Guidance

Designing and managing your connected places system administration

Updated 10 July 2023

This was published under the 2019 to 2022 Johnson Conservative government

The following guidance provides an overview to secure system administration design and management. It is important that connected places project leaders/managers, IT professionals and cyber security leads have a clear understanding of best practice so that they are able to critically assess the security of their connected place's administration practices.

This guidance is relevant to:

  • Connected places project leaders/managers
  • IT professionals
  • Cyber security leads

Secure System Administration

Owner: National Cyber Security Centre

About this guidance: This guidance provides design principles for Information Technology (IT) and Operational Technology (OT) systems to help you develop and implement a system management strategy that protects your organisation's most sensitive data.


Systems Administration Architectures

Owner: National Cyber Security Centre

About this guidance: This guidance outlines some of the common approaches and architectural models used to design the administration approach for IT systems and the risks associated with each.


Good Practice Guide 44 (authenticators)

Owner: Government Digital Service/Cabinet Office

About this guidance: This guidance provides you with guidelines on how to assess and make decisions on what authenticators your service should require.


Introduction to Identity and Access Management

Owner: National Cyber Security Centre

About this guidance: This guidance provides you with a primer on the essential techniques, technologies and uses of access management.


Design and Build a Privately Hosted Public Key Infrastructure

Owner: National Cyber Security Centre

About this guidance: This guidance outlines 12 principles for the design and build of in-house (private) Public Key Infrastructure (PKI) which will help guide your thinking as you develop an in-house PKI. PKI is a 'trust service' and method of confirming the identity of users, devices and services connected to privately owned infrastructure through proving ownership of a private key. It can be used to verify that a sender or receiver of data is exactly who they claim to be.