To enhance the UK's resilience against cyber threats, the government has introduced new cybersecurity measures to safeguard its crucial IT operations. The new regulations include annual cyber health checks by central government departments, as part of the GovAssure program. Administered by the Government Security Group (GSG) of the Cabinet Office, the scheme will involve collaboration with the National Cyber Security Centre (NCSC).
The GovAssure program brings about several changes in the way the UK government shields itself from cyber threats. These changes entail the use of the Cyber Assessment Framework (CAF) from the NCSC to scrutinise the assurance measures of all government departments. CAF incorporates indicators of good practice for managing security risk, and is specially designed to enhance the resilience of critical national services. To standardize results and elevate uniformity, third parties will conduct assessments of the departments. Additionally, centralised cybersecurity policy and guidance will be provided to help government organizations recognize best practices.
The launch of GovAssure aligns with the Government Cyber Security Strategy (GCSS) unveiled in January 2022, which outlined the critical challenges in government security and a clear vision for enhancing resilience.