Cyber and Operational Resilience Framework Compliance Tool
This tool is provided for educational and informational purposes only. It is designed to help information security teams understand and assess their compliance readiness with the Central Bank of Kuwait (CBK) Cyber and Operational Resilience Framework (CORF). This tool does not constitute legal, regulatory, or professional advice. Organizations must engage qualified professionals and CBK-approved third-party assessors for official compliance assessments. The creators assume no liability for decisions made based on the information provided by this tool.
The Cyber and Operational Resilience Framework (CORF) is a comprehensive regulatory framework issued by the Central Bank of Kuwait (CBK) in December 2025. It replaces the 2020 Cybersecurity Framework and expands coverage to include cyber resilience, operational resilience, and third-party risk management for all CBK-regulated financial institutions.
Shifts from pure compliance to a maturity-driven resilience model focused on anticipating, withstanding, recovering from, and adapting to cyber and operational disruptions.
Risk-based supervisory tiering determines assessment frequency and intensity based on systemic importance, operational complexity, and cyber risk exposure.
Evaluates capabilities across five levels: Initial, Ad-hoc, Baseline, Advanced, and Innovative - measuring how well cybersecurity and resilience are embedded and continuously improved.
Ultimate accountability for cyber and operational resilience sits with the Board of Directors, requiring active oversight and governance involvement.
Comprehensive cybersecurity controls covering governance, technology operations, and emerging technologies.
Focus on business continuity, disaster recovery, and technology resilience capabilities.
Comprehensive TPRM controls from governance and contracts through incident management and data protection.
This self-assessment helps you gauge your current compliance readiness. Select your baseline and answer the questions to receive a preliminary maturity score.
Access the official CBK Cyber and Operational Resilience Framework published in December 2025.
View PDF →Visit the official CBK website for latest circulars, guidance, and regulatory updates.
Visit CBK →National Cyber Security Center resources and sector-wide collaboration initiatives.
Visit NCSC →Best practices for implementing CORF controls and achieving compliance readiness.
Coming Soon →Educational materials and training programs for security teams and board members.
Coming Soon →Detailed gap analysis templates and maturity assessment worksheets.
Coming Soon →