Provision of Gov Assure 2025

Descriptions

GovAssure is the new cyber security assurance approach for government that has replaced the cyber security element of the Departmental Security Health Check (DSHC) from April 2023.

The GovAssure assurance approach meets the requirements for and objective understanding of government cyber security as set out in the https://www.gov.uk/government/publications/government-cyber-security-strategy-2022-to-2030/government-cyber-security-strategy-2022-to-2030-html. GovAssure uses the https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework (CAF).

Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government.

GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber.
DVLA's Cyber Security team are required to carry out a self-assessment on three of the systems used within DVLA the NCSC Cyber Assurance Framework (CAF). Once the reports have been completed these are required to be uploaded into a Cabinet Office Portal.

The DVLA requires a supplier to provide the following service:

• Have access to the Cabinet Office Portal.
• Carry out an assessment for each of the system reports.
• Provide a written report for each system to be uploaded to the portal providing their findings and make recommendations for improvements.
• Essential that all supplier staff have engaged in undertaking the work under this contract must be security vetted to at least SC.
The supplier will have no access to DVLA systems or personal data, the supplier will follow Cabinet Office direction on assessment and report formats. Only the successful supplier will have access to the DVLA reports within the Cabinet Office Portal.