Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what mechanisms the Government uses to assess public sector compliance with national cyber security standards.

GovAssure is the cyber security assurance scheme for assessing the critical systems of government organisations. The scheme was launched in April 2023 and DSIT recently initiated the scheme’s third year of operations.

GovAssure requires government organisations to self-assess the cyber resilience of their critical systems using the NCSC’s Cyber Assessment Framework (CAF). Outcomes are independently verified by accredited third-party reviewers and returned to the Government Cyber Unit, providing DSIT with a clear and objective understanding of cyber resilience levels across government, including the systemic issues preventing organisations from achieving target resilience levels.

DSIT expects to publish the Government Cyber Action Plan later this Winter. The plan sets out how we will adopt a radical shift in our approach to cyber and digital resilience risks across the public sector, with a focus on strengthening accountability. It sets out the underlying milestones and a performance framework for measuring Government’s progress towards these goals, providing DSIT with a further mechanism for assessing compliance.