What is CyFun?
Cyfun, short for CyberFundamentals Framework, is a structured cybersecurity framework designed to help organizations reduce the risk of common cyberattacks and improve resilience through practical, step by step measures.
Cyfun 2025 reflects today’s cybersecurity and compliance environment more closely than earlier versions. It has been updated to align more strongly with current expectations such as NIST CSF 2.0 and European regulatory developments including NIS2.
The 2025 version also places greater emphasis on supply chain security, operational technology, stronger governance, and clearer auditability. That makes it especially relevant for organizations that want more than a theoretical framework. It provides a path that can actually be implemented, measured, and defended.
The assurance levels
Basic
A practical starting point for building core cybersecurity fundamentals
Important
A more advanced level for organizations with broader exposure, stronger expectations, or higher operational reliance on cybersecurity
Essential
A higher assurance level for organizations that need a more robust and formalized cybersecurity posture
The framework also references a small organization entry path intended for micro organizations or teams with limited technical resources.
What you get
With Complify, you do not simply receive a framework document. You get a structured Cyfun based implementation and preparation service.
Assurance level selection and scoping
We help determine which Cyfun level fits your organization based on systems, business processes, supplier exposure, and risk profile.
Prioritized implementation backlog
We turn findings into a practical action plan, prioritized around the most important measures first.
Evidence package preparation
We help define what evidence should be collected, where it should be stored, and how it should be structured for verification or certification readiness.
Reporting structure for management
We help translate results into a format leadership can review and act on, including category level visibility and radar chart style reporting logic.
Download a sample
Cybersecurity Analysis Report
This report details your organization’s cybersecurity posture. It provides a high-level assessment indicating your organization’s effectiveness at addressing cyber risks.
It also provides a prioritized list of recommendations to improve your posture and mitigate those risks.
Click on the picture to download a sample report.
.jpg)
CyFun 2025 Readiness Report
This report details your organization's compliance status with the framework, for the purpose of initial evaluation.
This status is based on information provided by you about your organization.
Click on the picture to download a sample report.
Frameworks
How we integrate CyFuninto the Complify service model
We translate the official Cyfun control structure into an operational delivery model your organization can actually work with.
That means each control can be converted into actionable tasks with:
-
clear ownership
-
deadlines
-
acceptance criteria
-
expected evidence type
We also turn self assessment outputs into implementation plans and progress reporting, so the framework becomes part of a real improvement process rather than a static document.
Where needed, we can support audit ready preparation by helping organize documentation and evidence in line with the expected conformity assessment logic.
For Cyfun, this generally means:
-
verification for Basic and Important levels
-
certification logic for the Essential level
This way, your organization gets a path from understanding the framework to preparing for independent assessment.
Why Choose Complify?
We've revolutionized cybersecurity compliance with our unique approach that combines speed, expertise, and comprehensive coverage.
Simple & Fast
Actionable results in a few business days. No fluff, no delays.
One time fee
No subscriptions or lockins. Just a clear, small onetime cost.
Human experts
Consultants with deep financial services compliance knowledge — not an AI only platform.
20+ frameworks
NYS DFS: ISO 27001, SOC 2, PCI DSS, NIST CSF, HIPAA, CCPA and more.
Frequently Asked Questions
Some of the most repeated questions.
The typical flow is risk assessment, self assessment, implementation planning, and optionally independent verification or certification.
That depends on your risk profile, operational context, supplier exposure, and in some cases national implementation specifics. We help you determine the most appropriate level.
Yes. Cyfun also references a small organization path intended for micro organizations or companies with limited technical maturity.
Formal verification or certification is carried out by an independent accredited conformity assessment body under the applicable scheme rules.