Cyber Technical Advisory Group

About Us

The Cyber Technical Advisory Group (C-TAG) has UK wide Government and WARP representation.

The C-TAG reports into the Socitm Local CIO Council (LCIOC), supporting the LCIOC standing theme relating to Cyber Resilience, Information Assurance and Security. We also cover wider sectoral issues relating to Information Governance and ethics.

C-TAG works closely with the NCSC, LGA, Cabinet Office, MHCLG and through the UK wide representation C-TAG is also able to engage with the Devolved Administrations who are full C-TAG members

The current C-TAG programme is funded through a grant from the LGA, through the Cabinet Office National Cyber Security Programme (NCSP). We remain very grateful for the funding to maintain the work programme.

All C-TAG project deliverables are uploaded to our GitBooks site:

C-TAG Virtual Workshops

29th April & 09th June, 10am to 11am- MTA-STS: Now considered by NCSC/Mailsheck to be part of what is needed for better Email Security (and to build upon the progress made with DMARC)

This presentation has a heritage, in so much as it predates the active interesting MTA-STS by NCSC and Mailcheck by over a year and covers in a “cookbook” format how to set up MTA-STS and what can go wrong.

MTA-STS is a standard already in use by many major email systems including the NCSC as well about a dozen or so councils up and down the country.

29th April Link:

09th June Link:

04th May, 10am to 11am- Security Vendors of Concern (SVoC) Workshop

During this presentation, Mark Brett will present on his recent paper for C-TAG detailing Security Vendors of Concern (SVoC). “Security Vendors of Concern (SVoC)”, are those products or services that may be under the control or influence of hostile states or organised criminals. When undertaking a Risk Assessment, these are generally grouped under supply chain concerns.

04th May Link:

11th May & 22nd June, 10am to 11:30am- Dark Web Workshop

This workshop is based on the premise you want to know more about the dark web, or that you may have a need to have a look at what is there, perhaps to check if you can find any stolen data belonging to your organisation perhaps (post ransomware attack).

It deals with some of the many myths that surround the dark web, explores the differences between Deep and Dark webs, as well as what scanners and command-line options are available for searching for data...

It features a live demo around how to get to the Dark web and some safety precautions to take prior to going online to the dark web as well while you are there, as well as looking at some dark web sites and doing some searches.....

11th May Link:

22nd June Link:

26th May, 10am to 11:30am- zED: baselining your peers and suppliers email

zED, a point product/tool, directly addresses a question that came from the WARPs about how public sector organisations can assess the risks (email hygiene) of their peers and suppliers, amongst new summer 2021 features is the checking if a domain meets the NHS DBC1596 secure email standard, as well as proven reporting on SPF, DMARC and the MTA-STS standards.

zED checks TLS and DNS records you wish to have checked, to ascertain your exposure to risk via email from your peers and suppliers, this is a weekly scan based upon the domains you want to check and is complementary to NCSC’s Mail Check tool.

26th May Link:

01st June, 10am to 11:30am- Improving your Email Security Workshop

This session will be limited to a maximum of six domain names or organisations, however more than one person from each organisation can attend. The purpose of each workshop is to drill down on each domain name, understanding where are on the email security journey that organisation is and help to identify what the next best steps would be. To do this successfully, it is important that the attendee understands the above and is comfortable communicating this on the call to peers.

To assist with the session, Bruce will leverage the zED scanner to produce a RAG rating for each workshop attendee domain, which will contain the TLS, SPF and DMARC detail (as well as MTA-STS).

01st June Link:

C-TAG Policy Repository

A repository of cyber security and information governance policy documents produced by C-TAG

C-TAG Cyber Knowledge Repository

A repository of cyber security resources roughly aligned with the DLUHC Key Cyber Security Focus Areas.

Upcoming Socitm C-TAG Virtual Workshops


The NLAWARP serves to encourage the development of multiple, regional Local Authority WARPs and to provide a centralised online services, to reduce the burden on individual WARPs.

Socitm Local CIO Council

The preferred network for professionals who are shaping and delivering public services.

Created with
Mailchimp Freddie Badge

© 2021 C-TAG