* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://origin-researchcenter.paloaltonetworks.com/blog/category/announcement/)
* Palo Alto Networks Alignm...

# Palo Alto Networks Alignment to the UK NCSC Cyber Assessment Framework

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fncsc-cyber-assessment-framework%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Alignment+to+the+UK+NCSC+Cyber+Assessment+Framework&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fncsc-cyber-assessment-framework%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fncsc-cyber-assessment-framework%2F&title=Palo+Alto+Networks+Alignment+to+the+UK+NCSC+Cyber+Assessment+Framework&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2022/05/ncsc-cyber-assessment-framework/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Alignment to the UK NCSC Cyber Assessment Framework)  
Link copied  
By [Viv Danks](https://www.paloaltonetworks.com/blog/author/viv-danks/?ts=markdown "Posts by Viv Danks")  
May 06, 2022  
4 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown)  
[NCSC](https://www.paloaltonetworks.com/blog/tag/ncsc/?ts=markdown)  
[SLED](https://www.paloaltonetworks.com/blog/tag/sled/?ts=markdown)  
[UK](https://www.paloaltonetworks.com/blog/tag/uk/?ts=markdown)

In the increasingly interconnected world, improving the security and resilience of critical national infrastructure is essential for protecting the UK's national security and economic prosperity. There is clear recognition that the disruption or failure of critical services can have a significant impact at a national and regional level, causing significant consequences for businesses, governments and the citizens that rely on those services. As the Government highlighted in the [cyber resilience consultation,](https://www.gov.uk/government/consultations/proposal-for-legislation-to-improve-the-uks-cyber-resilience/proposal-for-legislation-to-improve-the-uks-cyber-resilience) launched in January 2022, recent "high-profile cyber attacks, such as the December 2020 SolarWinds supply chain compromise, \[and\] the May 2021 ransomware attack on the US Colonial Pipeline... demonstrate how malicious actors are able to compromise a country's national security and disrupt activities in the wider economy and society."

In response to the rising threats to critical infrastructure entities, the UK National Cyber Security Centre (NCSC) developed the [Cyber Assessment Framework (CAF)](https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework) -- guidance aimed at organisations responsible for vitally important services and activities that can be applied by businesses of any size within any industry. Currently, its application is required in certain sectors of the UK economy, covered under the Network and Information Systems (NIS) regulation of 2018. With the publication of the Government Cyber Security Strategy in January 2022, the UK Government has shown it intends to place greater emphasis on the CAF as a mechanism for critical entities to assess their cyber maturity.

The CAF defines four top-level objectives consisting of 14 principles with guidance on how to apply them. The principles are designed to help organisations make their digital services cyber resilient and demonstrate the level of resilience achieved. Critically, the principles are outcome-focused and describe good cybersecurity practices. Ultimately, the CAF describes the steps organisations need to take to prevent/minimise the impact of incidents through the deployment of appropriate and proportionate technical and organisational measures.

Palo Alto Networks believe the CAF provides a comprehensive framework by which organisations can move to a proactive and effective preventative posture. To support this journey, Palo Alto Networks have identified some key enablers that will assist with this transition and provide an achievable operational delivery:

**Have Complete Visibility of Your Assets and Associated Risks ---** Focus on workflows, devices, locations and services. The capabilities of Palo Alto Networks can help organisations visualise their network, cloud and endpoint dataflows spanning all protected ingress and egress points, while accurately identifying thousands of different applications and services across all of the digital estate.

**Reduce the Attack Surface ---** Define policies to mitigate the identified residual risks. Palo Alto Networks products and services can support this reduction of the attack surface across the complete digital estate, irrespective of location.

\*\*Prevent Known and Unknown Exploits ---\*\*Inspect all remaining dataflows. Palo Alto Networks detection engines use classical signature-based patterns, behavioral analytics, machine learning and artificial intelligence techniques to help ensure that all aspects of your environment have the optimum automated prevention delivered in-depth at all critical points within your digital estate, not just at the network level.

\*\*Leverage Threat Intelligence and Visualisation ---\*\*Ensure no accidental or unplanned changes have been made resulting in exposing weaknesses. Palo Alto Networks products and consulting services include dedicated specialist resources that can provide impact reports to assist with this continual analysis.

\*\*Undertake Vulnerability Management ---\*\*Assist in the identification of operational and development vulnerabilities. Palo Alto Networks technologies will support real-time auditing and vulnerability analysis across the complete DevSecOps cycle. These technologies are suitable from dynamic container-based environments to more traditional server deployments.

**Configuration, Management and Operations, Training and Exercises** **Need to Be Maintained ---** Support continual service management and improvement. Palo Alto Networks training and education programme has a range of consulting and professional services that can assist an organisation at all levels and stages of its journey.

Palo Alto Networks firmly believe that through partnerships and leveraging automated prevention, AI and machine learning, it is possible to implement the right capabilities and processes to protect against the cyber adversaries aiming to exploit the UK's critical national infrastructure and operators of essential services.

Details of these enablers and how Palo Alto Networks can partner with your organisation can be found in our white paper. Read [*The UK National Cyber Security Centre Cyber Assessment Framework: An Approach to Successful Implementation.*](https://start.paloaltonetworks.com/rs/531-OCS-018/images/UK_National_Cyber_Security_Centre_Cyber_Assessment_Framework_4May2022.pdf)

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Palo Alto Networks Conformance to the NCSC Cloud Security Principles](https://origin-researchcenter.paloaltonetworks.com/blog/2023/01/conformance-to-the-ncsc-cloud-security-principles/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### New Grant Program Is a Game-Changer for State and Local Governments](https://origin-researchcenter.paloaltonetworks.com/blog/2022/09/new-cybersecurity-grant-program-is-a-game-changer/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Enhancing the Security of Software Development Environments](https://origin-researchcenter.paloaltonetworks.com/blog/2022/04/software-development-standards/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown)

[#### Empowering the RAF Association with Next-Generation Cyber Resilience](https://origin-researchcenter.paloaltonetworks.com/blog/2026/02/raf-association-next-generation-cyber-resilience/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust](https://origin-researchcenter.paloaltonetworks.com/blog/2026/01/public-sector-cyber-outlook/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Tipping the Scales for DoD Cybersecurity with Prisma Access IL5](https://origin-researchcenter.paloaltonetworks.com/blog/2024/05/dod-cybersecurity-with-prisma-access-il5-2/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language