Skip to main content

This is a new service – your feedback will help us to improve it.

  1. Guidance
  2. GovAssure


GovAssure is the new cyber security assurance approach for government that will replace the cyber security element of the Departmental Security Health Check (DSHC) from April 2023.

The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy. GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF).

Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government.

Scope of GovAssure

GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber.