GovAssure
GovAssure is the new cyber security assurance approach for government that will replace the cyber security element of the Departmental Security Health Check (DSHC) from April 2023.
GovAssure is the new cyber security assurance approach for government that will replace the cyber security element of the Departmental Security Health Check (DSHC) from April 2023.
The GovAssure assurance approach meets the requirements for an objective understanding of government cyber security as set out in the Government Cyber Security Strategy. GovAssure uses the National Cyber Security Centre’s Cyber Assessment Framework (CAF).
Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government.
Scope of GovAssure
GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber.
- Start with the GovAssure Overview
- Stage 1: Organisational context and services
- Stage 2: In-scope systems and assignment to the Government CAF profile
- Stage 3: CAF self-assessment
- Stage 4: Independent assurance review / peer review
- Stage 5: Final assessment and targeted improvement plan (‘get well plan’)
- Templates and Downloads