Misplaced Pages

GovAssure: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactivelyNext edit →Content deleted Content addedVisualWikitext
Revision as of 00:31, 10 July 2023 editBobrayner (talk | contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers53,710 edits Created new article: GovAssure. It's got some redlinks to other UK-government cybersecurity topics; en.wikipedia has got a bit out of date recently, new articles are needed as the landscape evolves...  Revision as of 09:03, 10 July 2023 edit undoOnel5969 (talk | contribs)Autopatrolled, Extended confirmed users, Page movers, New page reviewers, Pending changes reviewers, Rollbackers937,873 editsm References: clean up, added uncategorised tagTag: AWBNext edit →
Line 23: Line 23:
==References== ==References==
{{reflist}} {{reflist}}

{{Uncategorized|date=July 2023}}

Revision as of 09:03, 10 July 2023

GovAssure is a new cybersecurity regime for the UK government, starting in 2022.

History

The process was announced in March 2022. Compared to previous cybersecurity for UK government bodies, the main change is the adoption of NCSC's Cyber Assessment Framework. GovAssure expected to help organisations guard against rising Russian attacks, as well as new types of threat actor.

The first two departments to be assessed, under the new scheme, are the Department for Business, Energy and Industrial Strategy and the Home Office, with C3IA assessing a selection of three systems at each.

Processes

  • Government departments, and some other public-sector organisations, will have their cybersecurity reviewed under the GovAssure process;
  • The controls are expected to be stricter than before, using NCSC's Cyber Assessment Framework and its 14 key principles;
  • The new process will be run by the Government Security Group, with advice from NCSC;
  • Independent review, by third parties, is required.

There is also increasing emphasis on post-incident recovery, as part of security strategy.

In parallel, a Government Information Cell has been established, to counter the spread of disinformation.

Further reading

References

  1. https://www.globalsecuritymag.com/Comment-on-Gov-Assure-process-part,20220413,124191
  2. https://www.computerweekly.com/news/365535542/New-GovAssure-cyber-regime-launches-across-UK-government
  3. https://techinformed.com/uk-issues-warning-over-new-russian-linked-cyber-threat/
  4. https://www.civilserviceworld.com/professions/article/govassure-home-office-beis-first-pilots-new-independent-cyber-audits-c3ia
  5. https://www.gov.uk/government/news/government-launches-new-cyber-security-measures-to-tackle-ever-growing-threats--2
  6. https://www.csoonline.com/article/575145/uk-launches-govassure-cybersecurity-scheme-to-protect-government-it-functions.html
  7. https://www.civilserviceworld.com/professions/article/departments-to-undergo-independent-audits-of-cyber-resilience
This article has not been added to any content categories. Please help out by adding categories to it so that it can be listed with similar articles. (July 2023)
Category: