 |
answer text |
<p>The Government Cyber Security Standard requires government organisations to meet
or exceed the security outcomes specified in the Cyber Assessment Framework (CAF)
developed by the National Cyber Security Centre (NCSC). This includes specific security
outcomes in relation to the secure configuration and management of devices.</p><p>As
the CAF is outcomes-based, it does not specify which commercially available devices
meet these security requirements or which vendors government organisations should
buy their devices from. That is a matter for government organisations to determine
locally, in consultation with their commercial, security and IT teams, based on their
organisation’s business needs, risk tolerance and threat profile.</p><p>In addition,
in November 2023 we published the cross-government Mobile Device Management policy
to help government organisations and their Arms Length Bodies keep their corporately
owned mobile devices secure and prevent data breaches. NCSC also provides guidance
on how to securely configure devices from each of the most commonly used platforms.</p><p>
</p>
|
|
