GovAssure is the new cyber security assurance approach for government that will replace the cyber security element of the Departmental Security Health Check (DSHC) from April 2023.
The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy. GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF).
Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government.
GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber.