Cyber Assessment Framework - V4.0

Written By Gordon B

On 6 August 2025, the UKs National Cyber Security Centre (NCSC) released V4.0 of its Cyber Assessment Framework (CAF). This followed the identification of a widening gap between the threats facing UK industry and the ability of our businesses to defend against them. 

If you’re responsible for cybersecurity in your organisation and are serious about understanding risk, providing governance, and possibly compliance with regulations (e.g. NIS), then we encourage you to make use of this new version.

In summary, the four key changes to this latest edition include the following:

1. Attacker Methods & Motivations

CAF 4.0 emphasises the importance of understanding who might target your organisation and why. By examining attacker methods, motivations, and likely behaviours, organisations can make more informed risk decisions and prioritise defences around the most credible and impactful threats.

2. Secure Software Development

The framework now highlights the need for stronger assurance that software used in essential services is secure throughout its lifecycle. This includes secure design principles, supply chain assurance, patching, and ongoing maintenance — all aimed at reducing risks from vulnerable or poorly maintained software.

3. Security Monitoring & Threat Hunting

CAF 4.0 updates existing guidance on monitoring to encourage more advanced detection and proactive threat hunting. Organisations are expected to move beyond basic logging, using intelligence-led monitoring and active hunts to identify stealthy or sophisticated attacks earlier, reducing dwell time and impact.

4. AI-Related Risks

Recognising the rapid adoption of artificial intelligence, CAF 4.0 introduces coverage of AI-related risks. Organisations should consider both how attackers might abuse AI technologies and how AI systems themselves could become targets, ensuring AI is deployed responsibly and with robust security controls in place.

At HUNT-IR we have real-world experience in overseeing compliance of the NIS Regulations using the Cyber Assessment Framework

We also specialise in delivering consultancy services aligned to the following Cyber Assessment Framework Principles and Indicators of Good Practice:

Principle C2 Threat Hunting

-          C2.a Threat Hunting

Principle D1 Response and Recovery Planning

-          D1.b Response and Recovery Capability

-          D1.c Testing and Exercising

Principle D2 Lessons Learned

-          D2.a Post Incident Analysis

-          D2.b Using Incidents to Drive Improvements

 

If your business would like to understand the Cyber Assessment Framework V4.0 in more detail, or is in need of specialist consultancy services to help meet some of these Indicators of Good Practice, we would love to hear from you via Prepare to Respond - Contact 

Useful links:

https://www.ncsc.gov.uk/collection/cyber-assessment-framework

https://www.ncsc.gov.uk/files/NCSC-Cyber-Assessment-Framework-4.0.pdf


Gordon B
Previous

Credential Monetisation in BEC Attacks
Next

Direct Send - the direct threat within your Exchange Online configuration