Government crest UK Ministry of Housing, Communities and Local Government (MHCLG)

Go to Local Digital homepageALPHA

Laying the foundations for better local public services

Cyber Assessment Framework (CAF) for local government

Cyber attacks can disrupt your essential services, damage public trust and cause significant financial losses. With cyber incidents affecting the public sector rising, it is important your council takes appropriate measures to protect your most important services.

The Cyber Assessment Framework (CAF) for local government is a tool that can help your council to assess and improve its cyber resilience.

Visit the CAF for local government

Why we’ve introduced the CAF for local government

The MHCLG Local Digital team has launched the CAF for local government to set a clear cyber security standard for the sector.

In line with the Government Cyber Security Strategy (2022-2030), we have adapted the National Cyber Security Centre’s CAF into a tool that addresses the risks faced by local government.

Completing the CAF for local government can support you to:

  • identify cyber risks that could disrupt your most important services
  • improve your resilience to potential cyber attacks
  • spend your time and money more efficiently
  • embed a culture of cyber security across your organisation

The CAF for local government will also inform MHCLG’s understanding of the sector’s cyber security risks and issues, so we can consider how to further support the sector in addressing these risks.

What the CAF for local government involves

The CAF for local government involves:

  • identifying the essential services and critical systems your organisation relies on
  • completing a self-assessment of both your organisation and your critical systems
  • an independent assurance review, to get an external view of your cyber resilience
  • developing a plan to address your organisation’s vulnerabilities

The CAF for local government takes a whole-organisation approach to cyber security. It encourages engagement across various council functions, including risk management, business continuity, and key services.

The CAF for local government is voluntary and does not replace existing cyber security standards such as PSN. Find out how the CAF for local government relates to other cyber standards.

How to get started

On the new UK Government Security website, you can find guidance on preparing to start the CAF for local government, setting the scope of your assessment, self-assessing your organisation, and the independent assurance review.

Find out how to get started

CAF for local government case studies

Learn about the experiences of councils who have already completed parts of the CAF for local government.

Video case study

Norfolk County Council

Norfolk County Council explain how the CAF for local government is helping to improve their cyber resilience.

Watch video case study
Audio testimonial

Maldon District Council

Maldon District Council share their experience of participating in the latest pilot of the CAF for local government.

Read blog post
Blog post

Hart District Council

Hart District Council are already seeing the benefits of taking part in the first CAF for local government pilot, including better awareness of cyber security across the organisation.

Read blog post

Sign up to receive updates about the CAF for local government

For the latest guidance and information on the CAF for local government, sign up to our CAF newsletter.