Cyber Assessment Framework (CAF) Review

The Environment Agency is appointing a NCSC-approved supplier to undertake an independent Cyber Assessment Framework (CAF) assessment. This engagement will establish a clear current state view of our cyber resilience and identify the security, governance, and operational gaps that must be addressed to achieve full alignment with CAF. Cyber threats continue to increase in both frequency and sophistication. In line with UK Government expectations and best practice, CAF provides the standard mechanism for assessing cyber resilience for organisations delivering essential functions. The primary objectives of this engagement are to: • Perform a comprehensive current state assessment against all relevant CAF objectives, principles, and outcomes. • Identify and clearly articulate gaps between the current state and the target CAF aligned state. • Provide a structured, prioritised set of recommendations and actions required to achieve full CAF alignment. • Support senior stakeholders by presenting findings in a clear, defensible, and audit ready format.e contract's subject matter