International Cyber Expo International Cyber Expo
  • About Us
Friday, 10 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

ITHC (IT Health Check) and PSN compliance: an overview and considerations

Complete an ITHC to confirm you are PSN compliant and beyond, protecting your organisation and all those who have access to the Public Services Network.

by Jason Hart
June 22, 2021
in Features, Guru's Picks, Insight
Author headshot
Share on FacebookShare on Twitter

What is an IT Health Check (ITHC)

An ITHC (IT Health Check) is a series of tests to ensure that your organisation is impenetrable to unauthorised persons. Specifically, organisations or individuals conduct an ITHC to confirm that they meet key requirements for PSN compliance.

Direct from the ITHC supporting guidance:

“Your ITHC should aim to provide assurance that your organisation’s external systems are protected from unauthorised access or change, and they do not provide an unauthorised entry point into systems that consume PSN services.

The internal systems should be tested to provide further assurance that no significant weaknesses exist on network infrastructure or individual systems that could allow one internal device to intentionally or unintentionally impact on the security of another.”

PSN compliance

Just to make sure we’re all up to speed, the PSN (Public Services Network) is a UK government network which was established to enable public-sector organizations to share resources easily. It is also used by commercial service providers to sell services so that they can be accessed safely and securely by public-sector organisations.

For obvious reasons, it’s extremely important to ensure that this network cannot be breached, which is why any person or organisation who wishes to access the PSN must first demonstrate that they meet all the requirements for PSN compliance.

ITHC Considerations

The ITHC will check your internal and external systems for significant weaknesses and potential entry points, and review your security configurations.

Internal systems

During the ITHC, your internal network should be scanned and manually analysed.

Consider the following:

  • The build and configuration of all devices: laptops, desktops, phones, tablets.
  • Don’t forget to factor in employees personal devices.
  • Consider also, people external to your organisation who may have access to your internal systems, such as clients.
  • The configuration of your wireless network
  • Check that your OS, applications and firmware are updated with appropriate patches.
  • Review network management security and internal security gateway configuration (including PSN)

External systems

Your ITHC should also entail scanning and analysing online systems such as:

  • Email servers
  • Web servers
  • Firewalls
  • Any systems you have in place to allow staff to connect into your organisation remotely, including VPN.

Passwords – your first line of defence

PSN Code of Connection (CoCo) compliance requires you to demonstrate that you have systems in place to secure password protected entry points.

With CoCo: 2. Authentication and access control, these include:

  • Ensuring all passwords are changed from defaults
  • Stopping password/account sharing
  • Ensuring that high-privilege users such as administrators use different passwords across accounts
  • Strengthen authentication by combining passwords with some other form of authentication, such as two-factor.
  • Never store passwords as plain text, but ensure they are hashed using a cryptographic function capable of multiple iterations and/or a variable work factor. See how to change the Active Directory password hash method.

For a quick win to highlight the extent of the password problem in your organisation, it is recommended to audit your Active Directory users and passwords.

One simple method to complete this is with Specops Password Auditor, a free tool enabling you to export in a detailed or high level summary accounts identified with password vulnerabilities, including expired passwords, identical passwords or blank passwords, and compares password hashes on your systems against a regularly updated list of breached passwords so that you can alert affected users to update their password as soon as possible.

Find an appropriately certified ITHC testing partner

Central government customers must choose a partner who is accredited by the CHECK scheme. Non-government customers can also choose testing partners with CREST-approved ITHC services or the Cyber Scheme.

Work with your ITHC testing partner to resolve any issues that arise and you’ll not only meet PSN compliance, but crucially, you’ll be protecting your own organisation, your clients, and your employees.

 

Contributed by Jason Hart, Cyber Security Expert

 

ShareTweet
Previous Post

Biden says 16 sectors should be off limits to attack

Next Post

Lookout expands partnership with Google Cloud to deliver endpoint to cloud security

Recent News

hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026
Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

July 8, 2026
Kirsty Fowler, WorkNest Secure

Next Gen Spotlights: Building a More Resilient Future – Q&A with WorkNest Secure

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol