About CDCAT®
CDCAT® Overview
Benefits of CDCAT®
For Individuals
- Strengthen Analytical Thinking in Cyber Defence.
- Learn to interpret assessment data and performance indicators to make informed decisions about cyber risk and resilience.
- Build confidence in applying cyber frameworks.
- Gain hands-on experience in applying mapped controls from multiple standards, helping you confidently contribute to audit preparation and strategic planning.
- Understand how specific controls, processes and practices can be adopted by an organisation and how they interconnect to create a cyber security strategy.
- Understand how standards, framework, guidance or report has been mapped to a variety of control groups.
- Develop skills which help you develop a best practice cyber defence strategy.
- Explore up to date security standards.
For Organizations
- Clear visibility of cyber maturity which allows you to gain a detailed understanding of your organisation’s current cyber defence posture across people, processes, and technology.
- Identification of Vulnerabilities - Pinpoint specific weaknesses before they are exploited — enabling proactive remediation and risk reduction.
- Actionable Insights and KPIs- Receive tailored reports with performance indicators and prioritised recommendations to guide strategic decisions.
- Compliance Readiness - Ensure alignment with key standards like ISO 27001, NIST, PCI-DSS, and Cyber Essentials — supporting audit preparation and regulatory compliance.
- Cost and Time Efficiency - Save thousands in audit costs and reduce assessment time from weeks to days with automated, consultant-led evaluations.
- Strategic Planning Support - Use assessment outcomes to inform cybersecurity investment, workforce planning, and board-level reporting.
- Repeatable and Scalable - Apply the same framework across departments, regions, or business units — ensuring consistency and comparability.
Documentation
Documentation
Videos
Videos
Related products
FAQs
Many organisations hold accreditations against a number of security standards, the different annual audits can cost tens of thousands and take months to complete. CDCAT, however, allows you to drastically reduce the time and costs of this work costing from just £1250.
- Australian Signals Directorate Essential 8 Mitigations Strategies
- Australian Signals Directorate Top 37 Mitigation Strategies
- Australian Signals Directorate Top 4 Mitigation Strategies
- BS ISO/IEC 20000-1
- BS ISO/IEC 27001
- CPNI 20 Critical Security Controls
- CPNI iDATA profiles on ‘Kill Chain’ mitigations
- CPNI Security for Industrial Control Systems (SICS) 2015: Overview + ERS + Vulnerability Assessment
- Defence Cyber Protection Partnership(DCPP) Cyber Security Model – all 4 levels
- HM Government, CIAMM (GPG 40)
- HM Government, Cyber Essentials Scheme
- HM Government, UK 10 Steps to Cyber Security
- HM Government, UK GovCert Top 10
- NATO NCIA CIS Security Capability Breakdown
- NIST Cyber Security Framework (CSF) version 1.1 (update to V1.0)
- NIST SP800-161 Supply Chain Controls
- NIST SP800-53 Security Controls
- NSA NCTOC Top 5 Security Operations Centre (SOC) Principles
- NSA's IAD Top Ten Cybersecurity Mitigation Strategies
- PAS 555
- PCI-DSS V3.2.1
CDCAT® stands for Cyber Defence Capability Assessment Tool.
CDCAT was developed by APMG using science licensed by the Ministry of Defence (MoD) and Defence, Science and Technology Laboratory (DSTL). Each standard, framework, guidance or report has been mapped to a variety of control groups by our standards team. By mapping each control and cross referencing we ensure the minimum time, money and effort is spent ensuring that your organisation meets all necessary regulatory and supplier requirements.
A CDCAT evaluation is relatively straightforward process, on the surface it is simply a Q&A with your IT/security teams with a trained and approved CDCAT consultant who will be your guide throughout the process. Upon evaluation, CDCAT gives each consultant a report showing you the breakdown of your controls and how much they detect, protect and continually maintain your security.
Many organisations hold accreditations against a number of security standards, the different annual audits can cost tens of thousands and take months to complete. CDCAT, however, allows you to drastically reduce the time and costs of this work by providing a focused action plan.
CDCAT Classic is a one-off assessment designed to evaluate your organisation against the most frequently occurring cyber security controls from the worlds most recognised security standards such as 27001, PCI-DSS, Cyber Essentials and NIST.
If you are interested in bringing this military grade cyber defence technology into your organization's portfolio - please contact us at service@apmg-international.com or call 01494 452 450.
- Provisional results: After completing the Foundation examination, candidates may receive provisional results either orally from the invigilator or on-screen at the end of an online exam.
- Official results: Once processed, official results, including a PDF breakdown of marks by syllabus area, are available in the APMG Candidate Portal. Results are issued as the total number of marks achieved.
- Processing time: Exam papers are usually marked immediately after the exam. APMG formally processes and confirms results via the Candidate Portal within 2 working days of receiving completed papers.
- Outstanding payments: In exceptional cases, results may be withheld until full payment has been received.
Once you’ve been notified that you’ve passed your exam, you will have the option to create a digital badge in APMG's Candidate Portal.
Visit APMG's Candidate Portal, view your exam results and select 'Create Badge'.
This takes you to the Credly website where the digital badges are hosted. You will be guided through the Credly account creation process.
Once you have created an account with Credly, log into the account and accept your pending badge.