Initial focus on nationally critical sectors, NCSC says all entries will be welcome upon launch.
The UK’s National Cyber Security Centre (NCSC) has opened applications for its Cyber Resilience Audit (CRA) scheme.
Announced at the CyberUK conference in May, and confirmed as part of the King’s Speech, the scheme will allow providers to conduct independent Cyber Assessment Framework (CAF) based audits, and initially focus on supporting some nationally critical sectors.
Meeting Needs
“It is a bit of a departure from the norm for us because, for the first time, we have worked hand-in-hand with Cyber Oversight Bodies to set up a scheme which meets all our needs,” said NCSC’s Catherine H in a statement.
She explained that the CRA scheme’s focus is “squarely on the common requirements of all the Oversight Bodies and providing assurance that suppliers meet them” and once those suppliers are on the scheme, they are then eligible to put themselves forward to conduct audits in specific sectors – as long as they meet any additional requirements laid down by the Oversight Body.
“We will continue to work together to monitor and develop the scheme and use the outputs to better understand the resilience of the UK as a whole.”
The scheme standard and associated documentation are all available from our website.
All Welcome
Catherine explained that once enough companies have been accepted into the scheme - expected to be towards the autumn - the scheme will be opened ‘for business’.
Whilst it will initially focus on supporting some nationally critical sectors, the NCSC statement said it remains determined that companies of any size can apply to join any of our schemes.
“We particularly welcome companies located in or serving geographically remote or under-represented areas,” Catherine H said. “Similarly, if your company is working hard to address issues of under-representation in the cyber security workforce, we’d love to see your application.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
