GCSx - CoCo - CESG Memo 22 - Protective Monitoring Solutions

Government Connect:  Ensuring GCSx Coco compliance

Ancoris assists local Authorities with GCSx - CoCo Monitoring requirements.

Ancoris is a leading UK expert on security event log management, auditing, monitoring and reporting. Our consultants have vast experience of deploying monitoring solutions to meet regulatory or industry compliance requirements including ISO 27001, PCI-DSS FSA Data Security Best Practices and GCSx CoCo. We can recommend the most suitable option to meet both your compliance and your operational requirements.

What is GCSx Coco

What is GCSx CoCo?

Government Connect (GC) is a recognised, accredited and trusted secure government network for all Local Authorities (LAs) in England and Wales. The network is called GCSx and it enables secure data sharing up to RESTRICTED level across government.

The Code of Connection (CoCo) defines the standards and processes that an authority must comply with before connecting to GCSx.

For up-to-date information regarding the actual policy Public Sector organisations should always contact the CESG or refer to their FAQ's for the Code of Compliance.

Who does it apply to? Local authorities need to sign up to compliance with the Code of Connection (CoCo). From March 2009 it is a central Government requirement for the provision of RESTRICTED data to local authorities and the receipt of “sensitive personal data” from local authorities through means other than a government approved secure IT communications channel.

Protective Monitoring

Protective Monitoring Requirement:
Log Management requirements in CESG Memo 22

The policy is not reproduced here and public sector bodies should obtain it from the CESG. However, in summary the logging requirements regarding user access to your network and systems includes recording the following events:

  • Unauthorised application access (where applicable)
  • File access attempts to protectively marked information (e.g. RESTRICTED data).
  • Unsuccessful login / logout
  • Successful login / logout
  • Privileged system changes (e.g. account management, policy changes, device configuration)

Logs should be kept for at least 6 months. This may include the use of backup tapes but logs should be easily available for use as part of your incident response policy, as well as help with an investigation. In practice this may need a system which maintains logs readily recoverable from any archive.

Most local authorities will chose to deploy a central audit server which can pull the logs from all the devices and applications on the network into one location in order to comply with the controls.

Solutions

What solutions does Ancoris offer?

Ancoris can supply and deploy security event log management solutions from the following vendors:

Our consultants can help determine the best solution for your requirements.

Next steps / more information?

In order to provide the best solution for you we would need to know about your environment. Please ask us for more information.

AddThis Social Bookmark Button