CAFtrack is an AI agent trained on the NCSC CAF 4.0 framework. It analyses your security documentation against all 41 contributing outcomes, identifies compliance gaps, asks targeted clarifying questions, and generates a structured self-assessment report.
Every contributing outcome across all principles fully assessed by an AI agent trained on the NCSC CAF 4.0 framework, with targeted clarifying questions where evidence is missing.
Drop in your security documents. The AI assessor works through all 41 CAF 4.0 contributing outcomes.
Information Security Policy v1.0 Organisation: Example Infrastructure Ltd Governance: The CISO has board-level accountability for cyber security. Roles and responsibilities are documented and communicated to all staff. Policy is reviewed annually. Risk: Cyber risks are identified and assessed quarterly. An asset register is maintained and reviewed regularly. Third-party suppliers are assessed before onboarding. Access: Multi-factor authentication is enforced for all privileged accounts. Access rights are reviewed every quarter and removed promptly when staff leave. Data: Data is encrypted at rest and in transit. A data classification policy is in place and staff are trained on handling sensitive information. Incident: An incident response plan exists and is tested annually via a tabletop exercise. Incidents are reported to the ICO within 72 hours where required. Monitoring: A SIEM platform monitors network activity 24/7. Logs are retained for 12 months and protected from tampering.
Save as .txt and upload to test the assessment flow.
Drop in your security policies, risk registers, audit reports, and incident procedures. Supported formats include PDF and plain text.
The AI agent maps your documentation to each of the 41 CAF 4.0 contributing outcomes. Trained specifically on the NCSC CAF 4.0 framework, it asks targeted questions where evidence is missing or ambiguous.
A structured report showing Achieved, Partially Achieved, Not Achieved, or Insufficient Evidence for every outcome with reasoning, ready to print or share.
Not a checklist. An intelligent assessor that reads your evidence, reasons over it, and asks exactly the right questions when something is missing.
Reads your actual documents and maps specific content to CAF outcomes genuine comprehension, not keyword matching.
When evidence is absent or ambiguous, CAFtrack asks precise, outcome-specific questions rather than defaulting to fail.
Every contributing outcome across all four CAF 4.0 principles governance, protection, detection, and response.
Built on state-of-the-art large language models, CAFtrack uses the same AI technology trusted by organisations worldwide to reason over complex documents.
Compress the evidence review phase from weeks of consultant time down to hours.
A structured per-outcome report with verdicts and reasoning, ready to present to your Competent Authority.
Assess your security posture against CAF 4.0 and surface gaps before a formal Competent Authority review.
Understand where your systems and processes stand against CAF requirements without needing an external consultant.
Map existing policies and controls to CAF contributing outcomes and track your compliance position over time.
Integrate CAF outcomes into your risk register and evidence your risk treatment approach to regulators.
CAFtrack is currently an early-access product. We're validating the AI-assisted assessment approach with security professionals before building the full production platform.
Your feedback shapes what we build next.
Register your interest and be first to know when CAFtrack launches for production use. No spam just updates when it matters.
No spam. Unsubscribe at any time.
Free. No account required. Results in under two hours.