Protective Monitoring: GPG 13 Compliance

Established by CESG (Communications and Electronic Security Group), the UK’s National Technical Authority for Information Assurance, Protective Monitoring, also known as Good Practice Guide 13, or GPG13, is a Protective Monitoring framework for HMG ITC (Information and Communication Technology) systems, service providers and outsourcing companies to reduce risk and secure confidential data.

A risk management and accreditation of information system standard, GPG13 applies to all national infrastructure security systems. The standard defines both major security threats and the associated security requirements, and provides a framework for treating risks to systems and the mechanisms for the configuration and collection of ICT log information  to provide an audit trail of security relevant events of interest.

The Bit9 Security Platform helps compliance with GPG13 in many ways.  First the trust-based security platform allows organizations held to GPG 13 to place systems into a positive proactive stance against the approved controls and application within their infrastructure.  Policies can be utilized to match the threat requirements outlined within the standard in order to provide immediate control and visibility over all critical assets.  Secondly, Bit9 can provide a complete audit of all event and log data that applied to the policy standard in order to demonstrate compliance.