Externally, CESG is viewed as a division within GCHQ. GCHQ is often referred to as the "third intelligence service" or "the government's communications listening station".
Officially, CESG is the Information Security arm of GCHQ, and the National Technical Authority for Information Assurance within the UK. This means that they are the definitive voice on the technical aspects of Information Security in Government.
CESG do this by:-
These outcomes are achieved in partnership with industry and academia, as well as using insights into threats from the work of colleagues in the Centre for Protection of National Infrastructure (CPNI), Security Service (MI5) and Secret Intelligence Service (MI6).
- Providing tailored advice to Government on the security risks of new and existing IT systems, and providing ideas and designs to protect those risks;
- Building capability through the provision of standards and guidance, working with industry to ensure that appropriately assured products, services and people are available, and to build a pool of world class Information Assurance and Cyber Security professionals that organisations can draw upon; &
- Provide operational support to existing systems by alerting to specific threats and vulnerabilities, providing incident response, and technical solutions such as cryptographic keys to protect the most sensitive information.
Please note that, as of 30TH September, 2015, with the end of the CLAS Scheme, BladeSec IA Services are no longer able to offer CLAS Consultancy. Rest assured that BladeSec IA will continue to provide best-of-breed IA advice through an appropriate HMG framework. Watch the news page for more information.
Recognising that there was an increasing demand for authoritative information assurance advice and guidance for Government departments and agencies, the CESG Listed Advisor Scheme (CLAS) was created by approving a pool of high quality consultants. This demand came as a result of an increasing awareness of the threats and vulnerabilities that information systems are likely to face in an ever-changing world.
The delivery of CLAS consultancy is specifically tailored to the UK Government departments, executive agencies, related contractors and the wider public sector. These can include:-
The CESG Listed Advisor Scheme closed in 2015 and is to be replaced by the CESG Certified Cyber Security Consultancy.
- Central and devolved governments;
- The wider public sector such as the NHS and Local Authorities;
- Organisations that form part of the Critical National Infrastructure such as power and finance companies;
- The military;
- Law enforcement agencies;
- PSN, CJX and GSI connected organisations; &
- Private sector organisations who require to handle sensitive government information or Government Protectively Marked assets. This may be due to them being in receipt of a Security Aspects Letter, or because they are "List X".
Requirements for CLAS Consultants
CLAS Consultants must:-
- Have IA certification in any role, at any responsibility level;
- Be able to hold and retain a clearance (A minimum of SC for full CLAS members and BPSS for associates);
- Have sponsorship of a UK Limited Company; &
- Have some experience of information risk management in the public sector.