Protective Monitoring: GPG 13 Compliance

Protective monitoring for HMG ICT Systems is based on CESG’s Good Practice Guide no.13 (GPG 13). It provides a framework for treating risks to systems and includes mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest.

All HMG organizations, whether central or local government, police, fire, health and education authorities are mandated to comply with policy, standard, legislative and regulatory requirements.

Protective monitoring with its levels of log management and reporting can help in forensic readiness, incident management and most importantly, delivering against these regulatory requirements by providing evidence of compliance to the auditors.

A fundamental component of an effective protective monitoring strategy is an automated log and event management platform that delivers a repeatable service to all stakeholders.


There are 12 Protective Monitoring Controls (PMC) defined by GPG 13 describing specific organizational requirements for monitoring. Each PMC has a recording profile that measures the strength of a particular solution.

Information systems must be monitored in real time to ensure compliance with GPG 13 best practices. Investigations, reports and alarm rules must provide immediate analysis and notification of conditions that are impacting the integrity of the enterprise.

Areas of non-compliance should also be identifiable in real-time. When investigating automation of these requirements, key functionality should also be available in the log management solution such that additional reports and alarm rules are available to further augment the usefulness of the log data.

Solution Summary

LogRhythm is deployed with an integral report package developed specifically to address the needs of GPG 13. Using our inbuilt information classification schema to simplify the task of interpreting detailed technical information into logical business and compliance language, LogRhythm’s time to value is extremely rapid.

Enterprise assets defined within the scope of the protective monitoring compliance mandate are categorized by control type and these devices are eligible for inclusion in the report framework. Reports can be generated as needed by the GPG 13 Compliance Officer, and scheduled to run at pre-determined intervals.

Additional benefits to be gained from adopting an automated approach to protective monitoring are visibility into your security posture, controlling the cost of demonstrating compliance, and reducing the complexity of managing a heterogeneous IT infrastructure.

Trusted by the Best