MHCLG launch Cyber Assessment Framework for Local Government
MHCLG launches cyber security standard for local government
Cyber attacks affecting the public sector are increasing. They can disrupt local government’s most important services, threaten the confidentiality of residents, and lead to significant financial costs. Working with councils, MHCLG’s Local Digital team has tailored the CAF which was originally developed by the National Cyber Security Centre. The CAF for local government will help councils to:
- assess the current cyber resilience of their organisation
- identify and mitigate vulnerabilities that could disrupt their important services
The initial stages of the CAF for local government are available now, so councils can get started while MHCLG’s Local Digital team continues to develop the CAF for local government based on feedback. The full service is expected to be available by spring 2025. Undertaking the CAF for local government is voluntary and can be completed alongside other cyber security standards.
‘To date, MHCLG's cyber support for councils has focused on remediating serious vulnerabilities to help improve the sector's resilience to malware and ransomware. With the evolving cyber threat, it is now time to turn our attention to how we support councils to strengthen their cyber resilience for years to come.
The CAF for local government helps organisations assess and improve their cyber security through a risk-based and holistic approach. This requires collaboration across the organisation, breaking down perceptions that cyber security is purely an IT issue. This is a step-change that's needed to protect important local government services in an ever-changing threat landscape. I would like to thank all the local authorities who have helped pilot the CAF for local government over the past couple of years and work with us to ensure that it will be a success.’ Ben Cheetham, Deputy Director of Digital at MHCLG.
Key steps of the CAF for local government include:
- identifying critical systems
- completing self-assessments
- an independent assurance review
- developing an improvement and implementation plan to address vulnerabilities
Further information and guidance on how to get started is available on the Local Digital website.
Cyber Security updates
Sign-up to get the latest updates and opportunities from our Cyber Security programme.