Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Vulnerability Monitoring Service

Author: Government Digital Service

Vulnerability Monitoring Service

The Vulnerability Monitoring Service (VMS), provided by the Government Digital Service (GDS), helps public sector organisations identify and respond to security vulnerabilities in your internet-facing digital services.

This service used to be known as Extended Monitoring.

The VMS is part of an extended service that builds on the monitoring already offered by DNS Check.

You can sign up to the VMS now through our online form. You’ll then hear from us if there’s a critical vulnerability.

From 15 December 2025, the VMS will be available on MyNCSC, where you’ll be able to look at your VMS findings. If you have already registered for VMS, you will need to make sure your domains are verified in MyNCSC to view the findings.

Benefits of using the VMS

The benefits of the VMS include:

  • centrally funded with no cost to your organisation
  • proactive protection that detect vulnerabilities before attackers do
  • free outreach service and we will contact you if we detect critical vulnerabilities
  • extends monitoring provided by DNS Check
  • optional SIEM integration that feed alerts directly into your existing security tools
  • access to the domain and vulnerability knowledge base

What the VMS does

Once you register, GDS will monitor your digital environment and we will:

  • alert you to vulnerabilities and misconfigurations
  • support you to fix any issues
  • use automated and manual triage of the issues to help you prioritise critical issues

The service can find internet-facing vulnerabilities including:

  • web based vulnerabilities
  • exposed files, storage buckets and admin panels
  • misconfigurations
  • phishing domains
  • new and existing CVEs in applications like Microsoft Exchange and ServiceNow
  • software vulnerabilities like XSS and RCE
  • exposed API keys and passwords
  • open ports
  • IP addresses in untrusted locations

As the service evolves, new checks will be added based on user feedback, without disrupting your services.

When we add new checks to our service we will make sure they don’t harm the service being monitored.

Source and frequency of scanning

Current monitoring traffic originates from Detectify using the scanner.detectify.com with the dedicated IP addresses 52.17.9.21 and 52.17.98.131.

Please ensure you have notified the appropriate people to allow traffic from these IPs.

From time to time the IPs will change as we rotate in new suppliers and services. We will notify you of any changes.

The VMS makes multiple connections a day to services operating on your domains. It queries each service by host and IP address and each open port found.

Neither GDS nor your organisation can control the timing or cadence of the monitoring.

Impact on services

The VMS can generate a substantial amount of traffic but is within the volumes a modern service should be able to tolerate.

If your website or digital service is not configured to handle reasonable volumes of traffic it could encounter issues.

If your service is unable to handle this volume of traffic, it could already be vulnerable to a denial of service (DoS) attack.

Register for the VMS

We accept domains in any namespace, for example .gov.uk, .nhs.scot, or .org.uk, as long as you own the domain and can authorise monitoring of the services it operates.

Before you register, you will need to:

  • know what domains you own and are responsible for, to give GDS permission to access your domains
  • tell your organisation’s appropriate security and operations people about the monitoring before it is set up. This makes sure they understand where the extra traffic is coming from and do not block it
  • tell your service providers about the monitoring to make sure you are contractually allowed to include the VMS

Start now

From the 15 December 2025, you can add the VMS service to your domains in MyNCSC and will not need to complete this form.

After you’ve registered

Once registered, GDS will begin monitoring your domains and alert you by email if any critical issues are found, along with guidance on how to fix them. If you’ve requested SIEM integration, we’ll also contact you to help set it up.

If you’re already registered with MyNCSC

You will need to verify your domains in the ‘add new asset’ section in MyNCSC, so that your VMS findings can be displayed from 15 December 2025.

Share your zone files

To make sure we’re monitoring your full attack surface, you should share your zone files with our team.

This lets us keep an eye on all your domains and subdomains, helping ensure nothing is missed and reducing the risk of vulnerabilities going unnoticed.

Making changes after registering

If you need to make changes after registering, you can let us know by sending an email to support@domains.gov.uk.

From 15 December 2025, you can make changes to your VMS service in MyNCSC.

Changes you might need to make include:

  • adding a new domain
  • adding or removing members from your organisation

Contact us

If you need more information email support@domains.gov.uk

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now