Government formally unveils annual independent cyber audits for all departments
Ministerial announcement follows initial examinations of Home Office and business department earlier this year
The government has formally unveiled the GovAssure programme which will require all departments to undergo annual external audits of cyber-resilience.
The initiative, which was first trailed in the Government Cyber Security Strategy in January 2022, will require yearly investigations of the cyber protections of all Whitehall departments and some arm’s-length bodies. The procedures, which will be overseen by the Cabinet Office-based Government Security Group, will use the National Cyber Security Centre’s Cyber Assessment Framework to review organisations’ security practices.
Audits will include evaluation by external assessors, while the Cabinet Office will provide “centralised security policy and guidance” to help inform departments’ security policies.
PublicTechnology revealed earlier this year that the central department had awarded a deal to security firm C3IA to support the fulfilment of a pilot phase in which the Home Office and the then Department for Business Energy and Industrial Strategy underwent GovAssure assessments.
- Government’s cyber plan delivers ‘a complete revolution in how we provide assurance’
- EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
- CCS deploys phishing simulation to help find security weak spots
The text of the contract with cyber company revealed that “once [an audit is] complete, a department will receive a ‘get well’ report listing current vulnerabilities which will then allow it to spend its cyber budget more effectively and to mitigate specific risks quickly”.
Announcing the full rollout of the programme in the coming months, government chief security officer Vincent Devine said the audit regime represents “a transformative change in government cybersecurity”.
“GovAssure will give us far greater visibility of the common cyber security challenges facing government,” he said. “It will set clear expectations for departments, empower hard-working cybersecurity professionals to strengthen the case for security change and investment, and will be a powerful tool for security advocacy.”
Chancellor of the Duchy of Lancaster Oliver Dowden – who has since also taken on the mantle of deputy prime minister – added: “Cyberthreats are growing, which is why we are committed to overhauling our defences to better protect government from attacks. Today’s stepped up cyber assurance will strengthen government systems, which run vital services for the public, from attacks. It will also improve the country’s resilience; a key part of our recent Integrated Review Refresh.”
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...
Parliamentary committee laments pace of progress so far in changing rules
Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk
Role comes with a remit to work with current and former military personnel, as well as officials and commercial suppliers
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...