Skip to content
Salus Cyber


NCSC Cyber Assessment Framework

Become compliant with NCSC's Cyber Assessment Framework.

Navigate the complexities of NCSC CAF effortlessly with the guidance and support of a world-class cybersecurity provider.

The NCSC CAF is a versatile framework used by organisations in the UK Critical National Infrastructure (CNI) and beyond. Salus Cyber has extensive experience with the CAF, providing assessments, remediation plans, and managed services aligned with the framework. Our expertise covers diverse environments, including on-premise, cloud, and Operational Technology (OT). By leveraging the four core principles within CAF, organisations can achieve compliance, enhance cyber posture, and demonstrate effective security risk management.


  • Governance: Establishing effective policies and processes to prioritise and govern cybersecurity at all levels of the organisation.


  • Risk management: Identifying, assessing, and understanding security risks to allocate resources and implement targeted controls for mitigatio


  • Asset management: Understanding and prioritising critical systems, applications, data, and services essential for delivering organisational functions.


  • Supply chain: Managing and assessing security risks introduced through external suppliers to prevent vulnerabilities compromising the organisation’s security.
First Line Dark


Implementing the CAF helps organisations enhance their cyber resilience by providing a comprehensive approach to identify, assess, and mitigate security risks. Our services offer expertise in CAF implementation, assisting organisations in achieving and maintaining an appropriate level of cyber resilience.


The CAF emphasises managing security risks introduced through external suppliers. Our services offer expertise in assessing and enhancing supply chain security, enabling organisations to mitigate vulnerabilities and ensure the overall resilience of their supply chain.


Implementing the CAF framework can be complex, requiring organisations to navigate through various components and processes. Our services provide expertise in CAF implementation, guiding organisations through the framework’s requirements and facilitating a smooth implementation process.


Organisations may face challenges in dedicating sufficient resources, including time, expertise, and personnel, to effectively implement the CAF. Our services offer the necessary resources, including experienced consultants and tailored solutions, to support organisations in implementing the CAF efficiently and effectively.

How we work

Customer Journey

  1. Identify

    First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.

  2. Understand

    We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.

  3. Test

    We deliver what we promised.

  4. Inform

    Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.

  5. Remediate

    We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.

  6. Feedback

    Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Request a call back