The National Technical Authority
for Information Assurance

Policy Development

Information Assurance Policy is the foundation of CESG’s business.

CESG develops HMG policy for protecting data and advises on its implementation. Underpinning all our work is the principle of risk management. We take an experienced balanced view of risk to identify appropriate countermeasures, thereby giving you a sound basis from which to make informed decisions on managing the risks to your data.

This work is managed by the IA policy unit as a 'common-good' activity on behalf of all UK government departments and agencies. The guidance we produce is intended mainly for this audience, but may also have relevance for local government and others in the public sector.

Areas where we issue policy and guidance include:

  • Securing electronic government services to the citizen
  • Securing government connections to the Internet
  • Securing the connection of business domains
  • Assessing security needs for systems and networks
  • Protection against hacking and computer viruses
  • Approving the security of government IT systems
  • Disposing of computer media used for sensitive information
  • Passwords and other methods of authentication
  • Interpreting and implementing national IA policy and standards

High-level IA policy originated by CESG is issued to government users under Cabinet Office auspices, either as part of the HMG Security Policy Framework (external link) or in the HMG Information Security Standards series. Manuals supplement these in greater detail.

To obtain copies of CESG Policy, please contact CESG Enquiries