2T Security GovAssure Services
GovAssure Scheme
The Deputy Prime minister announced the launch of the new GovAssure scheme at CyberUK 2023. This marked a major milestone in a project that has been running for almost two years.
GovAssure is a groundbreaking strategy for evaluating the cybersecurity of UK Government systems. Developed by the Government Security Group (GSG) within the Cabinet Office. This approach draws on the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC). Organisations operating in Critical National Infrastructure, are embracing the Cyber Assessment Framework because it enables them to conduct comprehensive evaluations of their systems and easily reporting the outcomes to their regulatory bodies.
Cyber Assessment Framework
The Cyber Assessment Framework (CAF) employs an outcome-based approach for assessing systems, focusing on results rather than prescribing specific solutions. It uses a baseline or enhanced profile, depending on the perceived threat level, to evaluate each system. To compile the assessment, the CAF uses a new online tool.
Presently, independent assurance companies will conduct a thorough review of the completed assessments to validate the findings. These companies, which must be part of the NCSC’s Assured Cyber Security Consultancy framework, will offer a comprehensive summary of the assessment results. Additionally, a convenient online tool will be used to send the results back to the organisation and the Government Security Group. It’s worth noting that for the first year, there is an alternative route available, which is not NCSC-assured but is based on different criteria.
2T Security GovAssure Services
Throughout the development and implementation of GovAssure, 2T Security has closely collaborated with the Government Security Group and the National Cyber Security Centre. Our involvement includes:
- Conducting in-depth technical analysis of the CAF.
- Constructing a robust empirical model for generating the CAF profiles.
- Developing comprehensive training sessions for the independent assurance companies involved in the process.
Tony Badsey-Ellis, Head Consultant for Risk Management, said:
“We are excited to announce that we are one of only seven companies who have met the challenging quality bar to be on the NCSC Assured Framework for GovAssure. This adds to our portfolio of risk analysis and technical review services.”
You can access our GovAssure services through the Crown Commercial Services Dynamic Purchasing System, under the Cyber Security Supplier 3 framework.
If you want to learn more about GovAssure and how we can assist with your assessments, please feel free to reach out to us.