GovAssure – Certifying Best Practices for Securing the UK Public Sector

GovAssure is the UK’s cybersecurity assurance scheme.

The crux of GovAssure is a regular, stringent review of IT systems from all government departments in order to increase the UK’s cyber resilience and protect the government’s essential IT functions.

The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy. GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF).

NCSC

Launched in October 2016, the NCSC (National Cyber Security Centre) brought together expertise from CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure (which became the National Protective Security Authority, NPSA, in March 2023).

The NCSC provides a single point of contact for SMEs, larger organisations, government agencies, the general public and departments, working collaboratively with other law enforcement, defence, the UK’s intelligence and security agencies and international partners.

They publish informational guides and services intended to help educate end users on how best to protect themselves, such as the Cyber Essentials, Small Business Advice and Action Plan blueprint, and operate a number of certification schemes:

• Assured Cyber Security Consultancy – Independently assured, industry delivered, consultancy services for organisations with complex and high risk cyber security requirements including, but not limited to, governments, wider public sector and Critical National Infrastructure.
• Cyber Incident Response (CIR) gives organisations direct support when they become victims of cyber attack, with a guide for buyers.
• Certified Professionals – The Certified Professional assured service is a recognition of competence which is awarded to those who demonstrate their sustained ability to apply their skills, knowledge and expertise in real-world situations.
• Cyber Advisor – The cyber advisor scheme assures organisations to provide general cyber security advice and support to a broad range of UK organisations.
• NCSC Certified Training – The NCSC Certified Training scheme provides a benchmark for cyber security training by assuring the quality of both content and its delivery.
• Commercial Product Assurance (CPA) – The CPA scheme provides independent testing of smart meters or recognised smart metering products.

There are also new, specialist schemes, such as cyber incident exercising, which can transform an organisation’s preparation and response to a cyber incident, and initiatives to tailor the scheme for specific sectors such as for Local Government.