Designing and managing your connected places system administration
Updated 10 July 2023
The following guidance provides an overview to secure system administration design and management. It is important that connected places project leaders/managers, IT professionals and cyber security leads have a clear understanding of best practice so that they are able to critically assess the security of their connected place's administration practices.
This guidance is relevant to:
- Connected places project leaders/managers
- IT professionals
- Cyber security leads
Owner: National Cyber Security Centre
About this guidance: This guidance provides design principles for Information Technology (IT) and Operational Technology (OT) systems to help you develop and implement a system management strategy that protects your organisation's most sensitive data.
Systems Administration Architectures
Owner: National Cyber Security Centre
About this guidance: This guidance outlines some of the common approaches and architectural models used to design the administration approach for IT systems and the risks associated with each.
Good Practice Guide 44 (authenticators)
Owner: Government Digital Service/Cabinet Office
About this guidance: This guidance provides you with guidelines on how to assess and make decisions on what authenticators your service should require.
Introduction to Identity and Access Management
Owner: National Cyber Security Centre
About this guidance: This guidance provides you with a primer on the essential techniques, technologies and uses of access management.
Design and Build a Privately Hosted Public Key Infrastructure
Owner: National Cyber Security Centre
About this guidance: This guidance outlines 12 principles for the design and build of in-house (private) Public Key Infrastructure (PKI) which will help guide your thinking as you develop an in-house PKI. PKI is a 'trust service' and method of confirming the identity of users, devices and services connected to privately owned infrastructure through proving ownership of a private key. It can be used to verify that a sender or receiver of data is exactly who they claim to be.