The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments with regards to protecting their information, technology, and digital services.

The Minimum Cyber Security Standard presents a minimum set of security measures which all government departments will need to follow, however, there is some flexibility in how they achieve these measures, depending on “local context.”

The standard highlights 10 elements which are broken down into five key areas: Identify, Protect, Detect, Respond, and Recover. In the Identify phase, the measures emphasize “appropriate cybersecurity governance processes”, “identifying and cataloging sensitive information and key operational services they provide”, and “continuously managing access to sensitive information or key operational services.”

Within the Protect phase, the standard focuses on script authentication measures for all users with access to sensitive information; protection of systems from exploitation of known vulnerabilities; and security for highly privileged accounts. In this phase, organizations must keep an inventory of all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.

NNT is a CIS Certified Vendor and as such, accurately delivers the industry-standard configuration hardening guidance from the CIS Benchmarks to help organizations maintain documented, standard security configuration standards for all authorized operating systems and devices. Change Tracker Gen7 incorporates pre-built hardening templates from the CIS to audit for any vulnerabilities present and then continuously monitors for any configuration drift from that hardened state.

In the Detect stage, departments must take the necessary steps to detect common cyber-attacks. This includes capturing events combined with common threat intelligence sources to detect known threats and having a clear definition of what must be protected and why, which in turn should influence the monitoring solution to detect events which might indicate a potential security incident.  

NNT utilizes Closed-Loop Intelligent Change Control, literally learning which changes within your environment are normal, applying threat–based logic to the automation of change approvals. Change Tracker Gen7 significantly reduces the amount of ‘change noise’ associated with traditional integrity monitoring systems by leveraging NNT FAST (File Approved-Safe Technology) Cloud. With FAST Cloud, file changes are automatically validated using an authoritative file whitelist, clearly highlighting only genuinely suspicious activity.

The Respond stage focuses on departments developing an incident response and management plan with clearly defined responsibilities and actions. The Department must also have communication plans in place in the event of an incident, which includes notifying the relevant supervisory body, senior accountable individuals, the Departmental press office, the National Cyber Security Centre (NCSC), Government Security Group (Cabinet Office), the Information Commissioner’s Office (ICO) or law enforcement as applicable.

The last stage, Recover, stresses that departments must identify and test contingency mechanisms to continue to deliver essential services in the event of a security incident; post-incident recovery activities must ensure the same issue cannot arise in the same way again; and all systemic vulnerabilities identified must be remediated.

The framework adds that “Overtime, these measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of the new Active Cyber Defense measures that Departments will be expected to use and where available for use by suppliers.”

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.