~~This~~These mapping ~~document~~documents ~~complements~~complement ~~the~~ the Cyber Governance Code of Practice and ~~and~~aim ~~will~~to help businesses and organisations understand the Code.

The government is working with industry to improve the management of digital risks and improve cyber resilience across the economy. As part of this the government has launched a new Cyber Governance Code of Practice. To support adoption of this Code, the Department for Science, Innovation and Technology (DSIT) has created a Cyber Governance Mapping document for boards, directors and Chief Information Security Officers (or equivalent).

~~The~~Read ~~mapping~~the ~~document~~Cyber ~~has~~Governance ~~been~~Code ~~developed~~of inPractice.

Read ~~partnership~~the ~~with~~press ~~industry~~notice.

The ~~and~~mapping ~~international~~documents ~~stakeholders.~~were It ~~was~~ created in response to feedback from industry, received ~~through~~ through a consultation on the Cyber Governance Code of Practice (the ~~(the~~ Code), which stated that greater clarification was needed on how the Code fits into the current cyber standards landscape. ~~The~~This mapping document addresses this by illustrating where there are similarities and differences between the Code and other domestic and international cyber standards and frameworks.

~~This~~These mapping ~~document~~documents can behelp ~~used~~ by organisations to understand what actions of the Code they may already be implementing through adherence to other cyber standards and frameworks.

~~Read~~These ~~the~~ ~~Cyber~~ ~~Governance~~ ~~Code~~ of ~~Practice~~.

~~DSIT~~ ~~has~~ ~~worked~~ ~~with~~ ~~the~~ ~~organisations~~ ~~included~~ in ~~the~~ mapping todocuments ~~ensure~~ ~~accuracy.~~ ~~DSIT~~ is ~~continuing~~ to ~~work~~ ~~with~~ ~~NSIT~~ ~~while~~ ~~the~~ ~~mapping~~ to ~~the~~ ~~NIST~~ ~~Cybersecurity~~ ~~Framework~~ (~~NIST~~ ~~CSF~~) is ~~reviewed~~ by ~~NIST’s~~ ~~National~~ ~~Online~~ ~~Informative~~ ~~References~~ ~~Program~~ (~~NOIRP~~). ~~Once~~ ~~the~~ ~~checks~~ ~~carried~~ ~~out~~ by ~~NOIRP~~ are ~~completed,~~ we ~~will~~ ~~remove~~ ~~the~~ ~~‘draft’~~ ~~disclaimer.~~

~~The~~ ~~mapping~~ ~~document~~ is a live ~~document.~~documents. Additional domestic and international cyber standards and frameworks will be included as they are completed. The document will be periodically reviewed from time to time and updated accordingly, including incorporating any new standards and frameworks that are published.

~~The~~These mapping ~~document~~documents isare illustrative and should only be used as a point of reference. ItThey isare not intended to be authoritative or be taken as legal advice on compliance with the standards or frameworks mentioned.

Published 8 April 2025

Last updated 1611 ~~April~~August 2025 + show all updates

11 August 2025
Added new details mapping the cyber governance code to the ISACA CMMI, WEF Principles for Board Governance of Cyber Risk, and ISO 27001.

16 April 2025
Added new details mapping the cyber governance code against the French ANSSI digital risk framework.
8 April 2025
First published.

Cyber governance mapping

Documents

Details

Updates to this page

Sign up for emails or print this page

Update history