NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
The CyberFundamentals Framework is a set of concrete measures to protect your data, significantly reduce the risk of the most common cyber-attacks and increase your organisation's cyber resilience. The framework is based on;
- Four commonly used cybersecurity frameworks (NIST CSF, ISO 27001 / ISO 27002, CIS Controls and IEC 62443); and,
- Anonymized historical data of successful cyber-attacks. Through retro-fitting, we are able to assess what percentage of past attacks the measures of the Framework will protect you against.
To respond to the severity of the threat an organisation is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.
The levels and key measures
Small
The starting level Small allows an organisation to make an initial assessment. It is intended for micro-organisations or organisations with limited technical knowledge.
pdf
Basic
The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.
pdf
Important
The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks.
pdf
Essential
The assurance level Essential goes one step further and is designed to address the risk of advanced cyber-attacks by actors with extensive skills and resources.
pdf
CyberFundamentals Toolbox
The CyberFundamentals Toolbox contains all the tools and resources that will help you achieve conformity with the CyberFundamentals Framework.
Get your CyberFundamentals Label
Obtaining the CyberFundamentals label provides significant advantages for any organisation, primarily in enhancing its cybersecurity posture and gaining a competitive edge in the marketplace. The label indicates that the organisation has met a recognised standard of cybersecurity practices, ensuring the implementation of essential security controls to protect its systems and data.
The conformity assessment process not only helps in mitigating risks associated with cyber threats but also demonstrates to stakeholders, clients, and partners that the organisation is committed to maintaining robust cybersecurity measures. As a result, it fosters trust and confidence among clients and partners, potentially leading to increased business opportunities and partnerships.
Additional tools and explanation to help you get your label are available in the CyFun Toolbox.
1. Perform a risk assesment to select your assurance levelThe CyFun Selection Tool is a tool for Risk Assessment resulting in a well-informed selection of the appropriate CyberFundamentals Assurance Level. | Download the CyFun Selection tool |
2. Complete your Self-Assessment and implement corrective measuresThe CyFun Self-Assessment tool is a MS Excel format tool to prepare self-assessment and includes spider diagrams to support management reporting. | Download the Self-Assessment Tool |
3. Select an authorised Conformity Assessment Body and have them verify on certify your self-assessmentGet in touch with a Conformity Assessment Body (CAB) to have them assess your Self-Assessment and your implementation of corrective measures. | Download the list of authorised CABs |
4. Request your label on the Safeonweb@work portalOnce the Conformity Assessment process is finalised with your CAB, request your CyFun label in the Safeonweb@work portal. | Access the Safeonweb@work portal |
Getting a CyFun label with an ISO27001 certification
It is also possible to obtain a CyFun label by using your exisiting ISO27001 certification with the correct scope. Get in touch with your selected CAB to have them verify the scope of your certificate.
Reuse of the CyFun Framework
The CyberFundamentals Framework is a framework owned by the Centre for Cybersecurity Belgium (CCB), operating under the authority of the Prime Minister of Belgium.
The acronym “CyFun” stands for “CyberFundamentals Framework” and is a registered trademark owned by the CCB.
The CyFun Framework and the CyberFundamentals Conformity Assessment Scheme (CAS) are available on www.cyfun.be.
The use of the acronym “CyFun” and/or parts of this document are authorised, as long as the source is clearly mentioned.
Any commercial use of CyFun is subject to a prior agreement with the CCB.
Conformity Assessment Bodies
A dedicated page is available for Conformity Assessment Bodies that aim to become accredited and authorised for the CyberFundamentals Framework.