CyConex is AI-assisted assessment software built around the UK NCSC Cyber Assessment Framework. It works with the full CAF catalogue — four objectives, fourteen principles, 41 contributing outcomes, and the Indicators of Good Practice — so teams can assess against the framework as it is actually written.
IGPs inform conclusions, they do not replace them. CyConex surfaces relevant evidence for each contributing outcome and helps qualified assessors record achieved, partially achieved, or not achieved judgements with traceable references.
Early access · Free · No credit card required
NCSC CAF is the primary framework — four objectives, fourteen principles, 41 contributing outcomes, and IGPs. CyConex also supports NIST 800-53 and NIST CSF 2.0, with structured catalogues and reusable assessment context.
Yes. CyConex works with the full CAF catalogue, including Indicators of Good Practice. It surfaces relevant evidence for each contributing outcome and helps teams record achieved, partially achieved, or not achieved judgements with traceable references — IGPs inform conclusions, they do not replace expert judgement.
No. AI agents accelerate evidence gathering and review, but accountability stays with qualified assessors. Reviewers validate scope, review IGP judgements, and approve every output that goes into a formal report, so conclusions remain defensible.