CAF For Local Government

Supporting Local Government to Implement CAF

Local government is dealing with thousands of cyber attacks every day. There have been some significant successful attacks against local authorities in recent years. These impacted the ability of the authorities concerned to delivery their services, and recovery has lasted months, sometimes years, with costs running to millions of pounds.

The need for local government to build its cyber resilience – the ability of an organisation to prepare for, respond to, and recover from, cyber attacks and security breaches – has never been more important.

Change is coming

As a consequence of the Government Cyber Security Strategy 2022-2030, the Ministry of Housing, Communities and Local Government (MHCLG) has been charged with adapting the Cyber Assessment Framework (CAF) to be appropriate for local government.

CAF was developed by the UK’s National Cyber Security Centre (NCSC) to provide a systematic and comprehensive approach to assessing the extent of an organisations ability to maintain cyber resilience.

MHCLG announced that The Cyber Assessment Framework (CAF) for local government will be rolled out later in 2024 with the intent is to promote good cyber security practices and cultures in councils and support them to build their cyber resilience.

What Does This Mean For Local Government

It is anticipated that councils will undertake the CAF themselves. They will use their knowledge of their council and level of risk to decide what to prioritise for assessment.

However, to be in a position to complete the CAF for local governments, each council will first need to conduct a piece of discovery work.

How Can Sapphire Help

Understanding and aligning to a requirement such as CAF can seem daunting. But no matter what your starting point, Sapphire can support you through this journey, help you to identify what needs addressing and how to prioritise and implement your investment and project funding.

CAF Gap Analysis
Before you can get somewhere, you must first know where you are. While the CAF for local Government is piloted ahead of its roll out in 2024, and even though the scope is being reduced from the original CAF, doing work to get ahead of the curve and understanding where you are now will provide solid foundations to build on.

A CAF gap analysis will provide a thorough assessment of your organisation’s current cyber security posture against the core principles of CAF.

  • Managing Security Risk
  • Defending systems against cyber attack
  • Detecting cyber security events
  • Minimising the impact of cyber security incidents

This analysis will identify areas where existing controls meet the CAF standards and highlights gaps that need to be addressed. By systematically evaluating these gaps, you can prioritise your cyber security efforts, ensuring a focused and efficient approach to achieving alignment with the CAF.

CAF Compliance Report
On completion of the Gap Analysis, you will be provided with a CAF Compliance Report, which will detail the core findings of the analysis presented at both an executive-level and a technical-level, as well as providing a roadmap to achieving full compliance with the CAF

CAF-Relevant Sapphire Services
If the Compliance Report identifies areas that need improvement, Sapphire offers a range of relevant services to meet your needs, assist your security transformation and increase operational resilience through a focussed security improvement program

A man in a blue suit and a woman in a white blouse are standing in an office. The man, holding a tablet, is pointing at the woman's open laptop displaying Microsoft XDR software, both appearing focused and engaged in a cybersecurity discussion. The background features glass walls and a modern office interior.