To me, this "GovAssure" is just the UK Government putting a branding wrapper around NCSC's CAF, so they can be "seen to be doing something"
Am I just being overly cynical?
Reading the bit in the middle particularly:
"
GovAssure introduces a number of changes in the way government protects itself from cyber threats. These include:
Using NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have. The framework includes measures such as setting out indicators of good practice for managing security risk and protecting against a cyber attack and was designed for making critical national services resilient to attack.
Departments will also be assessed by third parties to increase standardisation and validate results.
Centralised cyber security policy and guidance to help government organisations identify best practice.
"
Aren't these things already happening? Are departments currently not being assessed by third parties? Hasn't the NCSC already got "centralised cyber security policy and guidance" all covered off?
Apart from pure branding, what's actually new here?