Overview
- CAF 4.0 introduces four major enhancements: attacker tactics intelligence, secure software development guidelines, improved continuous monitoring and threat hunting, and expanded AI risk coverage
- The update addresses a surge in cyber attacks against energy, healthcare, transport, digital infrastructure and government services since the last framework revision
- Development involved extensive consultation with oversight bodies and regulators to ensure practical applicability across all critical sectors
- The framework is now live and integrated into nearly every UK cyber regulatory regime as well as the GovAssure assurance scheme
- Work is already under way on version 5.0 to align with the forthcoming Cyber Security and Resilience Bill, which may mandate incident reporting and ban ransomware payments