Overview[]
The CESG (formerly the "Communications and Electronic Security Group") is the U.K. Government's National Technical Authority for Information Assurance, responsible for enabling secure and trusted knowledge sharing to help entities achieve their business aims. It provides advice and assistance on the security of communications and electronic data and delivers information assurance policy, services and advice that government and other customers need to protect vital information services.
CESG aims to protect and promote the vital interests of the UK by providing advice and assistance on the security of communications and electronic data. To do this CESG provides information assurance policies, services and advice to government and other customers. This includes:
Technical advice:
- initial technical advice on design options for secure IT architectures;
- in-depth technical consultancy on specific information assurance issues;
- help with interpreting national security standards such as BS 7799;
- guidance on the use and deployment of cryptographic and other certified information assurance products; and
- advice on algorithm use and suitability.
Documentation:
- production of system security documentation, such as system security policy (SSP) and security operations procedures (SyOPs);
- advice on sources and status of technical documentation; and
- verbal and written feedback on technical documentation.
Other services include providing:
- continuity of information assurance advice throughout the life of projects;
- information on suppliers of approved and certified products;
- help-desk style telephone advice;
- access to alternative sources of technical advice; and
- training on specific information assurance issues.
As part of U.K. Government’s drive to improve the culture of security throughout the public sector, CESG is working as part of a team that is looking at making policy and guidance documentation more widely available. Much of the existing documentation is neither relevant to, nor written in appropriate language for, the wider public sector. The aim of this work is to understand the information assurance needs of the wider public sector and to tailor existing policy and guidance documents to this community.