CyberFundamentals Framework
The CyberFundamentals Framework is a set of concrete measures to:
- Protect data
- Significantly reduce the risk of the most common cyber-attacks
- Increase an organisation's cyber resilience
The CyberFundamentals Framework is a set of concrete measures to:
To respond to the severity of the threat an organisation is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.
The starting level Small allows an organisation to make an initial assessment. It is intended for micro-organisations or organisations with limited technical knowledge.
The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.
The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks.
The assurance level Essential goes one step further and is designed to address the risk of advanced cyber-attacks by actors with extensive skills and resources.
The CyberFundamentals Framework is a set of concrete measures to:
The framework is based on and linked with 4 commonly used cybersecurity frameworks: NIST CSF, ISO 27001 / ISO 27002, CIS Controls and IEC 62443.
It uses the functions of any cybersecurity framework.
The levels and key measures
To respond to the severity of the threat an organization is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.
Based on our historical data, retro-fitting was done on successful cyber-attacks using anonymized data. The conclusion is that:
Based on these attacks, key measures were identified at each level to prioritize the countermeasures to protect against the known cyberattacks relevant for that assurance level.
Conformity against the requirements of the respective assurance levels in the CyberFundamentals Framework will be assessed according to the requirements set out in the CyberFundamentals Conformity Assessment Scheme (CAS).
Conformity assessment of the CyberFundamentals Framework shall be performed by an accredited and authorized conformity assessment body.
A conformity assessment body will be accredited according to EU Regulation 765/2008 setting out the requirements for accreditation and market surveillance, unless otherwise determined by Belgian legislation. Accreditation requests can be addressed to BELAC according to the applicable procedure.
The authorization is given by the CCB as National Cybersecurity Certification Authority (NCCA); Accreditation is one of the requirements for authorization.
To facilitate the use of the CyberFundamentals Framework, several tools are provided to assist in the implementation of the framework: