LOADING…
E2E RiskPLATFORM
Platform  /  CAF Assessment  ·  Module
NCSC CAF · GovAssure

NCSC CAF & GovAssure,done properly.

A module-native Cyber Assessment Framework - IGP rows, contributing-outcome judgements and evidence inheritance, assembled into a GovAssure-ready evidence pack.

14 principles4 objectivesStage 1-4 GovAssure
Why it's different

Built for the framework you're audited against.

Not a content pack bolted onto a US GRC tool - CAF v3.2 is first-class, with the IGP-level depth assessors actually expect.

CAF v3.2 native

All four objectives, 14 principles, IGP rows and contributing-outcome judgements built in.

CO judgements

Achieved / Partially / Not-achieved per contributing outcome, each with rationale and evidence.

Evidence inheritance

Reuse evidence across principles and assessments - capture once, satisfy many.

GovAssure pack

Stage 1-4 evidence assembly with a CO-by-CO accept / concern / reject workflow.

Improvement tracking

Gaps become tracked actions with owners and dates - closure with an audit trail.

Profile-aware scoping

Baseline or Enhanced profile applied per system, scoping the assessment automatically.

See it work

Your CAF profile, at a glance.

 caf-assessment · GovAssure profileLive
A · Managing risk
A1 Governance
A2 Risk management
A3 Asset management
A4 Supply chain
B · Protecting
B1 Policies
B2 Identity & access
B3 Data security
B4 System security
C · Detecting
C1 Security monitoring
C2 Threat awareness
D · Minimising impact
D1 Response planning
D2 Lessons learned
AchievedPartially achievedNot yet achieved
The problem

CAF in a spreadsheet doesn't survive contact with GovAssure.

Without E2E Risk
Each principle tracked by hand, row by row in Excel
Evidence scattered across SharePoint, email and screenshots
IGPs interpreted differently by every assessor
The GovAssure submission rebuilt from scratch each cycle
No line of sight from a gap to who is fixing it
With E2E Risk
All 4 objectives, 14 principles and 39 contributing outcomes, native
Evidence captured once and inherited across every outcome
IGP-level guidance built in, so judgements stay consistent
A GovAssure Stage 1-4 evidence pack assembled automatically
Every gap becomes a tracked action with an owner and a date
How it works

From scoping to a GovAssure-ready pack.

01
Scope
Baseline or Enhanced profile
Systems in scope set
02
Self-assess
IGP rows per outcome
Achieved / Partial / Not
03
Evidence
Attach once
Inherit across outcomes
04
CO judgement
Rationale per outcome
Reviewer sign-off
05
Improve
Gaps → tracked actions
Owners & dates
06
GovAssure
Stage 1-4 pack
Assessor workflow
Why it's better

Built for the framework you’re actually audited against.

CapabilityE2E RiskSpreadsheet trackerGeneric US GRC tool
NCSC CAF v3.2 contentNative - all 14 principlesManually transcribedUS control set, mapped loosely
IGP-level depthIndicators of Good Practice built inFree-text cellsGeneric maturity levels
Contributing-outcome judgementsAchieved / Partial / Not, with rationaleColour-coded cellsPass/fail scoring
Evidence inheritanceCapture once, satisfy many outcomesRe-attached every timePer-control upload
GovAssure packStage 1-4 assembled for youHand-built each roundExport to PDF only
Profile-aware scopingBaseline / Enhanced per systemNot supportedNot CAF-aware
Framework depth

Assess one outcome, satisfy many frameworks.

CAF B2.a
Identity and access control - only authorised users and devices can access networks and systems.
This contributing outcome maps to
NCSC CAF B2.aIdentity & access management
ISO 27001:2022A.5.15, A.5.16, A.8.2 - access control
Cyber EssentialsUser access control
NIST CSF 2.0PR.AA - identity, authentication & access
Outcomes

The whole framework, on one screen.

4
CAF objectives
14
principles
39
contributing outcomes
Stage 1-4
GovAssure ready
What you get

Deliverables your lead government department expects.

CAF profile report

Objective-by-objective status with rationale and evidence per contributing outcome.

GovAssure evidence pack

Stage 1-4 assembly with an accept / concern / reject workflow for assessors.

Improvement plan

Every gap as a tracked action with an owner, a due date and a closure trail.

Native to your frameworks

Map once. Report against everything.

NCSC CAF v3.2GovAssureNIS RegulationsNIS2ISO 27001:2022NIST CSF 2.0
CAF Assessment

Walk into GovAssure ready.

Assemble a defensible CAF evidence pack continuously - not in a three-week scramble before the deadline.

See Supplier Assurance