ThreatLocker and the National Data Guardian's Standards for Data Security

6 min. readlast update: 07.10.2023

 

The National Data Guardian’s (NDG) standards for data security is a set of 10 standards that healthcare organizations in the UK are expected to follow. 

When implemented correctly, the ThreatLocker Endpoint Protection Platform can assist in reaching some of the standards outlined by the NDG’s standards for data security. We have made our best effort to outline the standards that ThreatLocker assists with. Where an item is not listed below, ThreatLocker does not currently assist with meeting that standard. 

For the most up-to-date information regarding the National Data Guardian Standards for Data Security, please visit: Data Security and Protection Toolkit assessment guides - NHS Digital 

Data Security Standard 4 – Managing data access 

“Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required.  All access to personal confidential data on IT systems can be attributed to individuals.” 

Systems holding personal confidential information – part 1 (4.1.1-4.2.4) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control.  
  • ThreatLocker Storage Control allows the creation of granular storage policies to permit access to data locations per user and application, to support least privilege access.  
  • ThreatLocker Network Control can be used to control access to network resources containing data, such as a fileserver. Block inbound traffic to data servers and create policies to permit access based on IP addresses, hostnames, or agent authentication.  
  • The Unified Audit provides a protected central log of activity across an environment, including date/time, logged in user, and hostname.  

Systems holding personal confidential information – part 2 (4.3.1-4.5.5) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control.  
  • ThreatLocker Configuration Manager can be used to disable local admin accounts. 
  • ThreatLocker Elevation Control can be used to automatically elevate applications that require elevated permissions to run without the need for users to input local admin credentials.  
  • ThreatLocker Configuration Manager can be used I enforce password complexity, age and length, and can be used to set automatic lockout policies after {x} failed attempts. 
  • ThreatLocker Configuration Manager can be used to block access to social media platforms. 

Data Security Standard 6 – Responding to incidents 

“Anti-virus, anti-spam filters and basic firewall protections are deployed to protect users from basic internet-borne threats.” 

End point anti-virus (6.2.1-6.2.9) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control.  
  • ThreatLocker Allowlisting provides protection against viruses and malware. No software, script, or library not contained on the allow list will be able to run. 

Always on, always connected, always up to date (6.2.3-6.2.4) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control.  
  • ThreatLocker Allowlisting provides protection against viruses and malware. ThreatLocker cannot be turned off or disabled except by a ThreatLocker administrator, via the ThreatLocker Portal. It is continually monitoring the environment. The ThreatLocker version will automatically update by default. 

Blocking web malicious content (6.2.5) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control.  
  • ThreatLocker Allowlisting provides protection against viruses and malware, including those introduced by a website. 

Acting upon known vulnerabilities (6.3.1-6.3.5) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control. 
  • ThreatLocker Ops provides policy-driven detection, alerting, and responding to IOCs and vulnerabilities. 

Monitoring (6.3.4) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control. 
  • ThreatLocker Ops provides policy-driven detection, alerting, and responding to IOCs and vulnerabilities. 

Data Security Standard 8 – Unsupported systems  

“No unsupported operating systems, software, or internet browsers are used within the IT estate.” 

Know your estate (8.1.1-8.4.3) 

  • The ThreatLocker Endpoint Protection Platform can assist with meeting this control.  
  • ThreatLocker provides an up-to-date inventory of all devices with ThreatLocker installed, as well as inventory of removable storage devices. 
  • ThreatLocker provides an inventory of all software installed and running in the environment, including internet browsers. The software included on the allow list is the only software that will be able to run. Easily disallow software by removing any policy that permits it. 

Data Security Standard 9 – IT protection 

“A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.” 

The ThreatLocker Endpoint Protection Platform can assist with meeting this control. Please see our associated article on how ThreatLocker assists organizations in meeting Cyber Essentials compliance here:  Cyber Essentials.

Network components (9.1.1-9.1.2) 

  • ThreatLocker Network Control is a centrally managed endpoint and server firewall. It does not have a default password and can only be accessed by users with login credentials for the ThreatLocker Portal. 
  • ThreatLocker Configuration Manager provides the ability to manage local accounts from within the ThreatLocker Portal. Disable guest accounts, and local admin accounts as well as enforce password complexity, age, and length to help protect against unauthorized access. 

Password strength, remote locations and managed estates (9.1.1-9.1.2) 

  • ThreatLocker Configuration Manager provides the ability to manage local accounts from within the ThreatLocker Portal. Disable guest accounts, and local admin accounts as well as enforce password complexity, age, and length to help protect against unauthorized access. 

Secure configuration (9.5.1-9.5.10) 

  • ThreatLocker can assist in the management of software installation. Software not contained on the allow list will be unable to run. 
  • ThreatLocker can assist in enforcing encryption. Storage Control policies can be set only to permit encrypted devices to access data. ThreatLocker Configuration Manager can alert if full disk encryption is not enabled. Together these settings help ensure that data at rest is encrypted. 
  • ThreatLocker Storage Control can block all USBs and it can permit each needed device by serial number.  
  • ThreatLocker Configuration Manager can disable auto-run and auto-play. 
  • ThreatLocker Network Control can assist in protecting network resources. Even when a port is open for an authorized connection, unauthorized devices will not have visibility of the open port.  

Firewalls (9.6.1-9.6.6) 

  • ThreatLocker Network Control can assist in blocking unauthenticated inbound connections. Per network protocols, block access to all inbound traffic and permit only those connections that are necessary, and only permit necessary devices to connect. Even when a port is open for an authorized connection, unauthorized devices will not have visibility of the open port. 
Was this article helpful?