LOADING…
E2E RiskPLATFORM
Platform  /  CAF Assessment  ·  Module
NCSC CAF · GovAssure

NCSC CAF & GovAssure,done properly.

A module-native Cyber Assessment Framework — IGP rows, contributing-outcome judgements and evidence inheritance, assembled into a GovAssure-ready evidence pack.

See the platform
14 principles4 objectivesStage 1–4 GovAssure
Why it's different

Built for the framework you're audited against.

Not a content pack bolted onto a US GRC tool — CAF v4 is first-class, with the IGP-level depth assessors actually expect.

CAF v4 native

All four objectives, 14 principles, IGP rows and contributing-outcome judgements built in.

CO judgements

Achieved / Partially / Not-achieved per contributing outcome, each with rationale and evidence.

Evidence inheritance

Reuse evidence across principles and assessments — capture once, satisfy many.

GovAssure pack

Stage 1–4 evidence assembly with a CO-by-CO accept / concern / reject workflow.

Improvement tracking

Gaps become tracked actions with owners and dates — closure with an audit trail.

Profile-aware scoping

Baseline or Enhanced profile applied per system, scoping the assessment automatically.

See it work

Your CAF profile, at a glance.

 caf-assessment · GovAssure profileLive
A · Managing risk
A1 Governance
A2 Risk management
A3 Asset management
A4 Supply chain
B · Protecting
B1 Policies
B2 Identity & access
B3 Data security
B4 System security
C · Detecting
C1 Security monitoring
C2 Threat awareness
D · Minimising impact
D1 Response planning
D2 Lessons learned
AchievedPartially achievedNot yet achieved
Native to your frameworks

Map once. Report against everything.

NCSC CAF v4GovAssureNIS RegulationsNIS2ISO 27001:2022NIST CSF 2.0
CAF Assessment

Walk into GovAssure ready.

Assemble a defensible CAF evidence pack continuously — not in a three-week scramble before the deadline.

See Supplier Assurance