GPG13/CESG Sec.Ops.

Improve your GPG13 / CESG Security Operations Compliance

CESG, now part of the National Cyber Security Centre (NCSC) provides practical measures to help government bodies meet their Protective Monitoring needs in Good Practice Guide No 13 (GPG13) and also on the GOV.UK site

UK Government organisations and agencies have clear responsibilities concerning the safe-keeping of information and the IT security of their systems. There are several standards issued by both the Cabinet Office and CESG (The Information Security arm of GCHQ). These standards span most areas of technology and are continuously reviewed. In general though, current requirements lean heavily towards providing comprehensive guidelines that then need to be applied in a proportional and risk-based manner across the public sector IT estate.

How to improve compliance to Good Practice Guide 13 (GPG13)

Our compliance guide shows how Huntsman supports UK government organisations meet the aims of GPG13 and related documentation by:
  • Combining requirements like security audits, forensic analysis and rule-based intrusion detection with advanced real-time behaviour anomaly detection
  • Managing, storing, analysing and reporting on logs and events within defined time scales
  • Monitoring and identifying suspicious activity, human or IT, across an IT network
Our compliance guide covers the following key concepts:
  • Government security requirements for protective monitoring
  • Real-time security threat detection for users, network, databases, applications and communications
  • Behaviour anomaly detection, baselining normal activity and detecting suspicious activity
  • Compliance and IT security policy monitoring and risk management
  • Forensics analysis, audit and investigations

Download the GPG13 Compliance Guide Overview

More recent compliance requirements – CESG Security Operations & Management

In 2015 CESG published more general and broader guidance on the whole security operations process.  This can be found at:

In some of the finer detail this guidance echoes the requirements of GPG13 with regard to protective monitoring.

However, it does provide a more holistic direction that includes process and service elements.  The Huntsman CESG Security Operations mapping overview shows the way Huntsman can form the basis of a security operations centre that follows this new ethos. Download the CESG Compliance Guide Overview