The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments with regards to protecting their information, technology, and digital services.
The Minimum Cyber Security Standard presents a minimum set of security measures which all government departments will need to follow, however, there is some flexibility in how they achieve these measures, depending on “local context.”
The standard highlights 10 elements which are broken down into five key areas: Identify, Protect, Detect, Respond, and Recover. In the Identify phase, the measures emphasize “appropriate cybersecurity governance processes”, “identifying and cataloging sensitive information and key operational services they provide”, and “continuously managing access to sensitive information or key operational services.”
Within the Protect phase, the standard focuses on script authentication measures for all users with access to sensitive information; protection of systems from exploitation of known vulnerabilities; and security for highly privileged accounts. In this phase, organizations must keep an inventory of all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.
NNT is a CIS Certified Vendor and as such, accurately delivers the industry-standard configuration hardening guidance from the CIS Benchmarks to help organizations maintain documented, standard security configuration standards for all authorized operating systems and devices. Change Tracker Gen7 incorporates pre-built hardening templates from the CIS to audit for any vulnerabilities present and then continuously monitors for any configuration drift from that hardened state.
In the Detect stage, departments must take the necessary steps to detect common cyber-attacks. This includes capturing events combined with common threat intelligence sources to detect known threats and having a clear definition of what must be protected and why, which in turn should influence the monitoring solution to detect events which might indicate a potential security incident.
NNT utilizes Closed-Loop Intelligent Change Control, literally learning which changes within your environment are normal, applying threat–based logic to the automation of change approvals. Change Tracker Gen7 significantly reduces the amount of ‘change noise’ associated with traditional integrity monitoring systems by leveraging NNT FAST (File Approved-Safe Technology) Cloud. With FAST Cloud, file changes are automatically validated using an authoritative file whitelist, clearly highlighting only genuinely suspicious activity.
The Respond stage focuses on departments developing an incident response and management plan with clearly defined responsibilities and actions. The Department must also have communication plans in place in the event of an incident, which includes notifying the relevant supervisory body, senior accountable individuals, the Departmental press office, the National Cyber Security Centre (NCSC), Government Security Group (Cabinet Office), the Information Commissioner’s Office (ICO) or law enforcement as applicable.
The last stage, Recover, stresses that departments must identify and test contingency mechanisms to continue to deliver essential services in the event of a security incident; post-incident recovery activities must ensure the same issue cannot arise in the same way again; and all systemic vulnerabilities identified must be remediated.
The framework adds that “Overtime, these measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of the new Active Cyber Defense measures that Departments will be expected to use and where available for use by suppliers.”