Surrey County Council choose Novell for Code of Connection

Subscribe to the GTN Newsletter

Home

articles

april 2009

Friday, 27 March 2009 16:21

What is CoCo compliance and why would an organisation need it?

CoCo stands for ‘Code of Connection’, it is a mandatory set of requirements that must be met before connecting to the Government Secure Intranet (the GSI). The GSI allows compliant bodies such as Local Authorities and other public sector organisations use of a secure network for email and other such services.

The benefits are the ability for governmental and non-governmental bodies to deal with each other electronically over secure links. Within the secure environment there exists different levels that relate to the security level or protective marking of information exchanged; these ' communities' require differing levels of compliance and require separate submissions.

So, we know what 'the GSI' is all about - What are the issues for an organisation wishing to seek CoCo compliance?

Compliance is a very broad church and generally speaking not one that most organisations eagerly attend, its benefits are not immediately obvious and only when things go wrong do they surface. In the case of CoCo compliance, whilst self certified, it can be the subject of regular audits and is re-assessed annually so it requires effective self governance.

The cost and complexity of managing access - monitoring, recording and alerting login/logout events and access to restricted data is a barrier to implementing effective audit policy. The complexity issues have be overcome, auditing use of the GSI has to be invisible to the end user and fully automated, whilst giving the risk owner confidence that they can confirm compliance on request.

At audit time, be it an annual submission of CoCo compliance or Office of Government Commerce buying solutions (OGCbs) spot check, the ability to produce meaningful reports is vital, manual trawls of logs and database tables can be time consuming and is not an effective use of resource.

How does an organisation approach CoCo compliance?

There are very thorough guidelines to walk an organisation through this process, third party suppliers (Securiam) can assist as part of the ‘Compliance Review’ only after permission from OGCbs has been sought. Non Disclosure Agreements (NDA) have to be signed before suppliers gain access to the full specifications. At a minimum the following events must be monitored and logged.
1.   Login\ Logout
2.   Failed Logins
3.   All access to RESTRICTED data
4.   Privileged user activity

Finding a partner is one step, the other as always is using flexible software to underpin the solution, using software that can be tailored for problems that achieving CoCo Compliance is vital - but more on that later...

Securiam are experienced in helping organisations deploy audit and compliance solutions, these include a major british telecoms provider and a police force. Securiam is in the process of helping Surrey County Council meet the CoCo requirements, we hope to report later in the year on the success of the submission to Government Connect.

So what is the Securiam solution?

The Securiam approach is to work with and enhance the existing applications reporting abilities by using a flexible event capture process to mine events either through execution of native API's or parsing standard logs.

The process of gathering security event information is automatic; it is totally invisible to the user and can provide electronic evidence to back legal argument to disprove/prove liability.

All the audit data in the world will be of no effective use without strong reporting functionality, any solution needs to able to mine data and produce effective reporting. Securiam deployed solutions support Crystal reports to format and distribute information. Surrey CC will be able to produce reliable report data any time they are requested for proof of CoCo compliance.

Why Sentinel?

Securiam are strong advocates of software product from Novell called ‘Sentinel’ a flexible audit and reporting tool, one of its best features is the ability to provide templated solutions packs, these Solution packs can be taken to other organisations as a basis for deployment of shrink wrapped solution - Securiam are in the process of developing just such a solution pack for CoCo compliance.

Novell Sentinel has advanced features that allow it to take seemingly disparate security events to make logical decisions, this feature called the ‘Correlation’ is policy controlled and enabled for enhanced event reporting.

Sentinel is not a single point solution; it can help in the provision of a wide range of compliance solutions including 'Threat and Vulnerability management', 'Access Governance' and 'Regulatory Compliance'. Because of this flexibility the cost can be spread across an organisation.

Technology Poll

Mobile and Flexible Working Technology - What is holding you back?

	Too much choice
	Lack of security
	Not enough budget
	Poor Wireless Coverage
	Incompatible platforms
	Lack of confidence in vendors
	Lack of integration with back end systems
	Change in working practices

Main Menu