Question to the Cabinet Office:

To ask His Majesty's Government what assessment they have made of the progress in the adoption of the Cyber Assessment Framework across all government bodies.

The Government Cyber Security Strategy, published in January 2022, sets out how we will build and maintain our cyber defences; by building greater cyber resilience across all government organisations, and working together to ‘defend as one’ - exerting a defensive force greater than the sum of our parts.

The strategy sets a clear target for government’s most critical functions to be appropriately resilient by 2025, with all government organisations being resilient to known vulnerabilities and common attack methods by 2030.

The strategy will see us roll out GovAssure in April as the foundation of a new, more robust independent assurance regime for the whole of government. With its foundations in the National Cyber Security Centre’s Cyber Assessment Framework, it will help us to understand our risk at scale and put us on the pathway to reducing it, as well as aligning Government with the best practice in management of wider UK Critical National Infrastructure sectors. Results of these reviews will not be published publicly for reasons of security. The progress on adopting the Cyber Assessment Framework across HMG is that pilots have been conducted with 3 government departments, and the wider scheme will launch in April.