This report concerns the Danish Agency for Governmental IT Services’ protection of network equipment on the local networks of central government authorities.
The purpose of the study is to assess whether the Danish Agency for Governmental IT Services has ensured satisfactory protection of network equipment at central government authorities. Rigsrevisionen answers the following questions in the report:
- Has the Danish Agency for Governmental IT Services continuously implemented the security updates released by the manufacturer?
- Has the Danish Agency for Governmental IT Services carried out an adequate risk assessment of the authorities’ network equipment?
Rigsrevisionen assesses that the Danish Agency for Governmental IT Services has not ensured fully satisfactory protection of network equipment at central government authorities. This is because the Danish Agency for Governmental IT Services has not carried out an adequate risk assessment of vulnerabilities in the network equipment and at the same time does not have a complete overview of all the equipment it is required to protect.
Rigsrevisionen initiated the study in June 2025.