ENISA has released the updated National Capabilities Assessment framework – NCAF 2.0, a methodology aimed at supporting national authorities strenghten their cybersecurity capabilities and assess the maturity of national cybersecurity strategies’ implementation.
The revised National Cybersecurity Capabilities Framework – NCAF 2.0 and online tool provide national authorities with a practical and flexible tool to better understand where the implementation of National Cybersecurity Strategies (NCSS) stands and where further efforts should be directed. Through its structured assessment approach, the framework allows Member States to identify strengths, gaps, and priority areas. By assessing the maturity of the objectives defined within national strategies, it helps authorities track progress, both at strategic and operational levels.
At EU level, NCAF 2.0 provides a common reference framework to facilitate mutual learning, the exchange of best practices, and discussions on cybersecurity capability development. It reflects the evolving EU cybersecurity policy landscape and is aligned with key legislative initiatives such as the NIS2 Directive. It also supports Member States in preparing for the voluntary peer review process foreseen under Article 19 of the NIS2 Directive.
Who can benefit from this framework?
The NCAF, and the tool associated with, are mainly addressed to policymakers, experts and government officials responsible for or involved in designing, implementing and evaluating an NCSS and, on a broader level, cybersecurity capabilities.
Ultimately, the updated framework contributes to strengthening the collective cybersecurity posture of the EU, while allowing Member States to adapt the assessment to their national context and priorities.
For more than a decade, ENISA has been directly supporting EU Member States in developing and implementing guidelines for their respective national cybersecurity strategies towards building trust, resilience and sufficient levels of transparency.