The Cyber Assessment Framework (CAF) was developed by the National Cyber Security Centre (NCSC) to assist UK organisations in managing their cyber security risks and improving their cyber resilience.
A key component of CAF is the requirement for organisations to enforce Multi-Factor Authentication (MFA) and security of privileged accounts, in addition to requiring the implementation of best practices for monitoring, detecting, and responding to cyber threats, which include a significant aspect of identity security.