Skip to main content

Data Security Standard 9 - IT protection

Date Published:
28 September 2023

Current Chapter

Data Security Standard 9 - IT protection

View all

Next Chapter

Network components (9.1.1 - 9.1.2)

This guidance relates to the 2023-24 (version 6) standard.

NHS England assists risk owners in understanding which national frameworks do what, and which components are intended to achieve which outcomes.

There is a clear understanding that organisations can tackle the NDG Standards in whichever order they choose, and that the emphasis is on progress from their own starting points.

A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as cyber essentials. This is reviewed at least annually.

Please refer to further note on professional judgement, auditing and UK GDPR.

Last edited: 28 September 2023 11:06 am

Chapters

  1. Data Security Standard 9 - IT protection
  2. Network components (9.1.1 - 9.1.2)
  3. Password strength, remote locations and managed estates (9.1.1 - 9.1.2)
  4. Penetration testing (9.2.1 - 9.2.2)
  5. Know your boundaries (9.2.1 - 9.2.2)
  6. Risks
  7. Remediation post-testing (9.2.3)
  8. OWASP Top 10 vulnerabilities (9.3.1, 9.3.3, 9.3.7)
  9. Domain Name System (DNS) and IP Ranges (9.3.3 - 9.3.5)
  10. Connected Medical Devices (9.3.8 - 9.3.9)
  11. Perimeter defence (9.3.6, 9.4.1)
  12. Assurance (9.4.4 - 9.4.5)
  13. Secure configuration (9.5.1 - 9.5.10)
  14. Firewalls (9.6.1 - 9.6.6)
  15. Frameworks that can help
  16. IT Infrastructure Library (ITIL)