Source · Select Committees · Public Accounts Committee
Recommendation 34
34
Deferred
Cabinet Office accepted NAO recommendation for cross-Government cyber security implementation and monitoring plan
Conclusion
We challenged the Cabinet Office on whether its plans were realistic. The Cabinet Office told us it had accepted the NAO’s recommendation that it needed a cross–Government implementation plan and a stronger monitoring and evaluation framework.75 It said these would be ready in the summer of 2025, after the Spending Review concluded.76 We asked the Cabinet Office how it knew which were the right issues to focus on if it lacked oversight of departments’ activities. The Cabinet Office clarified that it was working closely with departments, including through GovAssure and the GC3, which has helped it better understand and measure department’s risks and challenges.77
Government Response Summary
The government agrees with the committee's observation and states that work is underway to define a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans later in 2025.
Government Response
Deferred
HM Government
Deferred
6.1 The government agrees with the Committee’s recommendation. Target implementation date: Winter 2025 6.2 Work is underway to define a future Target Operating Model for Cyber and Digital Resilience, which will set out how government and the public sector should organise itself and operate to understand, govern, and respond to cyber and digital resilience risk. Later in 2025, DSIT will set out plans for implementation of this model, and how it will enable the delivery of a strong and interventionist approach to cyber and digital resilience.