PSN IT Health Check Testing: Overview
The PSN network (Public Services Network) joins Local Authorities and selected organisations to Central Government departments to allow effective access to government data and services.
To obtain and maintain connection to the PSN, the PSN Code of Connections outlines the security policies, procedures and technical controls that should to be adhered to and need to be submitted annually. As part of this annual submission, an up-to-date Penetration Testing report that has been conducted by an accredited CHECK or CREST organisation needs to be provided and is required to have tested and reported on certain areas of the network. If the test has not been done correctly or has not been done by an accredited CHECK or CREST company then the report will be rejected.
To date, MTI have conducted over 200 PSN assessments and every one of our reports has been accepted by the Cabinet Office during a PSN submission. We make a guarantee to all PSN clients that the test and report will be acceptable for accreditation purposes.
Every PSN test also comes with a complimentary Excel based Vulnerability Register to help produce the dreaded action plan that every accreditor loves to ask for and all issues use CVSS scoring to aid with remediation.
Although every test is slightly different depending upon network topology and the technologies in use, generally all PSN tests will at a minimum have the below items tested:
Our standard PSN IT Health Check package includes:
- External Network Penetration Test
- Onsite Network Penetration Test
- Operating System Hardening Build Review
- Password File Cracking
- Authenticated Vulnerability Assessment
- Onsite Wireless Test
- Firewall/Router/Core Switch Configuration Review
- PSN Ruleset Review
*Special offer for 2017 – if the same hosts are in scope we will conduct CES stage 1 and CES+ testing as not extra cost and award pass certificates are appropriate.