Follow the Government Cyber Security Standard
All digital services and technical infrastructure must be built to comply with the Government Cyber Security Standard
To meet this commitment as part of Digital and Data functions strategic commitments your plans must show how you will meet the for your services and infrastructure.
All digital services and technical infrastructure in scope of your spend must comply with the appropriate Cyber Assessment Framework (CAF) profile and the cross-government Secure by Design principles.
The cross-government approach provides a series of mandatory and good practice to help organisations implement the approach. Delivery teams must establish a high confidence profile using the in the early phases of their projects, and maintain it as the projects evolve.
If youre going through the digital and technology spend control process you must explain how youre meeting this commitment if your spend request has been rated high on the risk and importance framework or has an assurance rating of control.
Answering no will not lead to an automatic rejection and you will need to explain why your spend cannot align to the commitment.
Updates to this page
-
First and fourth paragraph: small changes to wording and new links added. Second paragraph: the references to the cross government policies published in the government cyber security policy handbook and on security.gov.uk have been removed allowing only the references to the Cyber Assessment Framework (CAF) profile and cross-government Secure by Design principles. Third paragraph: removes the reference to Security by Design as framework and recommends it as approach. It also removes the indication that this approach is applied only to the delivery of digital services.
-
First published.