Updated: Added links to the recently published Network Principles and TLS configuration guidance.
The vast majority of UK government business is conducted at the OFFICIAL classification. This includes routine information supporting business operations and services, much of which would have damaging consequences if lost or stolen.
Security at OFFICIAL is achieved through following good commercial practices, using well configured commodity technologies and by people taking personal responsibility and using their judgement more actively.
Achieving Secure Technology
The Government Security Policy Framework describes government’s overall approach to protective security. Security is achieved through understanding your true security needs and matching these requirements to technology available. It should be focused on meeting outcomes that have been clearly defined, rather than applying prescriptive controls.
Whilst technology risks must always be effectively managed, there are opportunities for organisations to develop innovative solutions and use modern, commodity technologies and tools. Security must be considered when making decisions about technology, and it should be balanced against other needs of the service.