Achieve GPG 13 Compliance with a Smarter
Protective Monitoring Solution

CESG’s Good Practice Guide 13 (GPG 13) is a Protective Monitoring framework for HMG ITC Systems, service providers and outsourcing companies to reduce risk and secure confidential data. But there are many misconceptions about GPG 13 compliance. You may consider GPG 13 too costly and therefore assume the risk. Additionally, some government departments might consider GPG 13 compliance requirements are limited to collecting log files and therefore neglect to integrate required change detection capabilities.

Tripwire delivers a Protective Monitoring solution to help organizations gain situational awareness of events of interest that reduce the risk window and affordably meet GPG 13 compliance requirements.

Sustaining SOX Compliance Through Automation



Tripwire helps Government bodies achieve GPG 13 compliance with a tightly integrated solution that combines log intelligence with FIM and configuration control. The integration delivers an automated solution that provides real-time monitoring, change detection, reporting and investigation to meet the requirements of Protective Monitoring for HMG ICT systems and the recommended controls of GPG 13.

Tripwire solutions allow Government bodies to:

  • Meet the requirements of Protective Monitoring for HMG ICT systems utilizing the recommended controls of GPG 13.
  • Monitor in real-time to instantly detect changes and events that may affect security.
  • Instantly alert upon detecting suspicious behavior within the enterprise.
  • Collect any readable audit, accounting or operational log and channel it to a scalable flat-file based data storage in accordance with the organization’s Forensic Readiness Policy.
  • Conform to standards such as the Security Policy Framework (SPF); GCSX requirements; Data Protection Act and Community Security Policy (CSP).

Tripwire Enterprise 8.5 Product Brief


Compliance and security overlap, but are not the same. Compliance provides standards and procedures for a stable system with security controls, while security identifies and protects from threats and vulnerabilities. We needed a solution that addressed both issues.

Dominick Birolin, Network Engineering & Cyber Security Lead, Essential Power

With this forensic capability and audit- able tool it is clear what changes or events have taken place: I believe this will significantly reduce the unplanned changes that can affect system integrity. Tripwire is now another weapon in our armory ensuring we are on top of any risk that The Logic Group may face.

Nigel Hearth, IT Director, The Logic Group