The CyberFundamentals Framework

The CyberFundamentals Framework provides a set of concrete measures designed to:

  • Protect data
  • Significantly reduce the risk of the most common cyber-attacks
  • Increase an organisation’s cyber resilience

The framework is aligned with internationally recognised standards and best practices, incorporating insights from NIST Cybersecurity Framework (CSF), ISO/IEC 27001 and 27002, IEC 62443, and the CIS Critical Security Controls (ETSI TR 103 305).

At its core, the framework is structured around five key cybersecurity functions: Identify, Protect, Detect, Respond, and Recover. These functions allow, regardless of the organisation and industry, to promote communication around cybersecurity among both technical practitioners and stakeholders so that cyber-related risks can be incorporated into the overall risk management strategy of the organisation.

Three-Step Implementation Process

1

Risk Assessment

Organisations begin by assessing their exposure to cyber threats. Based on this assessment, one of three assurance levels is assigned: Basic, Important, or Essential. Want to determine the appropriate assurance level for your organisation? 

Perform your risk assesment

2

Self-Assessment

This tool helps organisations to evaluate their current cybersecurity measures against the CyberFundamentals framework and guides them in implementing the necessary actions to achieve compliance.

Complete your self-assessment

3

Conformity Assessment (optional)

This final step involves external validation of the self-assessment. While optional, it may be required by national legislation or sector- specific regulations, or voluntarily adopted by organisations.

Verify your self-assessment

Guidance for micro-organisations

New to this process or have little technical experience?

Read more : Begin with the starting level Small.

Begin with the starting level Small.

This level is designed for micro-organisations and requires minimal technical knowledge.