What is CyFun?
CyberFundamentals (CyFun) is published by the Centre for Cybersecurity Belgium (CCB) to translate NIS2 obligations into concrete, measurable controls. It is built on NIST CSF, ISO/IEC 27001/27002, CIS Controls and IEC 62443.
CyFun defines three assurance levels — Basic, Important and Essential — so an organisation can target the level matching its risk and NIS2 classification, and demonstrate it with key measures.
CyFun structure
Identify
Protect
Detect & Respond
Recover
CyFun with ResiPlan
ResiPlan ships the CyFun measure catalogue and runs a maturity GAP analysis with evidence and reporting, so Belgian entities can show their CyFun assurance level.
Cross-mapping links CyFun to ISO 27001 and NIS2 — assess once, satisfy your CyFun and NIS2 obligations together.
Frequently asked questions
What is CyFun?
CyberFundamentals (CyFun) is the Belgian CCB framework that operationalises NIS2 with concrete measures at three assurance levels: Basic, Important and Essential.
Which CyFun level do I need?
It depends on your risk profile and NIS2 classification; important and essential entities typically target the Important or Essential level.
Is CyFun mapped to NIS2 and ISO 27001?
Yes. CyFun is NIS2-aligned and built on NIST CSF and ISO 27001/27002; ResiPlan cross-maps it so one assessment serves several frameworks.