DLUHC releases report on the Cyber Assessment Framework for Local Government pilot
On 15 March 2023 the Local Digital team in DLUHC published its “Cyber Assessment Framework for Local Government” report detailing insights from a pilot programme conducted with 10 local authorities to explore how the NCSC’s Cyber Assessment Framework (CAF) could be used to identify and manage cyber risks across the sector.
This was the first step in understanding how a cyber security baseline for local government might work, as part of DLUHC’s work to support councils in England to assess and improve their cyber posture.
Key findings include:
- It’s demonstrated that councils benefit from using the Cyber Assessment Framework, as it helps identify new cybersecurity improvements, providing guidance on priority areas and supporting internal communication.
- The value for councils can increase through certain services such as third-party audits and government compliance alignment.
- It’s shown that there needs to be more progress in defining how councils should apply the assessment within their organisation.
- The draft profile is challenging but proportionate with the risk faced by councils. Participants found some areas particularly challenging to meet the profile such as: risk management, supply chain, information security and data governance, lack of skills and resources.
- There needs to be a focus on increasing the confidence in assessments, ensuring councils are taking the right steps, providing evidence about their cybersecurity maturity.
- A few things that went well during the pilot were: the fact that it was a good way to gain in-depth insights, gather positive feedback from participants, engage with the sector.
- A few things could be improved: testing the framework content in sections rather than the entire content at once, speaking to more people outside IT teams, investing more time to ensure good representation across all parties.
In the report, read about details what they have learned from the pilot, plans for the next phase of work, and how to request a copy of the CAF for Local Government.
Read here the CAF for Local Government report
techUK members will have an opportunity to hear more about the cyber assessment framework during the 30 March webinar with the Local Digital team. Rachel Downs, senior lead on cyber security, will join us.
It is an opportunity for tech suppliers active or looking to break into the local government market to better understand who the Local Digital team is, the key workstreams and priorities. Attend to gain visibility of what’s coming next and meet the Local Digital team.
Georgina Maratheftis
Georgina is techUK’s Associate Director for Local Public Services
Ileana Lupsa
Ileana Lupsa is the Programme Manager for Local Public Services and Nations and Regions, at techUK.