GCSx & PSN IT Health Check Testing
The GCSx (Government Secure Extranet) Network and its successor PSN (Public Services Network) provides secure access to sensitive information over a restricted network that enables sharing of information to provide more efficient service delivery by Government to citizens.
MTI GCSx/PSN IT Health Check Testing: Overview
The GCSx Network and its successor PSN (Public Services Network) is managed by Cable and Wireless, and joins local authorities with other local authorities and central government department and agency systems, including; variants of the GSI, PNN, (CJX), Criminal Justice Secure Mail and NHS.
The security policy, procedure and technical controls that need to be adhered to in order to join and maintain a connection with the secure GCSx/PSN or other GCF networks are defined in the CoCo (Code of Connection) documentation published by the Cabinet Office. To join, a local authority should commit to:
- An annual Audit of their security systems
- A gap analysis of their security systems against the CoCo
- An action plan to achieve and maintain compliance with the CoCo
One aspect of the compliance process is to conduct an independent IT security Health Check (ITHC) to examine the actual level of security on systems that connect to the GCSx/PSN network. MTI Penetration team are Green light members of the CESG Check Scheme and members of the independent CREST scheme. Membership of both certification schemes highlights MTI competence in the conduct of penetration testing and IT security Health Checks (ITHC) for both the Government and commercial industry sectors.
Building on over a decade's work with government and public sector organisations, MTI has developed a comprehensive, standardised and cost-effective IT Health Check assessment service that comprises a mix of active scanning and penetration testing activities in addition to device configuration and build reviews which examine and compare the deployed systems against good security practice and make recommendations to improve the overall system's security posture.
The results are presented in a formal IT Health Check report with an Executive Summary providing a non-technical view on the report's findings, a Vulnerability Table listing all issues identified and Technical Details including evidence of identified vulnerabilities together with recommendations to address identified issues.
Our standard IT Health Check package includes:
- External Subnet Discovery Scan
- External Network Penetration Test
- Onsite Network Penetration Test
- Operating System Hardening Build Review
- Onsite Tiger Team Attack
- Password File Cracking
- Internal Wide-scale Vulnerability Assessment
- Onsite Wireless Test
- Firewall/Router/Core Switch Configuration Review
If you would like more information regarding an IT Health Check, please contact the MTI penetration testing team to discuss your requirements. We will work with you to complete a scoping specification and produce a tailored assessment proposal. Both documents can be submitted to your accreditor prior to commissioning any tests to obtain assurance that the proposed assessment plan meets requirements and is neither under nor over scoped.