Cyber Assessment Framework
The NCSC (National Cyber Security Centre) has published 14 high-level security principles with which all OES (operators of essential services) must implement, in the form of the CAF (Cyber Assessment Framework).
OES’ compliance with the NIS Regulations (Network and Information Systems Regulations) is monitored through audits conducted by designated competent authorities.
The CAF breaks each principle down into specific outcomes, which are then further broken down into IGPs (indicators of good practice). An auditor will use these IGPs to determine if the organisation has correctly applied the principle.
Achieve NIS Regulations compliance Contact us for a quote
Find out how to get started and what steps you should take with an NIS Regulations Gap Analysis.
NCSC’s 14 principles and the CAF
The CAF consists of the following compliance elements:
Objective A. Managing security risk
- A.1 Governance
- A.2 Risk management
- A.3 Asset management
- A.4 Supply chain
Objective B. Protecting against cyber attack
- B.1 Service protection policies and procedures
- B.2 Identity and access control
- B.3 Data security
- B.4 System security
- B.5 Resilient networks and systems
- B.6 Staff awareness and training
Objective C. Detecting cyber security events
- C.1 Security monitoring
- C.2 Anomaly detection
Objective D. Minimising the impact of cyber security incidents
- D.1 Response and recovery planning
- D.2 Improvements
NIS Regulations Gap Analysis
Start your NIS Regulations compliance programme now.
Contact us for a detailed NIS Regulations Gap Analysis and an outline of the steps you should take next.
Why choose IT Governance?
- All our consultants are all qualified ISO 27001 and cyber security specialists. We are also a CCSC (certified cyber security consultancy) for the NCSC’s audit and review service.
- We are pioneers in the implementation of ISO 27001-conformant ISMSs and have helped more than 600 clients with implementation and certification projects.
- Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Regulations compliance and manage the project from start to finish.
- We have managed hundreds of projects across all industries, including healthcare, energy, transport, water, defence and aerospace.
- We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy.
- We deliver practical advice and work according to your budget and organisational needs.
- Our team of experts can attend your site to support your organisation during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits.
Speak to an expert
For more information on the cyber assessment framework, or an obligation-free quote, please contact our NIS Regulations team today.