Follow the Government Cyber Security Standard
All digital services and technical infrastructure must be built to comply with the Government Cyber Security Standard
To meet this commitment as part of Digital and Data function鈥檚 strategic commitments your plans must show how you will meet the for your services and infrastructure.
All digital services and technical infrastructure in scope of your spend must comply with the appropriate Cyber Assessment Framework (CAF) profile and the cross-government Secure by Design principles.
The cross-government approach provides a series of mandatory and good practice to help organisations implement the approach. Delivery teams must establish a 鈥渉igh鈥� confidence profile using the in the early phases of their projects, and maintain it as the projects evolve.
If you鈥檙e going through the digital and technology spend control process you must explain how you鈥檙e meeting this commitment if your spend request has been rated 鈥渉igh鈥� on the risk and importance framework or has an assurance rating of 鈥渃ontrol鈥�.
Answering 鈥榥o鈥� will not lead to an automatic rejection and you will need to explain why your spend cannot align to the commitment.
Updates to this page
-
First and fourth paragraph: small changes to wording and new links added. Second paragraph: the references to the cross government policies published in the government cyber security policy handbook and on security.gov.uk have been removed allowing only the references to the Cyber Assessment Framework (CAF) profile and cross-government Secure by Design principles. Third paragraph: removes the reference to Security by Design as 鈥渇ramework鈥� and recommends it as 鈥渁pproach鈥�. It also removes the indication that this approach is applied only to the delivery of digital services.
-
First published.