Guidance

Follow the Government Cyber Security Standard

All digital services and technical infrastructure must be built to comply with the Government Cyber Security Standard

To meet this commitment as part of Digital and Data function’s strategic commitments your plans must show how you will meet the government cyber security standard for your service and infrastructure.

All digital services and technical infrastructure in scope of your spend must comply with cross-government policies published in the government cyber security policy handbook and on security.gov.uk

The cross government Security by Design (SbD) framework provides good practice guidance and tools to help organisations follow a SbD approach for the delivery of digital services.

The cross-government Secure by Design (SbD)
principles
, includes a self-assessment tracker. You should review the tracker and complete it for your project after each phase of delivery.

If you’re going through the spend control process you must explain how you’re meeting this commitment if your spend request has been rated high on the risk and importance framework or has an assurance rating of control.

Answering ‘no’ will not lead to an automatic rejection and you will need to explain why your spend cannot align to the commitment.

Updates to this page

Published 23 February 2024

Sign up for emails or print this page