Skip to main content

NHS Secure Boundary

Our NHS Secure Boundary service is a perimeter security project supporting NHS organisations. Find out how we can help you secure your organisation.

Page contents

Help us to improve

We would like to find out how you use our website to get the information you need on cyber and data security.

Complete our survey.

Update on the NHS Secure Boundary Service

We are pleased to announce that we have finalised the procurement of the future Secure Boundary Service offering.

The service will address many of the key limitations of the current service and provide a mechanism, as our users to further develop the service to meet your needs as well as the latest industry enhancements and innovations.

We will communicate further about details of the service in the coming weeks and will begin mobilising the new service in coming months. When this work starts, we will contact you directly with details of the updated onboarding process and any action you may need to take. We will share more updates as they become available. Read more about the award.

The current NHS Secure Boundary service will continue to be available until 2031.

There will be no interruption to your current service. Organisations can continue to onboard and use the service as normal.

If you have any questions or need support, email [email protected] or speak to your regional security lead.

About our Secure Boundary service 

Our Secure Boundary service provides a perimeter security solution offering protection against security threats.

This solution is part of a larger programme of work being delivered by NHS England’s Cyber Operations to ensure the confidentiality, integrity, and availability of patient data, as well as protecting clinical and business systems from emerging threats.

The solution uses next generation firewall (NGFW) and web application firewall (WAF) protection to protect internet traffic from digital and cloud-based threats.

There will be an initial cost to NHS organisations to fund the onboarding. The ongoing run service element is centrally funded and is therefore free for NHS organisations.

Benefits

Find out about the benefits of NHS Secure Boundary.

Visibility
Visibility

An increased visibility of network traffic, so NHS organisations can better manage their own risk. 

It enables us to identify malicious content within encrypted traffic on behalf of the wider NHS.

Intelligence
Intelligence

It provides enriched threat intelligence, enabling us to respond quickly across the NHS during incidents.

Advanced threat protection provides a detailed view of what's happening locally. 

Compliance
Compliance

It provides capabilities to improve Data Security Protection Toolkit (DSPT) and Cyber Essentials plus (CE+) assessment scores. 

The solution is compliant with CE+, DSPT, National Cyber Security Centre (NCSC) and IT Healthcare (ITHC) regimes and will remain compliant throughout the development of the service.

Value
Value

It's procured at scale to one national standard, enabling improved planning and better value for money for the NHS. 

The solution is free (centrally funded) to run the service for NHS organisations.

Service delivery and onboarding

The revised onboarding approach will be updated shortly in line with the new service.

We currently have 192 organisations onboarded to Secure Boundary, including 22 CNSPs.

Managed services will be delivered utilising an IT Service Management (ITMS) Framework with ISO 20000 accredited ITIL practices.

How it works 

NHS Secure Boundary contains 2 main technology parts, protecting 2 types of internet traffic:

Bi-directional traffic (internal traffic) 

This is traffic from within the NHS perimeter.

Inbound traffic (external traffic) 

This is traffic from outside of the NHS perimeter.

Components

The full list of components will be updated shortly. If you have any questions or need support, email [email protected] or speak to your regional security lead.

Features and capabilities 

Additional features and capabilities will be updates in line with the expected rollout of the new service. If you have any questions or need support, email [email protected] or speak to your regional security lead.

Here are some of the features and capabilities offered by the Secure Boundary service. Expand them to find out more:

Uniform Resource Locator (URL) filtering 

Monitors and controls access to websites and website categories. 

Application ID (APP ID) 

Visibility of active applications. 

Antivirus

Protects against​ viruses, worms and​ trojans, and​ spyware.

Anti-spyware 

Prevents spyware and malware from 'phoning home'.

Application whitelisting

Protects against​ potentially harmful​ applications.

File blocking

Blocks files that are known to carry threats.

Zone and DoS protection

Reduces the portion of the​ network exposed to potential​ attack.

Custom signatures

Can be created to detect​ and block specific​ traffic.

Intrusion protection (IPS)

Protects against attempts to ​exploit flaws or gain​ unauthorised access into​ NHS systems.

WAF

Protects publicly hosted web services from a wide range of online threats.

USER-ID

Identification of all users on the network enabling enforcement of user and group-based access rules.

Response pages

Customised messages and​ instructions to users when​ blocked websites​ or files are accessed.

QOS/rate limiting

Highest priority activity is not compromised when the network is busy.

Data loss prevention (DLP)

Prevents sensitive information from ever leaving the network.

IP allow list

During your organisation’s migration to NHS Secure Boundary, the public IP addresses will change.

If your organisation uses HSCN to access the internet, your CNSP will be in contact to communicate the new IP addresses. If your organisation is onboarding to NHS Secure Boundary directly to protect a local internet breakout, the new IP addresses will be communicated to you through your onboarding project manager.

Following this, your organisation will need to notify any services your organisation accesses to ensure they add the new IP address range to the allow list. 

If you don't take action your organisation could lose access to any services that manage access through an allow list.

NHS related services that may implement allow list access

As we progress through on-boarding, NHS related services using IP allow lists to control access will become known and will be advertised on this support page.

Several services outlined below are thought to use allow list access.

If you are aware of any services that use allow list access but do not appear on this list, email the NHS Secure Boundary team at [email protected] so records can be updated.

Service Type Contact Phone number
Easy (Giltbyte) Finance [email protected] N/A
ISOxford Library [email protected] N/A
NHS Resolution Risk and legal [email protected] 020 7811 2820
Open Athens Library https://www.openathens.net and
[email protected] 		 0300 121 0043
PharmPress (Digital BNF) National [email protected] N/A
Phin SFTP [email protected] N/A
Warwick University Medical study [email protected] and
[email protected]		 N/A
York University Remote access to HYMS University [email protected] 01904 323838
Ignaz Smartphone app for healthcare professionals [email protected] N/A
National Joint Registry Joint replacement registry [email protected] 0845 345 9991
NYH Trauma Network Major trauma network for North Yorkshire and Humberside [email protected] 01482 622394
Taycare Orthotics [email protected] 0113 231 1800
Infopoint ESR Human resources and payroll database system [email protected] IBM Servicedesk: 0845 600 8249
NHS Blood and Transplant Blood and transplantation service to the NHS [email protected] 0300 123 23 23
National Institute for Health and Care Excellence (NICE) – Clinical Knowledge Summaries Providing primary care practitioners with a summary of the current evidence base and practical guidance on best practice https://cks.nice.org.uk/ 0300 323 0140

Register for the service

To register for the secure boundary service, or if you have any questions, please email [email protected]

Access our knowledge base

If you've already registered for NHS Secure Boundary, you can access our knowledge base, which contains guidance on the service.

How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

Objective B: Defending systems against cyber attack

B3.b You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties.

B4.a You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability.

B4.b You securely configure the network and information systems that support the operation of essential functions.

B4.c You manage your organisation's network and information systems that support the operation of essential functions to enable and maintain security.

Objective C: Detecting cyber security events

C1.a The data sources that you include in your monitoring allow for timely identification of security events which might affect the operation of your essential function.

C1.b You hold logging data securely and grant read access only to accounts with business need. No employee should ever need to modify or delete logging data within an agreed retention period, after which it should be deleted.

C1.c Evidence of potential security incidents contained in your monitoring data is reliably identified and triggers alerts.

C2.a You define examples of abnormalities in system behaviour that provide practical ways of detecting malicious activity that is otherwise hard to identify.

C2.b You use an informed understanding of more sophisticated attack methods and of normal system behaviour to monitor proactively for malicious activity.

Last edited: 20 April 2026 12:19 pm