Socitm and the Local Government Association (LGA) have reached an agreement with the Cabinet Office to relax some of the security standards requirements for local authorities to connect to the government’s network. The move will help to reduce the cost for local public organisations connecting to the Government Secure Extranet (GCSx), which was a major concern given the current budget pressures.
GCSx is a network that allows sharing of data and services across the government. It will be migrated to the Public Sector Network (PSN) in the future. Under the agreement, the government has recognised the existence of ‘low threat environments’ in local public services.
Consequently, local authorities will not be required to carry out certain expensive investments involved in complying with the Government Connect Code of Connection (CoCo) version 4.1 for these low threat environments. These additional investments would have been on top of the costs already incurred by local authorities to become CoCo v3.2 compliant.
For example, among the rules that have been relaxed for local government compliance to CoCo v4.1, EAL4 firewalls will not be required. Moreover, local authorities will not have to have ‘formal assurance for higher domains’, and they will be allowed to add protective markings to emails manually, without having to use national markings. The agreement also makes it explicit that local authorities will have a ‘reasonable’ time to implement controls.
Local authorities were concerned that their costs would have increased if they had to increase investment in becoming CoCo v4.1 compliant in addition paying for physical GCSx connections from 1 April 2011, when the current subsidy expires. Socitm said that there was therefore a "significant" risk that some organisations might have considered terminating their connections to GCSx.
In addition to the relaxed security standards for local authorities, the government has agreed to approach future developments around the implementation of the PSN more collaboratively, by seeking and acting upon local government’s input.
To this end, Socitm’s Local CIO Council (LCIOC) has set up a team to represent local authorities in this collaboration.
Jos Creese, Socitm president, and Dylan Roberts, chair of Socitm Futures, said in a letter to Socitm members: “Government Connect has brought delivery of a sound base standard for information assurance to local public services. New risks emerge over time and information assurance controls need to be continually updated. We recognise this and feel confident that those controls developed as part of the PSN programme will be appropriate in terms of the risk profile of local public services.”
They also urged members to implement GCSx, saying: “GCSx is seen as the natural transition to PSN that will be designed to be more appropriate and aligned to local public service requirements.”
Socitm and the LGA secured the agreement with the Managed Telecoms Executive, the body governing the Government Secure Intranet (GSi) and the Managed Telecoms Service for the government on 2 September.