Skip to Content

NCSC Cyber Assessment Framework (CAF)
Foundation 


The NCSC Cyber Assessment Framework (CAF) is a UK government cyber resilience model based on four high level objectives and 14 underlying principles that help organisations gauge how well they manage cyber-risk, protect systems, detect threats and respond to incidents.

This foundation course teaches participants how to interpret those objectives and principles, map real-world policies and controls to the framework, carry out self or external assessments, and identify gaps in cyber resilience to inform improvement efforts.


Learn More

NCSC Cyber Assessment Framework (CAF) Training Course - LANDR Security

Course Overview


The UK’s National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) provides a structured, measurable and repeatable way for organisations to understand, strengthen and demonstrate their cyber resilience. 

It enables leadership teams to make informed decisions about risk, investment and operational continuity and supports the safe delivery of essential services in an environment where threats, technologies and regulatory expectations evolve rapidly.

While the CAF is a core requirement for organisations subject to the Network and Information Systems Regulations, those operating within Critical National Infrastructure (CNI) and public bodies that support key government functions, the framework is deliberately designed to be broadly applicable. Any organisation, regardless of size or sector, can adopt the CAF to benchmark existing controls, identify weaknesses and prioritise improvements that enhance resilience and reduce the likelihood and impact of cyber attacks. Its adaptability makes it valuable for private sector firms, charities, local authorities, managed service providers and organisations seeking a clear route to stronger governance and assurance.

The NCSC CAF helps organisations stay aligned with modern cyber security demands by offering a consistent method to assess how well they protect systems, detect malicious activity and respond effectively to incidents. 

The framework is structured around 4 high level objectives and 14 principles, each detailing specific outcomes that contribute to a robust security posture. These objectives encourage organisations to understand their operational dependencies, control access to critical systems, maintain secure and reliable services and manage incident response in a mature and accountable way.

The guidance supporting the CAF is extensive, actionable and aligned with recognised industry standards. Each principle is accompanied by Indicators of Good Practice (IGP), references to proven frameworks and clear descriptions of what “effective” looks like. This ensures organisations have a practical roadmap for improvement rather than a purely theoretical checklist, and it makes the CAF a powerful tool for embedding cyber resilience into day-to-day operations.

This 2 day, instructor-led Digital Trust Professional® NCSC CAF Foundation course provides a comprehensive introduction to the Cyber Assessment Framework. Participants gain a deep understanding of the CAF’s purpose, structure and principles, supported by real-world context and practical examples of how the framework is applied. 

The course covers both foundational theory and practical considerations such as scoping assessments, mapping evidence, interpreting outcomes and identifying gaps. By the end of the programme, delegates will be equipped with the knowledge needed to support the CAF adoption within their organisation, contribute to internal assessments and guide continuous improvement efforts with confidence.


Learning Outcomes


On completion of the Digital Trust Professional® (DTP®) NCSC CAF Foundation Certificate participants will be able to:

  • Understand the structure, purpose of intent of the NCSC CAF

  • Describe the objectives and principles contained within the NCSC CAF

  • Understand the importance of risk management within the NCSC CAF

  • Understand considerations for the adoption of the NCSC CAF

  • Explain similarities between the NCSC CAF and other commonly used business improvement, risk management and control frameworks

  • Understand how the NCSC CAF enables improved cyber resilience

  • Understand the NCSC Cyber Resilience Audit Scheme ecosystem and objectives


Prerequisites


There are no prerequisites for this Foundation level course. 
The course is suitable for professionals and employees of all experience levels.


Course Package


This is a 2 day instructor facilitated, online course. Participant numbers are capped

Participants are provided with:

  • DTP NCSC CAF Foundation Certificate of Completion.

  • DTP NCSC CAF Foundation courseware including links to further reading and resources.

  • DTP NCSC CAF Foundation Certificate digital badge.


£1,795 +VAT per person

Availability & Booking


LANDR Security. International Consultants.