CyberQ

FAQ

Cyber and Operational Resilience Framework (CORF) — FAQ

Common questions about CORF v1.0 and the CyberQ assistant.

What is CORF?

CORF stands for the Cyber and Operational Resilience Framework. Version 1.0 is a comprehensive set of cyber-security and operational-resilience controls expected of financial-sector entities operating in Kuwait. It is organised into domains, sub-domains, controls, and sub-controls.

What does CORF stand for?

CORF is the abbreviation for the Cyber and Operational Resilience Framework.

Who must comply with CORF?

CORF is directed at regulated financial institutions in Kuwait — including banks, exchange companies, payment service providers, and similar licensed entities — as well as the third parties that serve them under contract.

How many controls are in CORF v1.0?

CORF v1.0 contains hundreds of individual controls and sub-controls. CyberQ indexes the entire framework into 773 retrievable chunks so any control can be located by question.

What is CyberQ?

CyberQ is an independent AI assistant for CORF v1.0. You ask a question in natural language and it returns a cited answer grounded in the CORF text, with the exact control identifier and page number.

Is CyberQ affiliated with the Central Bank of Kuwait?

No. CyberQ is an independent project built by Cyb3rQ.com. It is not affiliated with, endorsed by, or operated by the Central Bank of Kuwait. CORF is referenced as a publicly available framework.

How are answers cited?

Every claim in a CyberQ answer is tagged with the originating CORF control identifier (for example [4.1.3.2, p. 231]) and the page number in the source PDF, so you can verify against the framework directly.

How does the retrieval work?

CyberQ uses a hybrid retrieval pipeline: BM25 lexical search and dense semantic embeddings are fused with Reciprocal Rank Fusion, then expanded by neighbour radius and re-ranked. This finds the right control even when your phrasing differs from the framework's wording.

Does CyberQ store my conversations?

Conversations are stored on Upstash Redis tied to your account so you can return to them later. You can delete them from inside the app. See the Privacy page for full details.

Does CyberQ see my password?

No. Sign-in is delegated entirely to Google or Microsoft OAuth. We never receive or store your password.

Is CyberQ free?

Yes, CyberQ is currently free to use.

Can I use CyberQ for audits or compliance work?

Yes — typical uses include gap analysis, audit preparation, policy drafting, vendor questionnaires, and analyst onboarding. Always verify answers against the cited CORF clauses before relying on them for decisions.

Open the assistant →What is CORF?