CDCAT® Classic Assessment

CDCAT® stands for Cyber Defence Capability Assessment Tool. It evaluates and reports on your organisation's ability to implement, manage and maintain an effective strategy to combat cyber risk. Many organisations hold accreditations against a number of security standards, the different annual audits can cost tens of thousands and take months to complete. CDCAT, however, allows you to drastically reduce the time and costs of this work.

CDCAT Classic is a one-off assessment designed to evaluate your organisation against the most frequently occurring cyber security controls from the worlds most recognised security standards such as 27001, PCI-DSS, Cyber Essentials and NIST. See the full list.

We have worked tirelessly to evaluate and understand all regulatory and mandatory compliances for cyber security. A CDCAT classic assessment is not just an assessment of your organisation against a host of industry recognised standards, it is also a learning process to help you understand how the specific controls, processes and practices adopted by your organisation interconnect to create your cyber defence strategy.

CDCAT was developed by APMG using science licensed by the Ministry of Defence (MoD) and Defence, Science and Technology Laboratory (DSTL). Each standard, framework, guidance or report has been mapped to a variety of control groups by our CDCAT standards team. By mapping each control and cross referencing we ensure the minimum time, money and effort is spent ensuring that your organisation meets all necessary regulatory and supplier requirements.

A CDCAT evaluation is relatively straightforward process, on the surface it is simply a Q&A with your IT/security teams with a trained and approved CDCAT consultant who will be your guide throughout the process. Upon evaluation, CDCAT gives each consultant a report showing you the breakdown of your controls and how much they detect, protect and continually maintain your security.

The CDCAT Classic is an assessment based on science. We continually review each of the above standards and use the controls which occur most frequently in CDCAT classic.

Each report is yours to keep and comes with a breakdown of the following areas:

• Summary: A high-level overview of your company, its weaknesses, and areas for improvement.
• High Level Action Plan: Effectiveness of your current controls according to target and areas of improvement.
• Performance Indicators: Bespoke KPIs tailored to your company to meet your desired goals and timeframes (especially relevant for your technical team).
• Additional Standard: A separate report assessment against an additional security standard.
• Assessment Data: Your data specifically mapped against the selected security controls (especially relevant for your technical team).
• An Action Plan: Providing an overview of your blockers and weaknesses based on the TEPIMOIL mnemonic: Training, Equipment, Personnel, Information, Management, Organisation, Infrastructure and Logistics.

Pricing starts at £1250 and includes a three-part assessment against the CDCAT Classic Controls. This includes pre-consultancy, the CDCAT assessment and the follow up strategy call. Assessments typically take a day but can change depending on the scale, complexity and nature of your organisation.

Definitions

• Pre-Consultancy - 1 on 1 Meeting with a CDCAT approved consultant.
• The CDCAT Assessment - Conducting interviews and gathering information with key security stakeholders, then performing the CDCAT Assessment.
• Follow up - Focussed discussion based on the results of the assessment.