NIS2, Are you on scope?
Belgium's new cybersecurity law will soon enter into force. Check it out now.
The CyberFundamentals Framework is a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks and increase your organisation's cyber resilience. The framework is based on;
To respond to the severity of the threat an organisation is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.
The starting level Small allows an organisation to make an initial assessment. It is intended for micro-organisations or organisations with limited technical knowledge.
The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.
The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks.
The assurance level Essential goes one step further and is designed to address the risk of advanced cyber-attacks by actors with extensive skills and resources.
The CyberFundamentals Toolbox contains all the tools and resources that will help you achieve conformity with the CyberFundamentals Framework.
Obtaining the CyberFundamentals label provides significant advantages for any organisation, primarily in enhancing its cybersecurity posture and gaining a competitive edge in the marketplace. The label indicates that the organisation has met a recognised standard of cybersecurity practices, ensuring the implementation of essential security controls to protect its systems and data.
The conformity assessment process not only helps in mitigating risks associated with cyber threats but also demonstrates to stakeholders, clients, and partners that the organisation is committed to maintaining robust cybersecurity measures. As a result, it fosters trust and confidence among clients and partners, potentially leading to increased business opportunities and partnerships.
Additional tools and explanation to help you get your label are available in the CyFun Toolbox.
1. Perform a risk assesment to select your assurance levelThe CyFun Selection Tool is a tool for Risk Assessment resulting in a well-informed selection of the appropriate CyberFundamentals Assurance Level. | Download the CyFun Selection tool |
2. Complete your Self-Assessment and implement corrective measuresThe CyFun Self-Assessment tool is a MS Excel format tool to prepare self-assessment and includes spider diagrams to support management reporting. | Download the Self-Assessment Tool |
3. Select an authorised Conformity Assessment Body and have them verify on certify your self-assessmentGet in touch with a Conformity Assessment Body (CAB) to have them assess your Self-Assessment and your implementation of corrective measures. | Download the list of authorised CABs |
4. Request your label on the Safeonweb@work portalOnce the Conformity Assessment process is finalised with your CAB, request your CyFun label in the Safeonweb@work portal. | Access the Safeonweb@work portal |
It is also possible to obtain a CyFun label by using your exisiting ISO27001 certification with the correct scope. Get in touch with your selected CAB to have them verify the scope of your certificate.
The CyberFundamentals Framework is a framework owned by the Centre for Cybersecurity Belgium (CCB), operating under the authority of the Prime Minister of Belgium.
The acronym “CyFun” stands for “CyberFundamentals Framework” and is a registered trademark owned by the CCB.
The CyFun Framework and the CyberFundamentals Conformity Assessment Scheme (CAS) are available on www.cyfun.be.
The use of the acronym “CyFun” and/or parts of this document are authorised, as long as the source is clearly mentioned.
Any commercial use of CyFun is subject to a prior agreement with the CCB.
A dedicated page is available for Conformity Assessment Bodies that aim to become accredited and authorised for the CyberFundamentals Framework.