Cyber governance mapping
Information showing how the Cyber Governance Code of Practice maps to existing cyber standards and frameworks.
Documents
Details
This mapping document complements the Cyber Governance Code of Practice and will help businesses and organisations understand the Code.
The government is working with industry to improve the management of digital risks and improve cyber resilience across the economy. As part of this the government has launched a new Cyber Governance Code of Practice. To support adoption of this Code, the Department for Science, Innovation and Technology (DSIT) has created a Cyber Governance Mapping document for boards, directors and Chief Information Security Officers (or equivalent).
The mapping document has been developed in partnership with industry and international stakeholders. It was created in response to feedback from industry, received through a consultation on the Cyber Governance Code of Practice (the Code), which stated that greater clarification was needed on how the Code fits into the current cyber standards landscape. The mapping document addresses this by illustrating where there are similarities and differences between the Code and other domestic and international cyber standards and frameworks.
This mapping document can be used by organisations to understand what actions of the Code they may already be implementing through adherence to other cyber standards and frameworks.
Read the Cyber Governance Code of Practice.
DSIT has worked with the organisations included in the mapping to ensure accuracy. DSIT is continuing to work with NSIT while the mapping to the NIST Cybersecurity Framework (NIST CSF) is reviewed by NIST’s National Online Informative References Program (NOIRP). Once the checks carried out by NOIRP are completed, we will remove the ‘draft’ disclaimer.
The mapping document is a live document. Additional domestic and international cyber standards and frameworks will be included as they are completed. The document will be periodically reviewed from time to time and updated accordingly, including incorporating any new standards and frameworks that are published.
The mapping document is illustrative and should only be used as a point of reference. It is not intended to be authoritative or be taken as legal advice on compliance with the standards or frameworks mentioned.