Home
arrow_forward_ios
Frameworks
arrow_forward_ios
Belgium Cybersecurity Framework (CyFun)
Cybersecurity
DETAIL

Belgium CyFun — Cybersecurity Framework

SmartSuite provides the system for managing controls, evidence, mappings, assessments, and reporting.
Framework text may require a separate license unless explicitly provided.

Overview

Belgium CyFun (Cyber Fundamentals Framework) is a national cybersecurity framework developed by the Centre for Cybersecurity Belgium (CCB) to help Belgian organizations implement essential cybersecurity practices. The framework provides a structured approach to cybersecurity improvement based on internationally recognized standards, adapted for the Belgian regulatory context.

Published by the Centre for Cybersecurity Belgium, CyFun applies to Belgian organizations across sectors seeking to improve cybersecurity maturity and comply with NIS2 Directive requirements. It offers four implementation levels allowing organizations to select the tier appropriate to their risk profile and maturity ambitions.

Organizations implement CyFun by assessing current practices against the framework’s subcategories, selecting their target implementation level, developing improvement plans, and progressively enhancing cybersecurity capabilities aligned with Belgian regulatory expectations.

Why it Matters

Belgium CyFun provides a clear, structured path for Belgian organizations to improve cybersecurity practices in alignment with NIS2 Directive requirements and CCB guidance.

Key benefits include:

  • Align with NIS2 requirements

Implement security measures meeting NIS2 Directive obligations through CCB-endorsed guidance.

  • Improve cybersecurity maturity

Progress systematically through four implementation levels building comprehensive security capabilities.

  • Leverage recognized standards

Build on internationally recognized frameworks including NIST CSF and ISO 27001 with Belgian-specific guidance.

  • Demonstrate security posture

Show CCB and regulators organized cybersecurity improvement aligned with national guidance.

  • Right-size security investments

Select appropriate implementation levels matching organizational risk profile and resources.

How it Works

CyFun is based on the NIST Cybersecurity Framework structure, organized across Identify, Protect, Detect, Respond, and Recover functions. Four implementation levels (Small, Important, Essential, Critical) provide guidance at increasing rigor, allowing organizations to select the level matching their NIS2 classification and risk appetite.

Organizations implement CyFun by conducting maturity assessments, selecting target implementation level, developing prioritized improvement roadmaps, and progressively implementing required security measures. CCB provides guidance materials and assessment tools supporting implementation.

Within SmartSuite, Belgian organizations track CyFun subcategory implementation, manage improvement roadmaps, coordinate evidence collection, and maintain compliance documentation supporting NIS2 regulatory requirements.

Key Elements

  • Four Implementation Levels

Small, Important, Essential, and Critical levels matching different risk profiles and NIS2 classifications.

  • NIST CSF-Based Structure

Organized across Identify, Protect, Detect, Respond, and Recover functions with Belgian-specific guidance.

  • NIS2 Alignment

Designed to satisfy NIS2 Directive security measure requirements for Belgian entities.

  • Maturity Assessment Tools

CCB-provided tools for assessing current implementation level and identifying improvement priorities.

Framework Scope

Belgium CyFun applies to Belgian organizations, particularly those subject to NIS2 Directive requirements. Applicable across sectors with guidance appropriate for varying organizational sizes and risk profiles.

Framework Objectives

Belgium CyFun provides a structured path for improving cybersecurity aligned with NIS2 Directive requirements and CCB guidance.

  • Implement security measures satisfying NIS2 Directive requirements for Belgian entities
  • Progress systematically through maturity levels building comprehensive security capabilities
  • Align Belgian organizational security practices with internationally recognized standards
  • Demonstrate cybersecurity improvement to CCB and sectoral regulators
  • Right-size security investments based on organizational risk profile

Common Framework Mappings

Mapped frameworks include:

EU NIS2 Directive

ISO/IEC 27001

NIST Cybersecurity Framework

SOC 2

At a Glance
Belgium Cybersecurity Framework (CyFun)
  • checklist
    Classicifation
    Category
    info
    Cybersecurity
    Domain
    info
    Cybersecurity
    Framework Family
    info
    Other
  • info
    Regulatory Context
    Type
    info
    Framework
    Sector
    info
    Cross-Sector
    Industry
    info
    Cross-Industry
  • arrow_upload_ready
    Region / Publisher
    Region
    info
    Europe
    Region Detail
    info
    Belgium
    Publisher
    info
    CyFun
  • published_with_changes
    Versioning
    Version
    info
    Current CyFun Framework
    Effective Date
    info
    2023
    Issue Date
    info
    2019
  • graph_3
    Adoption
    Adoption Model
    info
    Regulatory Compliance
    Implementation Complexity
    info
    High
  • captive_portal
    Official Reference
    Source
    info
    Open Link in New Tab
License Information

License included / downloadable: Yes

The Belgium Cybersecurity Framework (CyFun) is published by the Belgian Centre for Cybersecurity and is publicly available through official government resources.

Official Resources
Belgium CyFun Framework Overview
Provides an overview of the Belgium CyFun framework focusing on cybersecurity resilience practices.
chevron_forward
Centre for Cybersecurity Belgium - CyFun Guidance
Outlines guidance for implementing the CyFun cybersecurity practices in organizations.
chevron_forward
CyFun Security Controls Documentation
Defines specific security controls within the Belgium CyFun framework for organizational compliance.
chevron_forward
CyFun Risk Management Framework
Describes the risk management strategies within the Belgium CyFun framework for enhanced cybersecurity.
chevron_forward
CyFun Incident Response Guidelines
Outlines incident response procedures aligned with CyFun to enhance organizational readiness.
chevron_forward
SMARTSUITE

How SmartSuite Supports Belgium CyFun

Centralize controls, evidence, and audit workflows to stay continuously SOC 2–ready.

Initiative-to-Control Mapping

Translate CyFun guidance into operational controls with clear ownership.

Readiness Assessments and Gap Tracking

Run assessments, document gaps, and build a prioritized improvement roadmap.

Awareness and Training Programs

Manage awareness initiatives, completion tracking, and supporting evidence.

Incident Preparedness and Exercises

Schedule incident exercises, capture outcomes, and track corrective actions.

Partner and Stakeholder Coordination

Coordinate collaboration tasks, shared responsibilities, and evidence across groups.

Reporting and Continuous Improvement

Report posture, open actions, and improvements over time.

Related frameworks

CIS Controls v8.1

CIS Controls v8.1 provides prioritized, practical security actions to help organizations mitigate common cyber threats and strengthen defenses.

Learn More
arrow_forward
EU DORA

DORA is an EU regulation requiring financial firms to manage ICT risks, report incidents, test security, and oversee third-party providers.

Learn More
arrow_forward
GDPR

GDPR is an EU regulation that protects individuals' personal data and strengthens organizations' accountability for privacy.

Learn More
arrow_forward
ISO 27001:2022

ISO/IEC 27001:2022 is an international ISMS standard that helps organizations manage information security risks and protect data.

Learn More
arrow_forward
ISO 27002:2022

ISO/IEC 27002:2022 provides best-practice information security controls to help organizations select, implement, and manage protections for information assets.

Learn More
arrow_forward
MITRE ATT&CK

MITRE ATT&CK is a knowledge framework documenting adversary tactics and techniques to help organizations detect, analyze, and respond to attacks.

Learn More
arrow_forward
NIS2 (EU 2022/2555)

NIS2 establishes mandatory cybersecurity and incident-reporting requirements to strengthen resilience across essential and important EU organizations.

Learn More
arrow_forward
NIST CSF 2.0

NIST Cybersecurity Framework (CSF) v2.0 is a risk-based framework that helps organizations manage and reduce cybersecurity risks.

Learn More
arrow_forward
ONBOARDING FAQS

Frequently Asked Questions For Belgium CyFun (Cybersecurity Framework)

What is Belgium CyFun used for?

Belgium CyFun is used to help organizations identify, assess, and manage cybersecurity risks, while aligning with Belgian regulatory requirements and international best practices. It guides the implementation of security controls and governance measures to strengthen cyber resilience and protect digital assets.

Is Belgium CyFun mandatory or certifiable?

Belgium CyFun is not a mandated or certifiable standard, but it serves as a recommended framework published by the Centre for Cybersecurity Belgium (CCB). Organizations adopt it to demonstrate due diligence, regulatory alignment, and readiness for audits across Belgium’s public and private sectors.

What organizations should use Belgium CyFun?

Belgium CyFun is applicable to all Belgian organizations, including those in public administration, critical infrastructure, and private industry. Its flexible approach allows organizations of various sizes and sectors to tailor cybersecurity controls and processes to their specific risk environments.

What are the key components of Belgium CyFun?

The framework is structured around control families, governance domains, a risk management lifecycle, and an embedded maturity model. It requires organizations to map controls to threats, assets, and compliance obligations relevant to their business context.

How do organizations implement Belgium CyFun?

Implementation is based on conducting cybersecurity risk assessments, selecting and applying necessary security controls, and embedding requirements into existing governance and compliance programs. Continual monitoring, incident response planning, and maturity tracking are critical for effective implementation.

How does Belgium CyFun relate to frameworks like NIST or ISO 27001?

Belgium CyFun is designed to align with international frameworks such as NIST Cybersecurity Framework and ISO 27001, providing a Belgian perspective and regulatory context. Organizations can use it alongside these frameworks to create a comprehensive cybersecurity governance program.

What are the ongoing compliance requirements for Belgium CyFun?

Maintaining compliance with Belgium CyFun requires regular risk reviews, continual control monitoring, policy updates, incident response testing, and internal or external compliance assessments. Organizations should document processes and demonstrate continual improvement in their cybersecurity maturity.

How would SmartSuite support Belgium CyFun?

SmartSuite supports Belgium CyFun by enabling organizations to import control libraries, maintain a centralized risk register, and systematically manage policies and controls. The platform streamlines compliance through built-in evidence collection, compliance tracking, remediation workflows, audit preparation, and reporting dashboards, ensuring continuous oversight and governance of security posture.

NEXT STEP

Put CRI Profile into action with SmartSuite

Map controls, collect evidence, run assessments, manage remediation, and report readiness - all from a single connected system.

Explore in SmartSuite
chevron_forward
View all Frameworks
chevron_forward