Cyber security resources for councils addressing high-impact areas
Useful resources to support councils in actioning their improvement and implementation plans (IIPs).
Focussing on a small number of high-impact areas can help strengthen the cyber resilience of your organisation. Based on what we’ve learned from CAF for local government assessments so far, we’ve highlighted resources that may support councils in actioning their improvement and implementation plans (IIPs).
Further guidance and supporting resources for each contributing outcome are available on the Useful links and resources page.
Help us improve this page by emailing caf@localdigital.gov.uk to share any published resources you have found useful.
Risk management process (A2.a)
Action required
Ensure that your organisation has a defined and repeatable process for identifying, assessing, and managing cyber security risks.
Why it matters
A structured approach to risk management enables consistent decision-making and reduces reliance on ad-hoc practices.
Resources on principle A2.a – Risk management
Learn how to identify, assess and manage cyber risks:
- About principle A2: Risk management (NCSC.gov.uk)
- Guidance on risk management (NCSC.gov.uk)
Covers core risk management concepts and techniques. - Protective security risk management (NPSA.gov.uk)
A structured approach to risk assessment and stakeholder engagement.
Asset management (A3.a)
Action required
Maintain an accurate and up-to-date inventory of critical systems, services, data, and supporting assets.
Why it matters
Effective asset management is fundamental to safeguarding essential services and underpins other CAF outcomes, including incident response and recovery.
Resources on principle A3 – Asset management
Understand your assets and which ones are most critical:
- About principle A3: Asset management (NCSC.gov.uk)
- Asset management – one of the NCSC’s 10 Steps to Cyber Security (NCSC.gov.uk)
Understand critical services and functions. Identify data and technology dependencies for prioritising their protection. - How to identify the assets within your council that need to be protected (local.gov.uk)
- US Government guidance on managing IT assets securely (NIST.gov)
- NCSC guidance on obsolete products (NCSC.gov.uk)
Response plan (D1.a)
Action required
Develop and maintain a documented cyber incident response plan that clearly defines roles, responsibilities, and escalation procedures.
Why it matters
A well-structured response plan enables faster, more coordinated action during an incident, minimising disruption and impact.
Resources on principle D1.a – Response and recovery planning
Plan how your organisation will respond to and recover from incidents:
- About principle D1: Response and recovery planning (NCSC.gov.uk)
- Cyber security toolkit for boards: incident response planning (NCSC.gov.uk)
- Business continuity management toolkit (gov.uk)
Testing and exercising (D1.c)
Action required
Conduct regular testing and exercising of incident response arrangements, involving relevant teams and senior leadership.
Why it matters
Testing ensures that plans are effective in practice and identifies areas for improvement. This makes your organisational more prepared for any future incidents.
Resources on principle D1.c – testing and exercising
Carry out exercises to test your response plans:
- Exercise in a box (NCSC.gov.uk)
Test your organisation’s resilience to cyber attacks and practise responses in a safe environment. - Effective steps to cyber exercise creation (NCSC.gov.uk)
Guidance on designing and running cyber incident response exercises. - CREST cyber security incident response guide (crest-approved.org)
- Guidance on incident response recommendations and considerations for cybersecurity risk management (NIST.gov)
- Guidance on incident response and management (NCSC.gov.uk)