Guidance

Expert, trusted, and independent guidance for UK industry, government departments, the critical national infrastructure and private SMEs. All our guidance is advisory in nature and is underpinned by our unique insights into cyber threats.

Guidance overview

Guidance overview

Why we publish guidance

Our guidance is a crucial part of ensuring that the UK has the capacity to manage the increasing cyber threat. Based on our unique perspective that we provide through our global intelligence insight, we publish practical and proportionate security guidance to protect both new and existing IT systems, and the UK's critical national infrastructure.

Our approach to guidance

We provide advice, not standards or policy. And because our guidance is advisory in nature, it provides a sound basis from which to make your own, informed decisions that are right for your organisation. With help from our colleagues in CPNI providing expert protective security advice, we take an experienced, balanced view of risk to identify appropriate countermeasures.

Where to start?

Our aim is to provide the best possible cyber security advice and information to everyone in the UK, including the public and members of organisations of all kinds.  10 Steps to Cyber Security outlines the basic cyber security procedures to protect your organisation from cyber attacks, while Cyber Essentials allows organisations to advertise that they meet a government endorsed standard of cyber hygiene.

Cyber security is only one part of the landscape

Together with our colleagues in CPNI, the NCSC is working to help protect things that matter the most to the UK. We believe that a holistic approach that considers physical and personnel security as well as cyber security is necessary for our customers to effectively manage their risk. Visit the CPNI website to find best-practice guidance on physical and personnel security.

CPNI advice pages

CPNI - Laptop