Evidence-led CAF mapping without inference or scoring.
SIFTR helps cyber and assurance teams understand how their existing documents support the UK Cyber Assessment Framework (CAF), using quoted, auditable evidence.
What SIFTR Does
1. You upload your existing CAF artefacts
Policies, strategies, risk docs, governance papers nothing new to write.
2. SIFTR maps them to CAF outcomes
Each outcome is assessed using quoted evidence only no inference, no scoring.
3. Coverage is shown clearly
Outcomes are marked Strong, Partial, or None, with supporting quotes.
4. Humans stay in control
Outputs support discussion and review final judgement always stays with your team.
Frequently Asked Questions
No. SIFTR supports evidence review only. It does not make compliance determinations, maturity ratings, or automated decisions. All judgement and accountability remains with your organisation.
No. SIFTR does not assign scores or maturity levels. It shows how uploaded evidence supports CAF outcomes, using quoted evidence only, with coverage marked as Strong, Partial, or None.
Yes. Documents are processed in a secure, access-controlled environment and can be deleted at any time. Full details on data handling, retention, and security controls are available in the Trust Centre.
SIFTR is designed for cyber security, governance, risk, and assurance teams working with the UK Cyber Assessment Framework (CAF).
Yes. Outputs are designed to support internal assurance, audit discussions, and evidence collation. They do not constitute formal compliance submissions.
Yes. SIFTR is currently available as a live beta for testing and feedback. Functionality is intentionally limited and conservative while the approach is validated.
Practical guidance, platform updates, and regulatory insight from SIFTR.