Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the adequacy of One Login’s compliance with a) Secure by Design and b) the Cyber Assessment Framework.

GOV.UK One Login is engaging appropriately with the Secure by Design (SbD) assessment process, and SbD principles are already embedded into the service.

GOV.UK One Login was assessed using GovAssure in 2024, the cyber security scheme for assessing government critical systems using the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) as part of the Government Cyber Security Strategy 2022-2030. GovAssure has multiple phases, which includes an assurance review by an independent assessor. The GOV.UK One Login programme works closely with NCSC to align with the requirements of the CAF.