What is CyberFundamentals ?

The CyberFundamentals Framework offers a clear, step-by-step approach that helps organisations to protect their data, significantly reduce their risk of the most common cyber-attacks, and their cyber resilience. 

The requirements and guidance are complemented with the relevant insights included in the NIST/CSF framework, ISO 27001/ISO 27002, IEC 62443 and the CIS Critical Security Controls (ETSI TR 103 305-1). 

Built around three maturity levels – Basic, Important, and Essential – CyFun® guides you in growing your digital resilience. Whether you're a small business or a large enterprise, CyFun® provides an accessible roadmap to a safer digital future. 

The CyberFundamentals Framework is originally a Belgian framework, developed by the Centre for Cybersecurity Belgium (CCB). At the moment the framework has been formally adopted by Romania and Ireland. 

Infographic of the “CyberFundamentals Framework 2025.” On the left, four nested circles represent the security levels: SMALL (non-technical guidelines), BASIC (34 controls), IMPORTANT (99 controls), and ESSENTIAL (85 controls). On the right, a cloud graphic displays references to NIST CSF 2.0, CIS Controls, ISO 27001/27002, and IEC 62443. Below the cloud, a blue box shows reported attack-countering effectiveness: ESSENTIAL 100%, IMPORTANT 94%, BASIC 82%. At the bottom, logos of the Centre for Cybersecurity

National implementation

Please note: Implementation of the CyberFundamentals Framework may vary slightly from country to country, depending on national policies and context. For detailed information on how the framework is applied in your country, please refer to the national About page.