GovAssure is the new cyber security assurance approach for government that will replace the cyber security element of the Departmental Security Health Check (DSHC) from April 2023.
The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy. GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF).
Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government.
GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber.
Start with the GovAssure getting started guide. This will give you all the information you need on the 5 stage GovAssure process.
You can find an introduction to the National Cyber Security Centre’s Cyber Assessment Framework (CAF) here.
You can find the Government CAF Profiles here.
You can find information on engaging with stakeholders about GovAssure here.
You can find information on understanding commercial processes within your organisation here.
You can find the Government Cyber Security Policy Handbook here.
Email cybergovassure@cabinetoffice.gov.uk if you have any questions.
OFFICIAL