The Safeguarding Programme

The Safeguarding Programme was a non-discretionary set of security controls which were mandated to Defence. 

The Safeguarding Programme was a non-discretionary set of information assurance and security controls which were mandated to Defence. This was as a result of a number of incidents in which FVEY data had been lost or compromised, the US mandated the implementation of the Safeguarding initiatives on all their systems. The mandate also included the protection of AS FVEY data information irrespective of where it resided across the FVEY Enterprise (5EE). 

Safeguarding was applied to all current and future UK Above Secret (AS) systems, which are connected to, hold or process data or provide access to data repositories which have originated from a Five Eyes (FVEY) partner.

The CDS Defence Support Project team managed the delivery of the pan Defence Lines of Development (DLoD) Safeguarding Programme on behalf of Defence. This ensured Defences’ ability to continue accessing and sharing critical FVEY data.  Additionally, business practices and processes have been improved increasing Defence’s ability to identify the threat, both malicious and non-malicious, from the trusted insider.  The SfG initiatives have been successfully delivered in line with compliance requirements and reported to the FVEY partners, Government partners and throughout Defence.  This was achieved in line with the original US mandate, within budget and the specified timeline compliance deadline of 31 Jan 17. This was a significant undertaking because of the systems geographic footprint and aggressive timescale for completion.

CDS DS continues to provide support to Defence for the Business support element introduced by the Safeguarding Programme, in addition to the Programme support of the maturing Insider Threat capability.
 

Go back to Case Study page