The One Login identity system only meets 21 of the CAF requirements.
The Government Digital Service (GDS) has yet to achieve conformance with cybersecurity standards for its Gov.uk One Login digital identity system.
Almost three years since security concerns were first raised, a disclosure by Computer Weekly has revealed that the One Login team is still working to fully meet NCSC guidelines, with the team only complying with 21 of the 39 outcomes detailed in the NCSC Cyber Assessment Framework (CAF).
One Login is intended to become the primary way for citizens to access online public services, and 2was recently assessed as part of a GovAssure review, which found that in the space of a year, the GDS digital identity team had moved from meeting only five of the 39 CAF outcomes to 21.
GDS says CAF assessors noted One Login’s “understanding of cyber security” and that plans are in place to achieve the “exceedingly high standards” of CAF conformance by the end of the year.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
