The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments with regards to protecting their information, technology, and digital services.

The Minimum Cyber Security Standard presents a minimum set of security measures which all government departments will need to follow, however, there is some flexibility in how they achieve these measures, depending on “local context.”

The standard highlights 10 elements which are broken down into five key areas: Identify, Protect, Detect, Respond, and Recover. In the Identify phase, the measures emphasize “appropriate cybersecurity governance processes”, “identifying and cataloging sensitive information and key operational services they provide”, and “continuously managing access to sensitive information or key operational services.”

Within the Protect phase, the standard focuses on script authentication measures for all users with access to sensitive information; protection of systems from exploitation of known vulnerabilities; and security for highly privileged accounts. In this phase, organizations must keep an inventory of all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.

NNT is a CIS Certified Vendor and as such, accurately delivers the industry-standard configuration hardening guidance from the CIS Benchmarks to help organizations maintain documented, standard security configuration standards for all authorized operating systems and devices. Change Tracker Gen7 incorporates pre-built hardening templates from the CIS to audit for any vulnerabilities present and then continuously monitors for any configuration drift from that hardened state.

In the Detect stage, departments must take the necessary steps to detect common cyber-attacks. This includes capturing events combined with common threat intelligence sources to detect known threats and having a clear definition of what must be protected and why, which in turn should influence the monitoring solution to detect events which might indicate a potential security incident.  

NNT utilizes Closed-Loop Intelligent Change Control, literally learning which changes within your environment are normal, applying threat–based logic to the automation of change approvals. Change Tracker Gen7 significantly reduces the amount of ‘change noise’ associated with traditional integrity monitoring systems by leveraging NNT FAST (File Approved-Safe Technology) Cloud. With FAST Cloud, file changes are automatically validated using an authoritative file whitelist, clearly highlighting only genuinely suspicious activity.

The Respond stage focuses on departments developing an incident response and management plan with clearly defined responsibilities and actions. The Department must also have communication plans in place in the event of an incident, which includes notifying the relevant supervisory body, senior accountable individuals, the Departmental press office, the National Cyber Security Centre (NCSC), Government Security Group (Cabinet Office), the Information Commissioner’s Office (ICO) or law enforcement as applicable.

The last stage, Recover, stresses that departments must identify and test contingency mechanisms to continue to deliver essential services in the event of a security incident; post-incident recovery activities must ensure the same issue cannot arise in the same way again; and all systemic vulnerabilities identified must be remediated.

The framework adds that “Overtime, these measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of the new Active Cyber Defense measures that Departments will be expected to use and where available for use by suppliers.”

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.