24th Report - Government cyber resilience

Select Committee
Public Accounts Committee HC 643 9 May 2025
Report Status Government responded
Conclusions & Recommendations 35 items (15 recs)
Source View on Parliament website
Government Response (AI assessment · 34 of 35 classified)
Accepted 30
Accepted in Part 1
Deferred 3
Clear

Recommendations

1 results
23 Accepted in Part
GovAssure not designed to assess all critical systems despite improvement goals.
Recommendation
We asked the Cabinet Office how it would increase the scale and pace of GovAssure to assess the cyber resilience of all of government’s critical systems. The Cabinet Office explained that it did not plan to assess 100% 43 C&AG’s … Read more
Government Response Summary
The government agrees to the recommendation, aiming for implementation by Spring 2026, and commits to requiring departments to identify and report critical systems through GovAssure, driving its adoption across government, and determining optimal assessment scale and frequency. However, it does not explicitly detail how GovAssure will be made quicker and easier for departments.
HM Treasury
View Details