Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Cyber GSeC

Author: Government Security Centre for Cyber (Cyber GSeC)

Cyber GSeC

Providing consultancy and advice services to improve cyber security across the UK government.

Who we are

We are hosted by HMRC and provide consultancy and advice services to improve cyber security across the UK government. We work directly in support of the Government Cyber Security Strategy.

Our services

Cyber Security Gap Analysis (CSGA)

CSGAs are one of the cornerstones of our capabilities. By using our unique ability within government we work with departments to help them understand their cyber security posture and make recommendations on areas for improvement.

GovAssure support

We are supporting departments with the 5-stage GovAssure process:

Stage 1 – Departmental context, essential services and mission

To gain an understanding of the department, and communicate what Cyber GSeC can provide during the GovAssure process.

Stage 2 – In-scope systems and alignment to GovAssure profile

Assist GSG and departments to define the self–assessment scope, set boundaries and assign the applicable GovAssure profile.

Stage 3 – Self-assessment

Support departments in the completion of their GovAssure self-assessment return through quality documented independent advice and guidance.

Stage 4 – Peer review

Support departments by conducting documented independent reviews of completed GovAssure self-assessment.

Stage 5 – Final assessment and ‘targeted improvement plan’

Provide consultancy to help departments prioritise the necessary remediation activities from their targeted improvement plan, to increase cyber risk resilience.

Cyber GSEC GovAssure Brochure

Purple Teaming

Purple Teaming combines the traditional Red Team (offensive) and Blue Team (defensive) exercises to help organisations to fully understand how prepared they are to respond to various attack scenarios. This is coordinated through a central function within the organisation and conducted blind to the majority of those involved. This enables us to test real world scenarios in a safe and secure way.

Supply Chain Security Consultancy (SCSC)

We have developed the SCSC Framework to help departments with any security related needs across their supply chain.

The SCSC Framework is formed from 7 different consultancy offerings which cover the main stages of a procurement lifecycle such as pre-procurement, in-service and contract end. It has been designed to help departments strengthen their maturity across their supply chain whilst leveraging key security guidance from UK government and the National Technical Authorities (NTAs) such as National Cyber Security Centre (NCSC) and National Protective Security Authority (NPSA).

Active Cyber Defence and Open Standards Adoption

We provide support and expertise to organisations to adopt NCSC’s Active Cyber Defence (ACD) suite of services and other open standards such as MTA-STS, DNSSEC and so on.

We have published guidance on how to set up MTA-STS and TLS-RPT email security standards.

Bespoke Consultancy

We also work directly with departments to help with bespoke requirements using the wide range of expertise that exist within our team.

Contact the team

If you are interested in any of our services, or want more information email cybergsec@hmrc.gov.uk.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now