November 2021
The National Cyber Security Strategy 2019-2024 states that the National Cyber Security Centre (NCSC), in conjunction with the OGCIO, will under Measure 8 formulate a cyber security baseline standard for Government ICT. The Baseline Standard will be aligned with international standards and phased in across all Public Service Bodies (PSBs). These standards typically include measures and controls in relation to staff training, identity and access management. Compliance with the standard which will be adhered to at local PSB level with support and guidance provided by the NCSC.
In order to effectively address the multiple public sector Information and Communications Technology (ICT) challenges and to improve the resilience and security of public sector ICT systems, a series of measures will be set out to develop and deploy a Cyber Security Baseline Standard to be applied to Government ICT systems and services. The recommendation of the Steering Group is that the Cyber Security Baseline Standards would apply to all Public Service Bodies.
The process for drawing up the standards was managed by a Steering Group with representation from stakeholders in Government Departments and agencies.
As part of the implementation framework of the Cyber Security Baseline Standards, the National Cyber Security Strategy proposed under Measure 10 of the Strategy to set up a Government IT Security forum for the implementation of the Cyber Security Baseline Standards across Government networks and Services. The Government IT Security forum will be created, open to all Heads of IT Security across Government, to facilitate information sharing on best practice for cyber security and to allow the NCSC to support the deployment of the baseline security standard.
The Steering Group insist that this standard is essential and will contribute in a positive way to foster a culture of cyber security and best practice across Public Service Bodies. Similar to practices in the aviation and healthcare industries, the Steering Group want to nurture a Cyber Security environment where every “identified risk” is seen as an opportunity to strengthen the system. This will help to remove a cyber security blame culture and positively reinforce cyber security best practices.
The positive contribution and involvement of Public Service Bodies in the Steering Group is essential in order to ensure that the design and implementation of Cyber Security Baseline Standards are fit for Public Service ICT purposes and can demonstrate Cyber Security best practice.
Views: 0