KORTHEXkorthex.flowence.cc

Jurisdictions / United Kingdom

United Kingdom: NCSC Foundation Profile

The UK overlay carries 4 jurisdiction rules built on the NCSC Foundation Profile, the National Cyber Security Centre's baseline for TLS and cryptographic configuration. The recommended UK activation layers it on top of the NIST authority channel: NIST supplies the algorithm baseline, the overlay supplies the NCSC-specific posture.

What the overlay grades

  • TLS configuration against the NCSC Foundation Profile: current protocol versions and recommended suites
  • Cryptographic mechanisms against NCSC guidance for UK enterprise and public-sector use
  • Tagged NCSC-Foundation on every finding the overlay grades, with file and line evidence

Recommended configuration

UK organizations activate the NIST channel plus the UK overlay. Where NCSC guidance is stricter than the global baseline, the overlay's verdict is visible alongside the NIST stance on the same finding, so procurement and assurance reviews see both.

Frequently asked questions

Why does the UK profile build on NIST?

NCSC guidance aligns closely with the NIST algorithm baseline; the overlay adds the UK-specific profile on top instead of duplicating an entire authority channel.

Is this only about TLS?

The Foundation Profile is TLS-centred, and TLS findings are where the overlay bites hardest, but its cryptographic-mechanism rules apply to code and configuration findings too.

Does the overlay cover Cyber Essentials?

Cyber Essentials is broader than cryptography. The overlay covers the cryptographic slice of UK assurance work; scheme-level certification stays with your assessor.