Your path to resilience with GovAssure

Empowering Government Cyber Security.

GovAssure represents a pioneering approach to cybersecurity assurance for the government, replacing the cybersecurity component of the Departmental Security Health Check (DSHC) from April 2023.

Your Path To Resilience With GovAssure

The GovAssure scheme provides public sector organisations with a better understanding of their security and resilience capabilities in the face of hostile threats. It also relays this information to the central government for transparency and alignment with the Government Cyber Security Strategy to strengthen the UK’s resilience against cyber-attacks across essential services.

GovAssure is only designed for official systems and does not apply to secret or higher systems, to help improve cyber security posture and the capabilities of governmental departments and closely linked organisations.

A Five-Stage Process

Organisational Contact and Services
The first stage is a scoping exercise, where you must have and develop a complete understanding of your strategic context, aligning with current and evolving cyber security threat landscapes. This scope is defined by the essential and critical services you provide.

In-Scope Systems and Services
After this, your assets should be reviewed, and critical systems identified – operational and support systems – related to the essential and critical services you provide. These will be assigned to either a Baseline or Enhanced profile from the Government’s Cyber Assessment Framework (CAF).

Security Self-Assessment
Next, you will undertake a self-assessment from the CAF, which measures your organisation against four objectives that also closely align with several industry-standard frameworks such as ISO27001.

  1. Managing Security Risk
  2. Protecting Against Cyber Attacks
  3. Detecting Cyber Security Events
  4. Minimising the Impact of Cyber Security Incidents

Independent Assurance Review
Accredited third-parties are then required to independently review your self-assessment, assessing the level of attainment, and validating the results of the CAF assessment findings to determine how effective your current security controls are.

Final Assessment and Improvement Plan
The last step involves a final assessment report generated and provided to you after the independent review is completed, with the Cabinet Office’s Government Security Group (GSG) working with you to develop a targeted improvement plan.