Guidance Documents
Below you will find Guidance Documents released by the NCSC.
- NCSC Seasonal Awareness 2023
As we approach the busy Christmas period the NCSC would like to remind shoppers to be vigilant when online during this busy period. Cyber criminals will look to exploit consumers at this time of year which makes it more important than ever to keep yourself safe when online. The guidance document above will help you to secure your online identity this festive period.
- Cyber Security Guidance on Generative AI for Public Sector Bodies
This guidance document, aimed at Public Sector Bodies outlines the main risks associated Generative AI, including how it could be abused by malicious actors. The document also provides advice on the secure use of Generative AI.
- NCSC Multi Factor Authentication Guide
This is our user-friendly guide on Multi-Factor Authentication (MFA). Learn why it's essential, how it boosts your online security, which MFA is best for your organisation and easy ways to implement it across your online accounts.
- Guidelines on Cyber Security Specifications (ICT Procurement for Public Service Bodies)
These guidelines provide an understandable set of specifications that can be referenced by Public Sector Bodies when they are planning the procurement of ICT goods and services. It addresses a range of cyber security domains including organisational practices, supply chain security (including risks such as data leaks, supply chain breaches, and malware attacks), evaluation considerations, and attestation information that may be required from suppliers when procuring ICT goods and services throughout the Plan, Source and Manage phase of the procurement process.
- Mobile Device Management for Public Sector Bodies
The Mobile Device Management Guidance builds upon the Cyber Security Baseline Standards and provides detailed guidance to Public Sector Bodies on the management and security of mobile devices within their organisation. It covers the threat landscape, risk assessment, procurement, management, security measures and vetting of third party apps.
- NCSC Office 365 Secure Configuration Framework
The Secure Configuration Framework for Office 365 provide guidelines for optimally configuring Microsoft Office 365, with a specific on emphasis on security. The guidelines offer guidance and support to Irish Government Departments in configuring Office 365 to meet their compliance obligations and leverage the features and capabilities that are present within the service.
The framework provides an overview of the steps that provides specific actions that should be taken to set-up Office 365 optimally, from establishing the basic foundational security controls to key considerations around bring your own device (BYOD) controls. The framework empowers all organisations to take steps to improve their security posture.
- Cyber Security Baseline Standards Self-Assessment Form
The Cyber Security Baseline Standards Self-Assessment form is a checklist that Public Service Bodies can use internally to assess their cyber security posture against the Cyber Security Baseline Standards. The self -assessment form provides specific self-assessment guidance and support to each organisation for each of the categories and sub-categories identified in the Cyber Security Baseline Standards. Security control assessments can be challenging and this form provides a ready-made solution across the various operating environments and organisational frameworks of the Public Service.
- Quick Guide: Phishing
This cyber security quick guidance document on phishing has been produced by the NCSC to help you to avoid being phished, spotting the giveaway signs of phishing e-mails, and what to do if you think you’ve already clicked the attackers bait.
- Securing Operational Technology
Securing Operational Technology provides guidance to organisations about the risks associated with OT and the best practices they should implement in order to use it securely.
- NCSC Cyber Vitals Checklist
The NCSC Cyber Vitals Checklist, aimed at an organisation’s senior management & security teams, is the priority actions that can be taken, to check the organisations cybersecurity posture, during times of heightened cyber threats. It is not intended to replace more detailed guidance, such as the OES Guidelines or Cyber Security Baseline Standards, but rather acts as a pulse check, and a prioritised list of key actions to take, in light of a heightened threat.
- Cyber Security Baseline Standards
The Baseline Security Standard, based on the NIST Cyber Security Framework, provides the baseline measures that Public Sector Bodies should implement in order to secure their networks.
The Baseline Standards are intended to create an acceptable security standard and form a broad framework for a set of measures which can be revised over time. The Baseline Standards model follows a holistic and comprehensive approach to the issues related to Cyber Security which combines the best of various standards to address the needs of key stakeholders.
- NIS Compliance Security Guidelines for OES
The NIS Compliance Security Guidelines, establishes a set of security measures designed to assist OES in meeting their network and information system security and incident reporting requirements under Regulations 17 and 18 of the NIS Regulations. These guidelines are both technology neutral and non-sector specific to allow OES in different sectors adapt these to meet their needs, and to evolve their sector specific response along with technological advances and business requirements.
- Quick Guide: Cyber Security for Schools
This quick guide will highlight the cyber risks posed to schools and the key priority measures to consider to mitigate against these risks.
- Quick Guide: Ransomware How to #BreakTheChain
Ransomware operators are not only interested in critical infrastructure, ransomware attacks can affect all types of organisations, both large and small. This quick guide is for organisations to understand the steps in a Ransomware Attack Chain, and more importantly how good cybersecurity practices will allow you to stop an attacker and #BreakTheChain.
- NCSC Cyber Security for Political Parties and Candidates
Detailed guidance for political parties and politicians in relation to cybersecurity. This guidance covers the following:
1. An outline of the potential cybersecurity risks for political candidates or political parties
2. Advice for all political candidates for election so that they might better protect themselves and their data
3. Guidance for management and IT administrators in political parties
4. Services that the NCSC and others will be able to offer to candidates in securing their data.
- Quick Guide: Cyber Security Best Practice for Electoral Candidates
This cyber security best practice quick guide has been produced by the NCSC to assist electoral candidates in implementing key priority preventive measures that can help to reduce the likelihood of them becoming a victim of a cyber-attack and the negative impacts that may result.
- Working From Home Security Advice
With remote working becoming part of our day to day life, it is important that you ensure your home office matches the level of security you would expect to find in your professional office environment. This detailed guidance document covers some important steps you can take to achieve this.
- 12 Steps to Cyber Security for Businesses
This detailed guidance is intended to be used by businesses as a suggested activity plan which may be undertaken on a month-by-month basis over a suggested 12 month period to improve cyber resilience.
As we approach the busy Christmas period the NCSC would like to remind shoppers to be vigilant when online during this busy period. Cyber criminals will look to exploit consumers at this time of year which makes it more important than ever to keep yourself safe when online. The guidance document above will help you to secure your online identity this festive period.