If you attended CYBERUK in May, you might have caught Felicity Oswald, the CEO of the NCSC, discussing the Cyber Resilience Audit (CRA) scheme. We’re excited to announce that after extensive collaboration with various Cyber Oversight Bodies, including regulators and Lead Government Departments, we are now ready to accept applications from potential members.
The new NCSC scheme is designed to assure providers who can conduct independent audits based on the Cyber Assessment Framework (CAF). Initially, the focus will be on supporting some of the UK’s nationally critical sectors. This initiative marks a significant shift for us, as it is the first time we’ve partnered closely with Cyber Oversight Bodies to create a scheme that meets all our needs.
The CRA scheme is centered on meeting the shared requirements of all Oversight Bodies, ensuring that suppliers can deliver on them. Once a supplier is part of the scheme, they become eligible to offer their services for audits in specific sectors, provided they also meet any additional sector-specific requirements set by the Oversight Body.
We will continue to collaborate to monitor and refine the scheme, using the insights gained to enhance the overall resilience of the UK.
All the standards and related documentation for the scheme are available on our website. Once we have onboarded a sufficient number of companies, we will announce that the scheme is officially open for business and share information for prospective buyers. We anticipate this will happen by autumn.
We encourage companies of all sizes to apply to join any of our schemes. We are particularly keen to hear from companies based in, or serving, geographically remote or under-represented areas. Additionally, if your company is making strides in addressing under-representation in the cybersecurity workforce, we strongly encourage you to apply.
We are committed to eliminating unnecessary barriers to entry across all our schemes. If you encounter something that you believe unfairly prevents you from applying, please let us know.