CyFun® 2025 is here!

We’re excited to share that the new version of the CyberFundamentals Framework, CyFun® 2025, is now officially available. This updated version helps organisations improve their cybersecurity in today’s fast-changing digital world.

informative. Diagram of CyberFundamentals Framework 2025 showing four assurance levels: Small, Basic, Important, and Essential in concentric circles. Each level lists specific controls: Small (non-technical guidelines), Basic (34), Important (99), Essential (85). Right side displays attack counter percentages: Essential 100%, Important 94%, Basic 82%. Includes references to ISO 27001/27002, IEC 62443, CIS Controls, and CERT attack profiles from the Centre for Cybersecurity Belgium.

What’s new?

CyFun® 2025 was created to match international standards like the NIST Cybersecurity Framework 2.0 and national and European legislations and regulations, such as the European NIS2 Directive. It includes the latest knowledge and best practices in cybersecurity.

Earlier this year, over 80 experts and organisations helped review the first draft. Their feedback made the framework easier to understand and more practical to use.

Key improvements

  • More focus on protecting the supply chain (e.g. your suppliers and partners)
  • More focus on OT
  • Clearer rules and controls to make checking and auditing easier
  • Governance measures have been added starting from the Important Assurance Level, helping organisations improve oversight and align cybersecurity with business goals
  • Extra guidance to help with using and understanding the framework

Transition period

To make the switch easier, both CyFun® 2023 and CyFun® 2025 will be both available for a while. After that, only the new version will be accepted for self-assessments and third party conformity assessment.

The levels and key measures

Read more : CyFun® BASIC , the link will open in a new tab.
cover_of_the_basic_booklet

CyFun® BASIC

The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.

Download 

Read more : CyFun® IMPORTANT , the link will open in a new tab.
cover_of_the_important_booklet

CyFun® IMPORTANT

The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks.

Download 

Read more : CyFun® ESSENTIAL , the link will open in a new tab.
cover_of_the_essential_booklet

CyFun® ESSENTIAL

The assurance level Essential goes one step further and is designed to address the risk of advanced cyber-attacks by actors with extensive skills and resources.

Download 

Self-Assessment tool

Read more : Self-Assessment BASIC , the link will open in a new tab.
cover_of_the_basic_booklet

Self-Assessment BASIC

This CyFun® Self-Assessment tool is a MS Excel format tool that prepares entities with assurance level 'Basic' and includes spider diagrams to support management reporting.

Download 

Read more : Self-Assessment IMPORTANT , the link will open in a new tab.
cover_of_the_important_booklet

Self-Assessment IMPORTANT

This CyFun® Self-Assessment tool is a MS Excel format tool that prepares entities with assurance level 'Important' and includes spider diagrams to support management reporting.

Download 

Read more : Self-Assessment ESSENTIAL , the link will open in a new tab.
cover_of_the_essential_booklet

Self-Assessment ESSENTIAL

This CyFun® Self-Assessment tool is a MS Excel format tool that prepares entities with assurance level 'Essential' and includes spider diagrams to support management reporting.

Download 

How to use the self-assessment tool?

1. General

In support of the ‘CyberFundamentals Framework’ the Centre for Cybersecurity Belgium (CCB) has developed a tool in MS© Excel.

The self-assessment tool takes into account the requirements for assurance level 'Basic', assurance level 'Important' and assurance level 'Essential' of a specific version of the framework as well as the requirements identified in the Conformity Assessment Scheme (CAS). The versions of the CyberFundamentals framework and CAS with which the tool is aligned, are identified in the tool. For this reason, the tool shall not be modified as part of any verification or certification activity.
 

2. Tool layout

The self-assessment tool in MS© Excel includes several tabs, each with its own function. Besides introduction, maturity levels and references, there are the tabs with the controls for assurance level ‘Basic’, ‘Important’ and ‘Essential’ (‘details’ tab) and for each assurance level a summary (‘summary’ tab).

The controls are assessed through two angles:

Policy Maturity:The Policy Maturity evaluation measures how well your written rules and procedures satisfy the controls of the CyberFundamentals Framework.
Implementation Maturity:The Implementation Maturity evaluation assess how mature your actual operational practices are in relation to the CyberFundamentals Framework.

The table below shows the different maturity levels and the definitions used to assess maturity from both perspectives:

overview_of_the_maturity_levels

 


3. Calculation method

A sub-category may consist of several controls and each of those controls shall be assessed for documentation and implementation according to the maturity table above. A value from 1 to 5 has to be entered per control in the "details" tab of the applicable assurance level. The tool calculates an arithmetic average for documentation and implementation per sub-category (e.g. ID.AM-1) to then calculate another arithmetic average for documentation and implementation per category (e.g. ID.AM).

These calculated values are visible in the ‘details’ tab of the applicable assurance level.

4. Summary report

The ‘summary’ tab for the respective CyberFundamentals assurance levels contains:

  1. An overall maturity level (‘Total Maturity Level’) calculated as an arithmetic mean of the maturity levels of the categories.
  2. A summary of the different maturity levels for each category using the respective values of the arithmetic averages of what was calculated in the ‘details’ tab.
  3. A listing of the key measures to be met, the data for which is taken from the values entered in the ‘details’ tab.
  4. A radar chart (spider chart ) is also displayed based on the data from the summary of categories.

 

Determining conformity with the Conformity Assessment Scheme (CAS)

The overview includes the target scores as determined for the specific assurance levels as described in the CAS. It is against these target scores that the values of the self-assessment are assessed.

When the values colour red one is not conforming to the required maturity level, green shows conformance.

Other files

Read more : Transposition CyFun® 2023 and CyFun® 2025 , the link will open in a new tab.
mappingCyfun_other_frameworks

Transposition CyFun® 2023 and CyFun® 2025

The mapping provides an overview of the transposition from CyFun® 2023 to CyFun® 2025 in a MS Excel-format.

Download