Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  3. Vulnerability monitoring service

Author: Government Digital Service

Vulnerability monitoring service

The Government Digital Service (GDS) vulnerability monitoring service checks for misconfigurations and vulnerabilities in public sector domains. This allows us to find and address weaknesses in government systems and services.

This work is vital in ensuring our infrastructure is resilient and is a step towards better securing it against threats.

We monitor:

  • gov.uk
  • gov.wales
  • llyw.cymru
  • police.uk
  • nhs.uk
  • nhs.net
  • nhs.wales
  • nhs.scot
  • mod.uk
  • parliament.uk
  • judiciary.uk

Other public sector organisations can also ask us to monitor domains in different namespaces.

How monitoring works

We monitor domains in a safe and responsible way, limiting it to make sure there is no disruption to the normal operation of systems.

Monitoring collects the smallest amount of technical information needed in order to detect if a domain or service is misconfigured or vulnerable. We limit the amount of personal data we collect.

Note: If we do discover information that is personal or otherwise sensitive, we take steps to remove the data and prevent it from being captured again in the future.

We monitor public sector domains in two ways:

  • basic monitoring, which is passive monitoring for internet-facing domain and DNS-related misconfigurations and vulnerabilities
  • extended monitoring, which is available by request and monitors for internet-facing web vulnerabilities, exposed files, open ports and other misconfigurations

Basic monitoring

Basic monitoring is a free monitoring service provided by GDS to the UK public sector using commercial and internal tools and services. All domains in public sector namespaces are automatically included in basic monitoring.

Read more about basic monitoring

Extended monitoring 

Extended monitoring is a free vulnerability monitoring service available to any UK public sector organisations.

Using commercial tools, the service monitors the internet-facing digital environment of organisations to look for vulnerabilities that could be exploited by attackers.

Read more about extended monitoring

How we tell you about issues

Our monitoring can discover misconfigurations and vulnerabilities for any domain in scope.

Critical issues

If you are a government organisation and we find a critical issue we will email or phone you. If we find a critical issue in another public sector organisation we will contact that organisation’s central team responsible for cyber security.

Where to find out about other issues

You can also receive any issues we find by integrating your SIEM with our domain data sharing service.

If you have verified your domain in MyNCSC you will be able to see any issues we find there included in the DNS check.

If we are running a campaign to improve public sector security, you may be contacted by the outreach service about less critical issues. They can also give you a one-off PDF report of all your organisation’s issues.

Domain data sharing

The Domain Data Sharing service sends organisation-specific vulnerability data to SIEM tools in UK public sector organisations.

The goal of the service is to find and fix vulnerabilities and misconfigurations before hostile actors can find and exploit them. By sharing vulnerability data directly with organisations we can reduce the time it takes to fix vulnerabilities.

The domain data sharing service includes SIEM integration and zone file transfer.

Contact us if you are a central or local government organisation and would like to set up an integration.

SIEM integration

It is possible to create a direct integration with your organisation’s Security Information and Event Management (SIEM) tool. This will allow you to receive all the misconfiguration and vulnerability data collected by GDS.

We focus on SIEM integration as it is the tool used by most security teams and because it allows us to reach the most organisations.

We are open to discussing other ways an organisation could use our data to help fix vulnerabilities quickly. If you want to connect to our data using a different tool, we can provide you with the credentials and API documentation.

Please contact us if you would like to explore another option.

Read more about SIEM integration

Zone file transfer

In order to make our monitoring as effective as possible we collect domains and subdomains from customer organisations and from other open sources. This helps us to form the most complete picture possible of the public sector domain estate.

The most accurate source of domains is the organisation that owns them. We ask customer organisations to share their current domain and subdomain lists, and we have a number of options for doing this. Read more about your options using zone file transfer.

Contact

If you have any questions about the GDS monitoring and sharing service, email support@domains.gov.uk.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now