Castleforce IT Security Team

Government Connect

Secure Extranet (GCSx)

Castleforce as an IT Security reseller can help provide Products and Services that help Local Authorities reach the GCSx Code of Connection Standard.

GCSx stands for Government Connect Secure Extranet. It is a secure private Wide-Area Network (WAN) which enables secure interactions between connected Local Authorities and organisations.

Code of Connection (CoCo)

Local authorities need to sign up to the Code of Connection (CoCo) that defines the minimum standards and processes that an authority must comply with before being able to connect to GCSx. Achieving compliance to the CoCo requires the local authority to provide a compliance statement and supporting comment against a number of security control measures.

The code of connection (CoCo), is split into a number of sections which are identified below along with a selection of links to products we resell that can help Local Authorites reach the standard as necessary.

GCSx CoCo ITHC

Castleforce can provide IT Health Check (ITHC) services to local government as we have alliance partners that hold CESG CHECK and CREST certifications.  Our partners are CHECK Green light status and have CHECK team leaders (CTL) and team members (CTM) that can help with government based penetration testing work.  Castleforce are often contacted by our testing partners to help resource opportunities as we have relationships with several testing companies and therefore have a wide range of professional service experts in our network.

Castleforce also have SC and DV cleared professionals available for project work and have a group of CLAS consultant partners that are also available to help with projects.

Castleforce GCSx CoCo Icons

We have shown the following GCSx CoCo icon on the Product and Services pages followed by the specific standard section which relates to the link. If the GCSx CoCo icon is selected on all other pages it is set to come back to this overview page.

Castleforce can help you reach GCSx CoCo


GCSx Code of Connection Gap Analysis

Service Overview

The Government Connect Secure Extranet provides a wealth of services to local authorities and other government agencies.  In order to gain access all such organisations must adhere to the GCSx Code of Connection.  We can assist your organisation in achieving compliance with this standard through our GAP analysis service.  Our consultants will undertake a gap analysis review of your security management processes required to achieve compliance to the GCSx CoCo. Our experts will perform a comprehensive compliance audit against the GCSx CoCo requirements criteria. The analysis provides a holistic view of strong and weak areas with regards to GCSx CoCo compliance areas.

Business Benefit

  • Identifies weak and strong areas within your business with regards to GCSx CoCo compliance
  • Gives a good overview of the cost and effort required to make your organisation GCSx CoCo compliant.
  • Gives your organisation a better understanding of business processes and technology which could lead to increased efficiency.

Methodology

The gap analysis follows the structure of the GCSx CoCo and covers all the controls and processes which are required to be compliant. Our certified CESG CLAS Consultants will interview key personnel within your organisation and will review key documentation and systems to establish your current level of compliance.

Our consultants have a proven background in assisting organisations with GCSx CoCo compliance and certification and have a strong knowledge of HMG policies as part of their status as CESG CLAS Consultants.

Deliverables

We will deliver a formally documented GCSx CoCo gap analysis report in a business friendly language detailing gaps and recommendations on how to close the gaps identified to meet compliance requirements.  We can formally present these findings to key stakeholders and can work with your organisation to assist in achieving GCSx CoCo compliance if required.

GCSx CoCo Standard

The full GCSx CoCo standards can be obtained from Governement Connect website.

http://www.buyingsolutions.gov.uk/services/Communications/GSi/ 

Essentials for GCSx CoCo Proactive Monitoring 

Assuria Auditor measures, manages and enforces security policies and Log Manager is designed to meet the requirements of enterprise wide management of audit logs generated by systems, devices and applications Assuria Log Manager (ALM) has achieved CESG CCTM approval and securely collects and manages audit logs to comply with regulations. The small footprint ALM agents are available for Windows, UNIX and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes. 

For more details on Assuria Log Manager

Contact-Castleforce-for-help-with-Compliance

CLAS Consultancy

Service Overview

All HMG departments have specific information security demands due to their very nature. The HMG Security Policy Framework mandates departments to have control of Information Assurance with a requirement to undertake risk management using HMG IA Standard No. 1 (Technical Risk Assessment) and HMG IA Standard No. 2 (Risk Management & Accreditation of Information Systems).

In addition there is a requirement to follow guidance and policy from CESG.  This is constantly changing in light of new threats and vulnerabilities and HMG departments and their suppliers need to stay in touch with these requirements.

Our CLAS consultancy service provides you with dedicated Information Assurance professionals who are registered by CESG as CLAS consultants.  We can provide tailor made CLAS consultancy to HMG departments, local government and suppliers to the public sector to include:

  • HMG IA Standard No. 1 Risk Assessments and the development of Risk Management and Accreditation Document Sets (RMADS).
  • Accreditation of Information Systems or Designs in line with HMG IA Standard No.2
  • GSI, GSCx, GSX CoCo compliance
  • Bid support for HMG suppliers tendering for contract opportunities
  • Guidance on (and assistance with) the implementation of CESG Memoranda and Policy
  • Guidance on (and assistance with) the implantation of CPNI Memoranda and Policy

CLAS Consultancy Business Benefit

  • Tailor made packages to provide only what is needed therefore reducing costs on under pressure budgets
  • Compliance with all HMG requirements therefore ensuing financial and reputational risk is reduced
  • Engaging such services allows HMG suppliers to demonstrate commitment to Information Assurance
  • Access to expertise without the need to retain costly in house resource

Deliverables

Our consultants will agree a clear plan and terms of reference for the CLAS Consultancy services to be provided. Services can be provided as single days, blocks of days or delivered on a “call off” agreement over a period of twelve months.
Assuria Compliance and Vulnerability assessment, change detection, file integrity monitoring, Server Hardening and Log Management NETASQ-UTM-EAL4-Network-Security-appliances Boldonjames secure messaging and document solutions DESlock+ FIPS-140-2 CESG CCTM Full disk Encryption, Removable Media Encryption, Email Encryption, Folder Encryption Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Sourcefire-3D System and masters of SNORT and CLAMAV InfoGov helps you to achieve compliance, manage risk and demonstrate good governance now, and into the future. Swivel-PINsafe-CESG-CCTM-the-power-of-knowing Lumension-Security-Patch-Management-and-end-point-protection Imprivata OneSign Single Sign-On (SSO) appliance Check Point firewalls and Pointsec Encryption software Wallix-AdminBastion-and-LogBastion-provide-access-control-and-monitoring-solutions

© Copyright Castleforce 2007-2012. Web design by Theme Group