answer text |
<p>It would be inappropriate to release sensitive information held about specific
red-rated systems within departmental IT estates, or information that could allow
the assumption of which systems are at risk, as it could highlight potential security
weaknesses.</p><p><strong> </strong></p><p>The Central Digital and Data Office (CDDO),
in the Cabinet Office, has established a programme to support departments in treating
legacy. CDDO has agreed a framework to identify ‘red-rated’ systems, indicating high
levels of risk surrounding assets. Departments have committed to have remediation
plans in place for these systems by next year.</p><p> </p>
|
|