Guidance Documents

Below you will find Guidance Documents released by the NCSC.

• Securing Operational Technology

  Securing Operational Technology provides guidance to organisations about the risks associated with OT and the best practices they should implement in order to use it securely.

• NCSC Cyber Vitals Checklist

  The NCSC Cyber Vitals Checklist, aimed at an organisation’s senior management & security teams, is the priority actions that can be taken, to check the organisations cybersecurity posture, during times of heightened cyber threats. It is not intended to replace more detailed guidance, such as the OES Guidelines or Cyber Security Baseline Standards, but rather acts as a pulse check, and a prioritised list of key actions to take, in light of a heightened threat.

• Cyber Security Baseline Standards

  The Baseline Security Standard, based on the NIST Cyber Security Framework, provides the baseline measures that Public Sector Bodies should implement in order to secure their networks.

  The Baseline Standards are intended to create an acceptable security standard and form a broad framework for a set of measures which can be revised over time. The Baseline Standards model follows a holistic and comprehensive approach to the issues related to Cyber Security which combines the best of various standards to address the needs of key stakeholders.

• NIS Compliance Security Guidelines for OES

  The NIS Compliance Security Guidelines, establishes a set of security measures designed to assist OES in meeting their network and information system security and incident reporting requirements under Regulations 17 and 18 of the NIS Regulations. These guidelines are both technology neutral and non-sector specific to allow OES in different sectors adapt these to meet their needs, and to evolve their sector specific response along with technological advances and business requirements.

• Quick Guide: Cyber Security for Schools

  This quick guide will highlight the cyber risks posed to schools and the key priority measures to consider to mitigate against these risks.

• Quick Guide: Ransomware How to #BreakTheChain

  Ransomware operators are not only interested in critical infrastructure, ransomware attacks can affect all types of organisations, both large and small. This quick guide is for organisations to understand the steps in a Ransomware Attack Chain, and more importantly how good cybersecurity practices will allow you to stop an attacker and #BreakTheChain.

• NCSC Cyber Security for Political Parties and Candidates

  Detailed guidance for political parties and politicians in relation to cybersecurity. This guidance covers the following:
  1. An outline of the potential cybersecurity risks for political candidates or political parties
  2. Advice for all political candidates for election so that they might better protect themselves and their data
  3. Guidance for management and IT administrators in political parties
  4. Services that the NCSC and others will be able to offer to candidates in securing their data.
  

• Quick Guide: Cyber Security Best Practice for Electoral Candidates

  This cyber security best practice quick guide has been produced by the NCSC to assist electoral candidates in implementing key priority preventive measures that can help to reduce the likelihood of them becoming a victim of a cyber-attack and the negative impacts that may result.

• Working From Home Security Advice

  With remote working becoming part of our day to day life, it is important that you ensure your home office matches the level of security you would expect to find in your professional office environment. This detailed guidance document covers some important steps you can take to achieve this.

• 12 Steps to Cyber Security for Businesses

  This detailed guidance is intended to be used by businesses as a suggested activity plan which may be undertaken on a month-by-month basis over a suggested 12 month period to improve cyber resilience.