Compliance Guide:GSi - the UK Government Secure Intranet
The GSi is the primary secure IP network connecting UK government departments with other UK public sector bodies. Managed by Buying Solutions and delivered through a partnership with Cable and Wireless UK the GSi also provides for onward secure communication to other networks including the criminal justice department, police and NHS, Within the GSi umbrella, organisations can connect to a specific community:
The GSE Community is for sponsored private sector organisations supplying services to government.
The GCSX Community is for organisations such as English and Welsh Local Authorities who's processes and procedures comply with commercial best practice equivalent to impact level 2 (IL2 'Protect').
The GSX Community is for organisations working with impact level 2 and occasionally impact level 3 data (IL2 'Protect' and IL3 'Restricted').
To be able to connect to the GSi resource, organisations must comply with the relevant Code of Connection (CoCo) for IT security, keeping the network secure within their own IT infrastructure and having accessed secure data ensure that it remains secure.
The code of connection (CoCo) for these communities states that computers, laptops and portable devices used for mobile/home working and data at rest or in transit must be encrypted and that a FIPS-140-2 validated product is acceptable for this where data is considered as IL1 'Private' and IL2 'Protect'.
Approved to FIPS-140-2, DESlock+ Pro will meet the needs of those organisations who are, or wish to be part of the GSC, GCSX and GSX communities operating with data up to IL2 and occasional L3 ('Restricted').
DESlock+ features such as full disk and removable media encryption along with the use of highly secure industry standard encryption algorithms will ensure data security for those using laptops and removable media such as USB memory sticks and portable hard drives.
|Code of Connection (CoCo) requirements||DESlock+ features|
|Protection of data at rest||All versions of DESlock+ include file, folder and virtual drive encryption as standard to secure data at the endpoint.|
|Protection of data in transit||DESlock+ Pro includes full-disk encryption and removable media encryption, all versions include encryption for email, files and archives.|
|Use a FIPS 140-2 validated product||FIPS-140-2 validated.|
|Mobile/Home working to use encryption of data at rest and in transit using FIPS 140-2 approved products||FIPS 140-2 validated, includes full-disk encryption, removable media encryption and free home use.|
|Removable media must be handled in accordance with CESG guidance||DESlock+ allows blocking (IL2, IL3) or forced encryption of removable media devices (IL2).|
|Secure practices for working with IL 2 'Protect' data.||FIPS 140-2 validated, includes full-disk encryption, removable media encryption.|
|Secure practices for occasional working with IL 3 'Restricted' data.||For occasional IL3 data, FIPS 140-2 validated products such as DESlock+ are normally permitted by operational security policy.|