Overview This document elaborates on the existing NCSC Cyber Security Guidelines for Major Events. It is essential to read the associated guidelines prior to this document and addresses fundamental topics including governance, risk assessment, incident management, testing, and conducting exercises. In this guidance, we will concentrate on analyzing cyber risks, selecting suppliers, and the processes…

SolarWinds Orion is a widely used IT system management platform that has faced a serious security compromise, potentially allowing attackers to exploit connected systems. An attacker managed to introduce a malicious and unauthorized modification to SolarWinds Orion products, granting them the ability to send administrator-level commands to any compromised installation. This modification: forces the Orion…

This document outlines the recommended strategies for the design, development, and security evaluation of products and systems designed to withstand heightened threats. It presents a collection of fundamental principles that can be applied to establish high-level security targets, which can subsequently inform design choices and development workflows. It is intended for organizations vulnerable to these…

Organizations frequently need to engage in external communication, which involves transferring data beyond their own boundaries. However, facilitating this transfer without compromising sensitive information can pose significant challenges. This guide outlines a structural pattern designed to enable secure data sharing while protecting the integrity of your essential networks and systems. Creating a Secure Export Solution…

Many organizations must communicate with external parties, transferring data across various boundaries. However, facilitating this process safely while preventing the unauthorized disclosure of sensitive data poses significant challenges. This guide outlines an architecture pattern designed to enable data sharing while protecting the integrity of your core networks and systems. Establishing a Comprehensive Export Solution This…

Your organization has established effective structures, policies, and processes designed to understand, assess, and systematically manage security risks associated with personal data. You maintain thorough data protection and information security policies and procedures. If necessary, you retain records of processing activities and have appointed a Data Protection Officer. Efforts are made to identify, assess, and…

Your organization has established robust structures, policies, and processes to recognize, evaluate, and effectively manage security risks associated with personal data. You have detailed data protection and information security policies in place. When necessary, you maintain detailed records of processing activities and designate a Data Protection Officer. You actively identify, assess, and comprehend security risks…

Your organization has established appropriate structures, policies, and processes to comprehensively understand, evaluate, and manage security risks associated with personal data. Moreover, you have implemented data protection and information security policies and processes. If necessary, you maintain records of processing activities, and have designated a Data Protection Officer. It is essential to take adequate measures…

This guidance has been developed with contributions from partnering agencies and is part of a series of publications aimed at underscoring the significance of cyber security measures on edge devices. Authored by the UK National Cyber Security Centre (NCSC) in collaboration with the Australian Signals Directorate (ASD), US Cybersecurity and Infrastructure Security Agency (CISA), the…

This guide has been developed with input from various partnering agencies and is part of a series of publications that highlight the critical need for cybersecurity measures on edge devices. It is produced by the UK National Cyber Security Centre (NCSC) in collaboration with the Australian Signals Directorate (ASD), the US Cybersecurity and Infrastructure Security…