• United States



UK Editor

UK launches GovAssure cybersecurity scheme to protect government IT functions

Apr 21, 20232 mins
ComplianceGovernmentIT Governance Frameworks

Under new rules, all central government departments will have their cyber health reviewed annually, introducing key changes in how the government protects itself from cyberthreats.

All government departments and some bodies are to have their cybersecurity postures reviewed under new, more stringent measures being put in place as part of a new security regime, known as GovAssure. Announced during the CyberUK conference this week, GovAssure will be run by the Cabinet Office’s Government Security Group with support from the UK National Cyber Security Centre (NCSC).

Under the new rules, all central government departments will have their cyber health reviewed annually, introducing several changes in the way government protects itself from cyberthreats.

GovAssure will use the NCSC’s Cyber Assessment Framework

GovAssure will use the NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have, including measures such as setting out indicators of good practice for managing security risk and protecting against cyberattacks. Departments will also be assessed by third parties to increase standardisation and validate results, with centralised cybersecurity policy and guidance introduced to help government organisations identify best practice.

“This is a transformative change in government cybersecurity,” said UK government CSO Vincent Devine. “GovAssure will give us far greater visibility of the common cybersecurity challenges facing government. It will set clear expectations for departments, empower hard-working cybersecurity professionals to strengthen the case for security change and investment, and will be a powerful tool for security advocacy.”

GovAssure delivers on a key part of the government’s Cyber Security Strategy by improving cyber resilience.

UK cybersecurity takes centre stage amid rising threats

UK cybersecurity has been high on the agenda at the CyberUK conference in Belfast this week. A number of security alerts have been published, including warnings about the threats posed by irresponsible use of commercial hacking tools and emerging Russian state-aligned groups targeting critical national infrastructure (CNI).

NCSC CEO Lindy Cameron warned of the potential national cybersecurity risks posed by China’s advancements in cyberspace, urging the western cybersecurity community to keep pace with China’s developments. Meanwhile, UK security minister Tom Tugendhat highlighted three areas where enhanced government-industry collaboration is needed to improve the UK’s cybersecurity posture for the future – threat prevention, bolstered defences, and new technology.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author