www.belgium.be Logo of the federal government

Cyberfundamentals Framework

Small

 

The starting level Small  allows an organisation to make an initial assessment. It is intended for micro-organisations or organisations with limited technical knowledge. 

 

LEVEL SMALL
▼ Download

Basic

 

The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.

LEVEL BASIC
▼ Download

Important

 

The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks. 

LEVEL IMPORTANT
▼ Download

Essential

 

The assurance level Essential goes one step further and is designed to address the risk of advanced cyber-attacks by actors with extensive skills and resources.

LEVEL ESSENTIAL
▼ Download
NIST CSF

The Cyberfundamentals Framework is a set of concrete measures to:

  • protect data,
  • significantly reduce the risk of the most common cyber-attacks,
  • increase an organisation's cyber resilience. 

The framework is based on and linked with 4 commonly used cybersecurity frameworks: NIST CSF, ISO 27001 / ISO 27002, CIS Controls and IEC 62443.

It uses the functions of any cybersecurity framework.

 

The levels and key measures

To respond to the severity of the threat an organization is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential

Based on our historical data, retro-fitting was done on successful cyber-attacks using anonymized data. The conclusion is that:

  • measures in assurance level Basic are able to cover 82% of the attacks,
  • measures in assurance level Important are able to cover 94 % of the attacks,
  • measures in assurance level Essential are able to cover 100% of the attacks.

Based on these attacks, key measures were identified at each level to prioritize the countermeasures to protect against the known cyberattacks relevant for that assurance level. 

CyFUN-Toolbox

To facilitate the use of the Cyberfundamentals Framework, several tools are provided to assist in the implementation of the framework:

  • CyFun Selection Tool is a tool  for  risk assessment resulting in a well-informed selection of the appropriate Cyber Fundamentals Assurance Level.
  • CyFun Self-Assessment tool is a MS Excel format tool to prepare self-assessment and includes spider diagrams to support management reporting.
  • CyberFundamentals Framework mapping provides an overview of the requirements and links with the frameworks in a MS Excel-format.