CDCAT® - Cyber Defence Capability Assessment Tool

An effective, comprehensive way to assess an organisation's existing cyber defences.

The Cyber Defence Capability Assessment Tool (CDCAT) is an effective, comprehensive way for organizations to assess their existing cyber defences, identify any vulnerability(s) in their defences and what mitigations can be applied. Considering the frequency of attacks on organizations’ sensitive cyber assets – CDCAT is an essential tool in combatting the threats posed by any number of cyber-criminals and criminal organizations.

CDCAT was developed by the Defence Science and Technology Laboratory (Dstl), a trading fund of the MOD. Dstl is dedicated to keeping the UK secure through development of innovative science and technology. Dstl provides impartial scientific and technological advice to the UK Armed Forces and British Government.

CDCAT® is a registered trade mark of Dstl. All rights reserved.


  • Why was CDCAT Introduced?
  • Who is CDCAT For?
  • How do I book an assessment?
  • What Benefits will CDCAT Bring to My Organization?
  • How does CDCAT work?
  • Assessment Method
  • The Output

Why choose apmg

  • APMG services focus on high-quality. 
  • APMG is accredited by the United Kingdom Accreditation Service (UKAS).
  • APMG has heritage in the cyber security field.
  • APMG is the only certification body providing GCHQ Certified Training assessments.

Benefits of CDCAT® - Cyber Defence Capability Assessment Tool

  • CDCAT prepares your defences for emerging and evolving cyber-security threats. 
  • CDCAT provides succinct, detailed feedback on how to best proceed with optimising your organization's cyber defences.
  • CDCAT constitutes an essential part of your organization's cyber-security strategy. 
  • CDCAT provides cyber professionals with the means to build effective business cases for vital cyber-security updates. 
  • Your organization can use CDCAT's reports to demonstrate with objective proof, that it is addressing vulnerabilities and proactively reinforcing cyber-defence weak spots.