Cyber Assessment Framework (CAF) Review

Description

The Environment Agency is seeking to appoint a NCSC-approved supplier to undertake an independent Cyber Assessment Framework (CAF) assessment. This engagement will establish a clear current state view of our cyber resilience and identify the security, governance, and operational gaps that must be addressed to achieve full alignment with CAF. Cyber threats continue to increase in both frequency and sophistication. In line with UK Government expectations and best practice, CAF provides the standard mechanism for assessing cyber resilience for organisations delivering essential functions. This RFQ invites NCSC-approved suppliers with demonstrable CAF and GovAssure aligned experience to propose an approach for delivering a robust, evidence based assessment and a practical roadmap for improvement. The primary objectives of this engagement are to: • Perform a comprehensive current state assessment against all relevant CAF objectives, principles, and outcomes. • Identify and clearly articulate gaps between the current state and the target CAF aligned state. • Provide a structured, prioritised set of recommendations and actions required to achieve full CAF alignment. • Support senior stakeholders by presenting findings in a clear, defensible, and audit ready format.

CPV codes