Use this form to request an allocation of IP addresses. Describe your organisation’s elegibility for these addresses, its reason(s) for requesting them and how it plans to use them.
Please note that the authorised signatory for this form must be the same person who signed your organisation’s PSN code template.
Use this form to request an allocation of IP addresses. Describe your organisation’s elegibility for these addresses, its reason(s) for requesting them and how it plans to use them.
Please note that the authorised signatory for this form must be the same person who signed your organisation’s PSN code template.
There are 367 central government open websites as at 31 October 2014.
The Cabinet Office committed to begin quarterly publication of the number of open websites starting in the financial year 2011.
Updated: Added September 2014 update for open government websites.
This series brings together data and progress reports on open central government websites.
Updated: New version of the guide published.
The purpose of this document is to provide good practice guidance to HMG public service providers and its service providers (eg identity service providers) on the use of identity credentials to support user authentication to government online services.
This document describes a process to measure the overall level of assurance given by various types of credentials.
Annex A provides extra background and tutorial information.
Updated: New version of the guide published.
This guide shows how a combination of the following can provide various levels of assurance around proving an identity:
The guidance aims to:
This form is used to provide contact information for important roles in your organisation. It allows the PSN team to make sure the right people are informed about service and security issues that may occur both in the PSN community and more widely. It’s important to keep this information updated and ensure the PSN team are informed of any changes. You can use this form to update details that you have already sent.
This document provides an overview and definition of PSN compliance and why it’s important. It also explains how PSN compliance certification is achieved and maintained.
If you’re a public service organisation and want to consume and share government information and services you need a Public Services Network (PSN) compliance certificate.
You must use information in the right way when you’re connected to PSN so that it stays a secure environment for public service organisations to share information and services.
| A Public Services Network compliance certificate may be withdrawn at any time if it’s found that the certified organisation no longer meets the agreed standard |
Your organisation needs to pass the annual PSN compliance process by understanding and agreeing to certain requirements and obligations. You should read PSN compliance: definition and principles before filling in the documents, known as the PSN compliance submission, for your PSN assessment.
There are 6 steps to completing your application to renew or get your first PSN compliance certificate.
Complete the PSN code template application form. This signed application is your organisation’s Code of Connection (CoCo).
The PSN code template needs to be signed by a senior person in your organisation. This is because your organisation is making a commitment that needs to be recognised and agreed at the highest levels, so it’s important that you get the right people to sign it. Remember that:
You need to complete these worksheets in the PSN code template annex b spreadsheet:
You can use the example completed PSN code template annex b as a guide and remember that:
The PSN contact details form lists important roles in your organisation that you need to provide contact information for. This is so we can keep the right people in your organisation properly informed about any service and security issues that may occur both in the PSN community and more widely.
| It’s important to keep this information up to date. You should inform the PSN team if the information is incorrect or if it changes by sending the updated information to the PSN team |
Your ITHC shows the PSN compliance team that:
Your ITHC can be no more than 6 months old at the time you submit your application. You should get your ITHC completed by a company that’s a member of CHECK or of a scheme like CREST and TIGER that has a professional body.
It may take some time to organise your ITHC so allow 3 months to find an ITHC supplier, arrange the work and address any issues that may be identified.
Use the [IT Health Check supporting guidance] to ensure you get the scope right with your chosen ITHC supplier.
You must address any issues identified as “critical” or “high” in your ITHC report before you send your PSN compliance submission. This can be through closing the issue as recommended in your ITHC report or by applying appropriate risk treatment through compensating controls, which your assessor will review.
If your organisation uses unmanaged end user devices (including Outlook Web Access (OWA) or you have unmanaged endpoint access to the corporate network) you’ll need to provide your GAP analysis findings and details of how you have complied with the short-term measures.
These guides have further information on different areas of the ITHC that might apply to your organisation:
You have to provide an up-to-date diagram of your network infrastructure. This should be a high-level representation showing:
Read the PSN IA conditions: supporting guidance to understand what to include in your network diagram.Your network diagram must be no more than 6 months old at the time you submit your application.
When you’ve completed all the stages set out in this guide, email all the documents to the PSN team. These documents make up your PSN compliance submission.
The PSN team will validate and review your application. You might be contacted if your submission is incomplete or to confirm details in your application. Most applications are dealt with in 4 weeks.
If the PSN team identifies any issues in your application you may need to address these and resubmit.
When the PSN team has made a decision we’ll write to you to confirm you’ve achieved PSN compliance, and will include your PSN compliance certificate. Your compliance certificate is normally valid for 1 year.
If you have a question about your application you can email the PSN team
This completed version of a PSN Code of Connection (CoCo) template annex b can aid local authorities when completing their own CoCo submission. All the information in this example has been anonymised. Items in the template that are not applicable to PSN customers, as indicated in the ‘Applies To’ column, have been marked grey to clarify that they are not required to be filled in.
The IPED has been developed for PSN by industry partners. IPED allows the exchange of information between suppliers over an encrypted network.
Find out what services are PSN-compliant, when their compliance status runs out and which services are in the process of becoming PSN-compliant.
The latest versions of PSN’s standards and commitments are published here for reference.
We’ve made the web content easier to navigate. These long documents are summarised in our detailed guides.
Complete this form to request a DNS name and return it to the PSN core service provider (currently Vodafone).
Complete this form to request a change to the PSN root DNS and return it to the PSN core service provider (currently Vodafone).
Updated: Added Sovereign Housing Association to the charter signatories.
This strategy sets out the 10 actions that government and partners from the public, private and voluntary sectors will take to reduce digital exclusion. This means helping people become capable of using and benefiting from the internet.
The strategy is for individuals and organisations involved in helping people develop their digital capabilities. This includes government departments and local councils.
Look at the services your organisation uses, and work out whether and how you can access them when you migrate to PSN. After you request access to the network the PSN team will ask you to show us the network design for your connectivity so we can help you find the best way to connect to the services you need.
You should start planning the work needed to make sure your network meets the standards allowing you to connect. Before your organisation can connect to PSN, or use it to receive PSN services, you must be PSN-compliant.
You’ll need to complete and submit a PSN Code of Connection (CoCo) and other supporting documents to PSN at least one month before expiry of your current CoCo to get your PSN compliance. If you are a supplier of services you will also need to fill out a Code of Practice (CoP). Read the customer compliance guide or the service provider compliance guide for further information.
You can request services like IP addresses, DNS names and encryption services from PSN.
You may need a set of IP addresses for new connections and services . Complete the IP address allocation form. The PSN team will allocate these if your request is approved.
If your organisation is moving from GCF to PSN, complete the GCF to PSN IP allocation form.
If you have services like intranets and email that you want to make available to others on PSN you’ll need to create DNS entries for them. To do this:
You may want encryption on your network service. To do this:
Read the Inter-Provider Encryption Domain (IPED) service document to learn more about using encryption on the PSN.
You’ll need to select a connectivity services provider to connect to PSN. These providers are Direct Network Service Providers (DNSPs). You can buy their services under the Crown Commercial Service (CCS) PSN Framework. If you’re going to change your DNSP then bear in mind that termination of your current connectivity typically has a lead time of 30 days.
You must make sure you have access to the PSN services you need from your new connection. The PSN team will provide new IP addresses for new customers connecting to the network. Make sure that you know all the services that you’re currently accessing and contact the service owners so they can make any technical changes required to give you access.
The PSN team will review your compliance submission and then write to let you know if you’ve passed the compliance tests. If you have been successful you’ll receive a PSN Compliance Certificate for your organisation. We aim to process these requests within 15 days. Read the PSN customer compliance guide or [PSN service provider compliance guide[(/government/admin/detailed-guides/409824) for more information.
Your connectivity supplier will do the physical installation and configuration of the PSN connectivity service. There can be a lead time of approximately 9 weeks between ordering the circuit to installation. You also need to confirm with your supplier that they have got Government Communications Network (GCN) connectivity. If they don’t you’re unlikely to be able to access other government services on the PSN.
If you have services bought through the GCF framework you need to complete and return a request for change (RFC) to our current core services provider, Vodafone. You need to complete this no later than 6 weeks before the date you want to transition. You will need your PSN IP address to complete the RFC form.
Your supplier will provide specific technical details about connecting to their network following an order. We have also set out below technical steps to follow to successfully connect to PSN.
You will need to configure your firewall to enable the new IP address scheme. The current recommended rule set is:
| From | To | Protocol | Action | Comment |
| Your proxy/NAT | PSN | HTTP (TCP:80) HTTP (TCP:8080) HTTPS (TCP443) | Allow | Enable outbound access to applications within the PSN using HTTP & HTTPS |
| PSN | Your web services | HTTP (TCP:80) HTTPS (TCP:443) | Allow | Enable outbound access to applications within the PSN using HTTP & HTTPS |
| PSN | Your email servers | SMTP (TCP:25) | Allow | Enable inbound email from PSN |
| Your mail servers | PSN | SMTP (TCP:25) | Allow | Enable outbound email from your network to the PSN |
| Your DNS servers | PSN DNS servers | DNS (UDP:53) DNS (TCP:53) | Allow | Allow queries to the PSN DNS servers |
| Your NTP servers | PSN NTP servers | NTP (UDP:123) | Allow | Allow queries to PSN NTP servers |
| Any | Any | Any | Block | Default rule for all other traffic |
PSN provides the primary DNS servers and resolvers for the following domains: gcsx.gov.uk, gsi.gov.uk, gsx.gov.uk, gse.gov.uk. The IP addresses of the PSN DNS resolvers that you should configure on your DNS servers are 51.33.255.42 and 51.33.255.58, both accessible using DNS on UDP Port 53. Always use the PSN DNS resolvers, and let the PSN DNS resolvers forward any unresolved names to internet DNS servers.
These other domain names are also available for forwarding to the PSN DNS servers:
No central Network Time Protocol (NTP) service is provided. You can either continue to use a service provided from the GCF framework or request this from your DNSP.
You need to configure your firewalls so your users can route to the IP address on the network that they need to reach. Each of your service providers will confirm with you what IP address ranges their services are on. If you still can’t route to these IP address, you need to work with your DNSP and the provider of the service you are trying to reach.
These networks may require additional routing configuration:
| Address Block | Community |
| 51.130.0.0/18 | PSN IL2 Community |
| 51.33.255.32/27 | PSN IL2 DNS Service |
| 51.62.0.0/18 | GCSX Community |
| 51.63.224.0/24 51.63.225.0/24 | GCSX Hosting |
| 51.63.0.0/16 | GCF Summary (GSI, GSX & GSE) |
| 51.65.224.0/19 51.67.224.0/19 | CJX Community |
| 51.64.0.0/16 | SCN Community |
| 155.231.0.0/16 194.189.111.96/27 | N3 SPINE (only applicable if you have access to N3) |
You need to identify all services and organisations that you communicate with. Some of these may be outside the PSN. Email is allowed to move between these networks but for other services, like web traffic (HTML), you’ll need:
Vodafone is the only public sector interconnect provider. You should use the GCF request for change form for this, and ensure that it’s submitted to Vodafone by the authority for the service you need to access.
The external networks that you can currently access through this route are:
Make sure you can access the services you use. Email the PSN transition team for help with connectivity testing and a service take-on guide for PSN core services.
You should receive a service take-on guide from each PSN connectivity or service provider you use.
You should run your old and new network services at the same time until you’re happy to submit a cease order with your previous supplier.
If you’re a commercial supplier or a public sector organisation and want to provide your service to public service organisations connected to the Public Services Network (PSN) you need a service compliance certificate for each service you want to provide.
| A PSN compliance certificate may be withdrawn at any time if it’s found that the certified organisation no longer meets the agreed standard |
Your organisation must understand and agree to certain requirements and obligations to pass the PSN compliance process. You should read PSN compliance: definition and principles before completing the documents that PSN will assess.
There are 4 steps you need to take to apply to renew or get your first PSN compliance certificate.
You have to complete the PSN code template application form. This signed application is your organisation’s Code of Practice (CoP).
A senior person in your organisation must sign the PSN code template. This is because your organisation is making a commitment that needs to be recognised and agreed at the highest levels, so it’s important that you get the right people to sign it. Remember that:
You need to complete the requirements for the type of service you want to provide in the PSN code template annex b spreadsheet. Complete the details either as a GCNSP, DNSP or PSNSP using these worksheets:
The PSN contact details form lists important roles in your organisation that you need to provide contact information for. This is so we can keep the right in your organisation informed about any service and security issues that may occur both in the PSN community and more widely.
| It’s important to keep this information up to date. You should inform us if the information is incorrect or of it changes by sending the updated information to public-services-network@digital.cabinet-office.gov.uk |
You need to provide the PSN team with a diagram of the proposed infrastructure that you plan to use to supply the service. An existing diagram is fine.
When you’ve completed all the stages set out in this guide, email all the documents to public-services-network@digital.cabinet-office.gov.uk. These documents make up your PSN compliance submission.
The PSN team will validate and assess your application. You’ll be contacted if your submission is incomplete or to confirm details in your application. Most applications are dealt with in 2 weeks.
When PSN has approved your application it will be passed to the Pan Government Accreditors (PGA) for formal accreditation. PGA will contact you directly to discuss the scope of the service and the requirements for accreditation.
PGA will make its recommendation to the Public Sector Assurance and Accreditation Board (PSAAB), which will review the PGA comments and either approve the service or request additional information from you. PSAAB will then notify PGA if a service is approved and an accreditation certificate will be issued to PSN.
PSN will then write to you to confirm your service has achieved PSN compliance, and will include your PSN compliance certificate.
You can make your service available to PSN Customers when you receive your PSN compliance certificate for your service. Your certificate is normally valid for 1 year.
Talk to your chosen DNSP (Direct Network Service Provider) or PSNSP (PSN Service Provider) to get your service connected so that it’s available to PSN customers.
Connections are typically supplied as a physical line or lines into your organisation together with a managed router. You’ll be expected to connect this router to your local network as described in your DNSP’s documentation. You’ll need to make sure the connection provided is sufficient for your needs and meets the PSN service level requirements.
If you have a question about your application for a Public Services Network (PSN) service compliance certificate email public-services-network@digital.cabinet-office.gov.uk
This guide will help organisations establish the scope and requirements for preparing a IT Health Check (ITHC) as part of a PSN compliance submission. It provides a minimum set of requirements that should be included.
These guidelines, produced by National Local Authority Warning, Advice and Reporting Point (NLAWARP) programme, in conjunction with the LGA, Socitm, the Welsh Government and the PSN team, provides information to organisations connecting to, and consuming services across, the Public Services Network (PSN).