Introducing CAA ASSURE – Enabling the Aerospace industry to achieve higher standards of safety


In aerospace and aviation, the physical aspects of safety are no longer exclusively synonymous with security. The CAA has also decided to focus on cybersecurity with the introduction of ASSURE.

Nettitude have recently announced a new accreditation with the Civil Aviation Authority and Crest. The CAA ASSURE accreditation introduces a new cybersecurity audit model for third parties providing services to the Aerospace industry. Within this, there are a new set of requirements that ensure cybersecurity providers are subject to a rigorous and continuous accreditation process under the ASSURE Scheme.

This scheme is part of the wider UK Aviation Cyber Strategy, in which the CAA have set out an approach that ensures cybersecurity will continue to be collaborative and supportive for the sector. The CAA’s vision is that the UK’s transport sector remains ‘safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world’. As part of this, the CAA were tasked by DfT to develop and implement a regulatory framework for cybersecurity, as well as facilitating oversight of the industry’s activities that relate to mitigating potential cyber risks for civil aviation in the UK.

The CAA has reformatted the Cyber Assessment Framework (CAF), developed by the NCSC, specifically for aviation, in which it will be used by aviation organisations to self-assess against fourteen principles across four broad objectives. ASSURE Cyber Suppliers and Cyber Professionals will then perform an ASSURE Cyber Audit on an aviation organisation’s CAF for Aviation self-assessment.

The benefits of this new partnership include.

  • We are now an accredited ASSURE Cyber Supplier in which our staff have become accredited ASSURE Cyber Professionals across all specialism areas in the process.
  • Our knowledgeable, experienced and qualified cyber professionals can be deployed to assess an audit.
  • We can provide a validated opinion of ‘achieved’, ‘partially achieved’ or ‘not achieved’ with associated commentary against each CAF for Aviation contributing outcome.
  • Recommendations will be provided where ‘partially achieved’ or ‘not achieved’ contributing outcomes have been identified from an ASSURE Cyber Audit.