Browse our certifications
Find training
Open page navigation
cyber security frameworkscyber security risk assessmentrisk management

CDCAT® stands for Cyber Defence Capability Assessment Tool. It evaluates and reports on your organisation's ability to implement, manage and maintain an effective strategy to combat cyber risk. Many organisations hold accreditations against a number of security standards, the different annual audits can cost tens of thousands and take months to complete. CDCAT, however, allows you to drastically reduce the time and costs of this work.

How to conduct a cyber security risk assessment with CDCAT Classic

CDCAT Classic is a one-off assessment designed to evaluate your organisation against the most frequently occurring cyber security controls from the worlds most recognised security standards such as 27001, PCI-DSS, Cyber Essentials and NIST. See the full list.

We have worked tirelessly to evaluate and understand all regulatory and mandatory compliances for cyber security. A CDCAT classic assessment is not just an assessment of your organisation against a host of industry recognised standards, it is also a learning process to help you understand how the specific controls, processes and practices adopted by your organisation interconnect to create your cyber defence strategy.

The Cyber Defence Capability Assessment Tool

CDCAT was developed by APMG using science licensed by the Ministry of Defence (MoD) and Defence, Science and Technology Laboratory (DSTL). Each standard, framework, guidance or report has been mapped to a variety of control groups by our CDCAT standards team. By mapping each control and cross referencing we ensure the minimum time, money and effort is spent ensuring that your organisation meets all necessary regulatory and supplier requirements.

Helping you prepare for a cyber security audit

A CDCAT evaluation is relatively straightforward process, on the surface it is simply a Q&A with your IT/security teams with a trained and approved CDCAT consultant who will be your guide throughout the process. Upon evaluation, CDCAT gives each consultant a report showing you the breakdown of your controls and how much they detect, protect and continually maintain your security.

Choose a smart approach to your cyber security assessment

The CDCAT Classic is an assessment based on science. We continually review each of the above standards and use the controls which occur most frequently in CDCAT classic.

Your Cyber Risk Assessment Report

Each report is yours to keep and comes with a breakdown of the following areas:

  • Summary: A high-level overview of your company, its weaknesses, and areas for improvement.
  • High Level Action Plan: Effectiveness of your current controls according to target and areas of improvement.
  • Performance Indicators: Bespoke KPIs tailored to your company to meet your desired goals and timeframes (especially relevant for your technical team).
  • Additional Standard: A separate report assessment against an additional security standard.
  • Assessment Data: Your data specifically mapped against the selected security controls (especially relevant for your technical team).
  • An Action Plan: Providing an overview of your blockers and weaknesses based on the TEPIMOIL mnemonic: Training, Equipment, Personnel, Information, Management, Organisation, Infrastructure and Logistics.

Specialised cyber risk assessment software which saves you time

Pricing starts at £1250 and includes a three-part assessment against the CDCAT Classic Controls. This includes pre-consultancy, the CDCAT assessment and the follow up strategy call. Assessments typically take a day but can change depending on the scale, complexity and nature of your organisation.

Definitions

  • Pre-Consultancy - 1 on 1 Meeting with a CDCAT approved consultant.
  • The CDCAT Assessment - Conducting interviews and gathering information with key security stakeholders, then performing the CDCAT Assessment.
  • Follow up - Focussed discussion based on the results of the assessment.

Security Standards available in the Cyber Defence Capability Assessment Tool

  • Australian Signals Directorate Essential 8 Mitigations Strategies
  • Australian Signals Directorate Top 37 Mitigation Strategies
  • Australian Signals Directorate Top 4 Mitigation Strategies
  • BS ISO/IEC 20000-1
  • BS ISO/IEC 27001
  • CPNI 20 Critical Security Controls
  • CPNI iDATA profiles on ‘Kill Chain’ mitigations
  • CPNI Security for Industrial Control Systems (SICS) 2015: Overview +  ERS + Vulnerability Assessment
  • Defence Cyber Protection Partnership(DCPP) Cyber Security Model – all 4 levels
  • HM Government, CIAMM (GPG 40)
  • HM Government, Cyber Essentials Scheme
  • HM Government, UK 10 Steps to Cyber Security
  • HM Government, UK GovCert Top 10
  • NATO NCIA CIS Security Capability Breakdown
  • NIST Cyber Security Framework (CSF) version 1.1   (update to V1.0)
  • NIST SP800-161 Supply Chain Controls
  • NIST SP800-53  Security Controls
  • NSA NCTOC Top 5 Security Operations Centre (SOC) Principles
  • NSA's IAD Top Ten Cybersecurity Mitigation Strategies
  • PAS 555
  • PCI-DSS V3.2.1

CDCAT® is a registered trade mark of Dstl. All rights reserved.

Rate your experience with us...

RELATED PRODUCTS

Leopard

CDCAT® - Cyber Defence Capability Assessment Tool

Unrivalled in the NIST Cybersecurity Framework maturity, cyber risk quantification and much more

View more
Large pile of timber logs perfectly stacked

ISO/IEC 27001

Demonstrate exemplary management of information security

View more
Hot air balloons ascending into the clouds

Cloud Computing

Smooth ascension into the cloud

View more

CONTACT US

FIND ME A TRAINING PROVIDER

CDCAT® Classic Assessment

Please tell us your training requirements and we'll find you a training provider

BECOME A TRAINING ORGANISATION

Please provide your company details to begin your journey to becoming accredited

Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Select any filter and click on Apply to see results