Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what (a) process and (b) criteria the Prime Minister will use to determine the timing of a general election.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
I refer the hon. Member to the answer of 26 February, Official Report, PQ 14293.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, when he plans that all eligible under the (a) Afghan Relocations and Assistance Policy and (b) Afghan Citizens Resettlement Scheme will be relocated from (i) Iran, (ii) Pakistan and (iii) other third countries to the UK.
Answered by Johnny Mercer - Minister of State (Cabinet Office) (Minister for Veterans' Affairs)
The UK has made an ambitious and generous commitment to help at-risk people in Afghanistan and, so far, we have brought around 24,600 people to safety, including over 21,600, people eligible for the Afghan Citizens Resettlement Scheme (ACRS) and the Afghan Relocations and Assistance Policy (ARAP) schemes, as of September 2023. The Government is committed to relocating all eligible persons who remain in Pakistan and third countries as soon as possible, and have made significant progress in the last few months.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what safeguards are in place to prevent government officials from betting on the (a) success and (b) timing of policy implementations.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Civil Service Code sets out the standards of behaviour expected of all civil servants to uphold the Civil Service’s core values, which are integrity, honesty, objectivity and impartiality.
The Code makes clear that civil servants must not misuse their official position, for example by using information acquired in the course of their official duties to further their private interests or those of others.
The Code is part of the contractual relationship between civil servants and their employer. Breaches of the Code can result in disciplinary action with potential sanctions extending to dismissal.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what assessment he has made of the potential impact of incorporating device security in public sector risk management strategies.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Government Cyber Security Standard requires government organisations to meet or exceed the security outcomes specified in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC).
One of the four objectives which make up the CAF is managing security risk; this objective covers a range of security outcomes in relation to organisations’ internal processes for managing security risk, accountability and decision-making and managing assets such as corporate devices. The CAF also includes specific security outcomes in relation to the secure configuration and management of devices.
In November 2023 we published the cross-government Mobile Device Management (MDM) policy to help government organisations and their Arms Length Bodies keep their corporately owned mobile devices secure and prevent data breaches. This policy is mandatory for all government organisations and Arms Length Bodies. It requires them to manage corporately owned mobile phones and tablets which access, process or store OFFICIAL government and/or citizen data via critical systems using an appropriate MDM solution.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what recent assessment he has made of the effectiveness of the Government's cyber security measures in protecting public sector organisations.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Government prioritises public sector cyber security, which is why in April 2023 GovAssure was launched. Under GovAssure, government organisations regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. We are currently evaluating the first year’s assessments.
GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.
With its foundations in the National Cyber Security Centre’s Cyber Assessment Framework, GovAssure will help us to understand our risk at scale and put us on the pathway to reducing it, as well as aligning Government with the best practice in management of wider UK Critical National Infrastructure sectors.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what his Department's policy is on the security requirements for endpoint devices procured by the public sector.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Government Cyber Security Standard requires government organisations to meet or exceed the security outcomes specified in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC). This includes specific security outcomes in relation to the secure configuration and management of devices.
As the CAF is outcomes-based, it does not specify which commercially available devices meet these security requirements or which vendors government organisations should buy their devices from. That is a matter for government organisations to determine locally, in consultation with their commercial, security and IT teams, based on their organisation’s business needs, risk tolerance and threat profile.
In addition, in November 2023 we published the cross-government Mobile Device Management policy to help government organisations and their Arms Length Bodies keep their corporately owned mobile devices secure and prevent data breaches. NCSC also provides guidance on how to securely configure devices from each of the most commonly used platforms.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what criteria his Department uses to determine the security standard of hardware devices before they are purchased by Government.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Government Cyber Security Standard requires government organisations to meet or exceed the security outcomes specified in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC). This includes specific security outcomes in relation to the secure configuration and management of devices.
As the CAF is outcomes-based, it does not specify which commercially available devices meet these security requirements or which vendors government organisations should buy their devices from. That is a matter for government organisations to determine locally, in consultation with their commercial, security and IT teams, based on their organisation’s business needs, risk tolerance and threat profile.
In addition, in November 2023 we published the cross-government Mobile Device Management policy to help government organisations and their Arms Length Bodies keep their corporately owned mobile devices secure and prevent data breaches. NCSC also provides guidance on how to securely configure devices from each of the most commonly used platforms.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what assessment he has made of the effectiveness of the Procurement Act 2023 on strengthening cyber security requirements for public tenders.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Procurement Act 2023 brings in new powers to exclude and debar companies from public procurement on grounds of national security. The new National Security Unit for Procurement (NSUP), in the Cabinet Office, will work across government to coordinate assessments of companies and support ministers in national security debarment decisions.
In addition, Procurement Policy Note 09/14 requires central government contracting authorities to ensure that for contracts with certain characteristics, suppliers must meet the technical requirements prescribed by Cyber Essentials, including where suppliers store, or process, personal information or data at Official level.
The Cabinet Office encourages all organisations to follow National Cyber Security Centre (NCSC) guidance which sets out the security matters to be considered during the procurement process. The National Protective Security Agency (NPSA) has also published guidance to prevent hostile actors exploiting vulnerabilities in supply chains.
The National Procurement Policy Statement sets out the national priorities that all contracting authorities should have regard to in their procurement where it is relevant to the subject matter of the contract and proportionate to do so. The current statement does not include cyber security as a separate, wider policy because the need for cyber security protection is fundamental to procurements where it applies and therefore built into the procurement process as described above. The new legislative statement that will come into force alongside the Procurement Act is currently being drafted and will be subject to a consultation process as set out in Section 13 of the Act.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, if he will make an assessment of the impact of the National Procurement Policy Statement, published in June 2021, on cybersecurity in public sector procurement processes.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Procurement Act 2023 brings in new powers to exclude and debar companies from public procurement on grounds of national security. The new National Security Unit for Procurement (NSUP), in the Cabinet Office, will work across government to coordinate assessments of companies and support ministers in national security debarment decisions.
In addition, Procurement Policy Note 09/14 requires central government contracting authorities to ensure that for contracts with certain characteristics, suppliers must meet the technical requirements prescribed by Cyber Essentials, including where suppliers store, or process, personal information or data at Official level.
The Cabinet Office encourages all organisations to follow National Cyber Security Centre (NCSC) guidance which sets out the security matters to be considered during the procurement process. The National Protective Security Agency (NPSA) has also published guidance to prevent hostile actors exploiting vulnerabilities in supply chains.
The National Procurement Policy Statement sets out the national priorities that all contracting authorities should have regard to in their procurement where it is relevant to the subject matter of the contract and proportionate to do so. The current statement does not include cyber security as a separate, wider policy because the need for cyber security protection is fundamental to procurements where it applies and therefore built into the procurement process as described above. The new legislative statement that will come into force alongside the Procurement Act is currently being drafted and will be subject to a consultation process as set out in Section 13 of the Act.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, if he will make an assessment of the effectiveness of the Procurement Act 2023 for tackling cybersecurity threats in public tenders.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Procurement Act 2023 brings in new powers to exclude and debar companies from public procurement on grounds of national security. The new National Security Unit for Procurement (NSUP), in the Cabinet Office, will work across government to coordinate assessments of companies and support ministers in national security debarment decisions.
In addition, Procurement Policy Note 09/14 requires central government contracting authorities to ensure that for contracts with certain characteristics, suppliers must meet the technical requirements prescribed by Cyber Essentials, including where suppliers store, or process, personal information or data at Official level.
The Cabinet Office encourages all organisations to follow National Cyber Security Centre (NCSC) guidance which sets out the security matters to be considered during the procurement process. The National Protective Security Agency (NPSA) has also published guidance to prevent hostile actors exploiting vulnerabilities in supply chains.
The National Procurement Policy Statement sets out the national priorities that all contracting authorities should have regard to in their procurement where it is relevant to the subject matter of the contract and proportionate to do so. The current statement does not include cyber security as a separate, wider policy because the need for cyber security protection is fundamental to procurements where it applies and therefore built into the procurement process as described above. The new legislative statement that will come into force alongside the Procurement Act is currently being drafted and will be subject to a consultation process as set out in Section 13 of the Act.