The UK’s National Cyber Security Centre (NCSC) has announced the launch of the Cyber Resilience Audit (CRA) scheme for assured Cyber Assessment Framework (CAF) audits. In August, the organization announced it was ready to accept applications from companies seeking to become NCSC-assured Cyber Resilience Audit (CRA) service providers. This significant development came after months of dedicated collaboration and effort from colleagues across the NCSC, as well as various government and cyber oversight bodies.
What is the National Cyber Security Center (NCSC)?
Founded in October 2016, the NCSC is headquartered in London and integrates expertise from several key organizations, including CESG (the information assurance division of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure, which transitioned to the National Protective Security Authority (NPSA) in March 2023.
In a blog post on NCSC’s official website, Catherine H, Head of Assured Professional Services Schemes, Industry Assurance, NCSC wrote, “At this stage, the following oversight bodies are early adopters of the Cyber Resilience Audit scheme, with others expected to follow:
- Department of Finance Northern Ireland
- Department of Health and Social Care (DHSC) and NHS England (NHSE)
If you are an organisation in sectors overseen by these bodies, they will let you know directly what their expectations are regarding auditing your CAF returns, and whether they are making specific arrangements to enable you to buy from assured providers.
This is just the beginning – we expect more oversight bodies to develop their independent CAF audit programs and will announce those in due course. We will also work with oversight bodies to monitor and develop the scheme and use the outputs to better understand the resilience of the UK as a whole.”
Organizations can now purchase CRA services from an initial, but expanding, list of NCSC-assured providers qualified to conduct independent Cyber Assessment Framework or CAF audits.
Most companies will also be listed on the Crown Commercial Services CSS3 framework.
Having met the minimum requirements for scheme membership, these providers are now eligible to offer their auditing services in specific sectors, as long as they comply with any additional criteria set by the relevant oversight bodies.
Cyber Technology Insights: NVIDIA Powers World’s Largest AI Supercomputer with xAI
Organizations operating in sectors overseen by these bodies will receive direct communication regarding the expectations for auditing their CAF returns and whether specific arrangements are being made to facilitate purchases from assured providers.
This marks just the beginning of the initiative; more oversight bodies are anticipated to establish their independent CAF audit programs, with announcements to follow. The organization will collaborate with these oversight bodies to monitor and enhance the scheme, utilizing the insights gained to better assess the overall resilience of the UK.
Cyber Technology Insights: Acronis Reports 57 Percent Revenue Growth in Australia
Source – NCSC
To share your insights, please write to us at news@intentamplify.com
