CREST IT Health Check (ITHC) NCSC, CESG Compliance

An IT Health check forms a crucial part of an organisations Compliance application. This could be for access to the Public Servcies Network (PSN) or simply a requirement to utilise governement data i.e (Department for Education requirement, DfE)

What is a CREST IT Health CHECK (ITHC)?

ITHC or IT Health Check provides assurance that your organisation’s external systems are protected from unauthorised access or change, and they do not provide an unauthorised entry point into systems that consume Public Services Network services.

The internal systems should be tested to provide further assurance that no significant weaknesses exist on network infrastructure or individual systems that could allow one internal device to intentionally or unintentionally impact on the security of another.

click here to get prices

What is involved in the IT Health Check (ITHC) on-site Assessment?

– Production of a report which provides clear, measurable results

The DigitalXRAID approach to the IT Health Check also includes analysis of:

– Desktop and server build and configuration
– Network management security
– Patching at operating system, application and firmware level
– Configuration of remote access solutions
– Build and Configuration of laptops and other mobile devices such as phones and tablets used for remote access
– Internal security gateway configuration (including PSN gateway)
– Wireless network configuration

 

What to expect from the External Assessment

– Scope includes any system that provides internet facing services.

– Testing covers any remote access technologies that are being used such as VPN, RDP, VNC etc
– If 3rd parties remotely access company resources these avenues are also tested
– In-depth External Vulnerability assessment of internet facing infrastructure

– Production of a report which provides clear, measurable results

Included ITHC Technical Guides

DigitalXRAID provides a comprehensive security best practice guide to all customers:

– Detailed yet clear security walkthroughs to ensure you meet the on-site requirements before the assessment.
– Covers the process of implementing a secure software restriction policy
– How to perform your own vulnerability assessment before the on-site test
– Patch management strategy outlining common failure points
– Outlines workstation preparation requirements before the assessment.

CREST Approved Penetration Testers

How can DigitalXRAID help
my Organisation?

DigitalXRAID are Security Specialist with years of experience in helping large and small companies understand their responsibilities for securing data assets, increasing organisations security position and reducing exposure to Cyber Crime. We are a CREST accredited Company. We will help you to conduct your assessment, document findings and supply you with your detailed IT Health Check report. We also provide consultancy services to help improve your cyber/information security practices should this be required.