NHS Secure Boundary

This phase ran until December 2019 and consisted of configuring and testing the platform, and the design and build of operational services, processes and procedures.

The onboarding phase will consist of project teams working with NHS organisations and consumer network service providers to deploy the service.

This phase is expected to last for two years.

Accenture will provide tier 2 support into the NHS Customer Service Function with tier 3 support from Palo Alto and Imperva. Managed services will be delivered utilising an IT Service Management (ITMS) Framework with ISO 20000 accredited ITIL v3 processes.

This phase is expected to last for at least five years.

This is a software as a service (SaaS) based, modern next-generation firewall (NGFW) capability in the cloud, which can be used by NHS organisations to increase their digital security.  

It includes: 

• stateful High Availability (HA) pairs of VM-Series NGFW 
• the ability to be hosted across availability zones 
• dedicated firewalls for each tenant 
• a bandwidth pool apportioned to tenants based on identified bandwidths 

This collates all logs from the firewalls and management platforms within the solution.  

It includes: 

• retention of traffic, configuration and systems logs for six months 
• forwarding of filtered logs to the Data Security Centre Cyber Security Operations Centre (CSOC), enabling us to monitor cyber events across the NHS estate, and provide rapid protection as incidents and risks emerge 

WildFire is a sandboxing platform designed to identify zero-day threats.  

It includes:  

• file sandboxing for analysis of unknown threats 
• creation of signatures to block malware and block the other behaviours 
• dissemination of threat signatures to all Wildfire users, so detection by one can protect all  
• static and dynamic analysis over multiple operating systems and application versions 

Management of the Prisma platform will be done via the central management console, Panorama.  

It includes: 

• a common Graphical User Interface (GUI) integrated with NHS Mail Single Sign On (SSO) 
• a tenant-in-tenant approach to provide global and local control 
• Amazon Web Services (AWS) hosted Panorama with additional NGFWs and role-based access control 

MindMeld is a platform taking in threat data from sources outside of the secure boundary, allowing that threat data to be used by the firewalls in the solution.  

It includes:  

• aggregation and correlation of threat intelligence feeds 
• enforcement of new prevention controls, including IP deny lists 

This is a SaaS based WAF solution to protect applications from malicious online attacks.  

It includes: 

• protection against the most critical web application security risks, such as Structured Query Language (SQL) injection, cross-site scripting, illegal resource access, remote file inclusion 
• multiple capability offerings to meet current and future requirements whilst being cost effective 

Monitors and controls access to websites and website categories. 

Visibility of active applications. 

Selective decryption of traffic for the advanced detection of threats. 

Protects publicly hosted web services from a wide range of online threats.

As we progress through on-boarding, NHS related services using IP allow lists to control access will become known and will be advertised on this support page.

Several services outlined below are thought to use allow list access.

If you are aware of any services that use allow list access but do not appear on this list, please email the NHS Secure Boundary team at nhssecureboundary@nhs.net so records can be updated.