Search - National Standard Microsite
OVERSEAS IT ACCESS GUIDELINES
This guidance describes best practice risk management controls for accessing Policing ICT resources whilst abroad. It also describes the circumstances when forces can make a local decision or when referral to NSIRO is required when use abroad is required.
System Access Standard
This standard defines the requirements which, when applied, will prevent unauthorised access to national policing IT systems. Areas considered include account management, access control mechanisms e.g. biometrics and customer access.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.
This standard also relates to other PDS standards passwords and IAM, which the audience should also consider.
Password Standard v1 approved by NCPSB JAN 23
This standard supports the National Community System Policy System Access requirements with respect to defining requirements for the use and selection of a password / passphrase-based method of authentication. It should be read in conjunction with the System Access standard. Passwords represent only one method of authentication (something that you know) and should be combined with other methods such as something you have (token) or something you are (biometric). It is not always possible especially with legacy applications or services to utilise multi-factor authentication, and this is where this standard can help to ensure that risks are effectively managed. A strong passphrase / password will help to ensure lawful business access to applications, mobile devices, systems and networks when combined with an agreed access control policy and supported by an Identity and Access Management (IAM) system. Undertaking a business impact assessment (BIA) is important to determine specific information security requirements to support proportionate risk management. This Standard is aligned with the NCSC’s password guidance.
Digital Evidence Storage v3.0
This is intended as a high-level overview of the requirements for digital evidence storage in a multimedia context. Ratings follow the MoSCoW system of Must, Should, Could and Won’t. The requirements are split into two sections, File Handling and Functionality. Systems must be compliant with the principles in the DSTL NPCC Digital Imaging and Multimedia Procedure v3.0 and Recovery and Acquisition of Video Evidence v3.0 and adhere to the Forensic Science Regulator Act 2021 and Statutory Code.
NPCC framework for use of video evidence v3.0
This document is relevant to all police non-specialist front-line staff and forensic unitsi who utilise video evidence and to bring clarity around activities relating to recovery, acquisition, viewing and processing of CCTV. It outlines those activities that must be undertaken by Police Forces and accredited laboratories in line with the Forensic Science Regulator Act 2021 and Statutory Code. The following charts stipulate what level of training is required and whether force procedures must be in place to carry out Forensic Science Activities (FSAs) and mitigate the risks highlighted by the risk matrix where activities may be excluded from accreditation. This document has been created to support the recommendations of the NPCC CCTV Working Group and Specialist Capability Network and supersedes the now defunct Annex A and B CCTV Scope for Accreditation document, which was previously circulated by the NPCC as a supplement to the first Forensic Regulators FSR-C-119 Code of Practice and Conduct, now replaced by the Statutory Code and FSA Digital Forensics - Video Analysis, and FSA Basic Recovery and Acquisition of Images.
Police National Database (PND) Interface Business and Technical Guidance for Data Providers v3.5.0
This document provides:
• High level PND requirements
• Overview of Data requirements
• PND Message Schema design
• Data transmission mechanisms
• Data Scope
• Overview of software resources available including Data Test Suite.
Note this document is graded OFFICIAL-SENSITIVE, access can be requested by the 'Contact Us' tab at the top of the page.
UK Gov Cookie Cutter Data Science Project Template
This is a data science cookiecutter template for analytical, Python-, or Python and R-based projects within Her Majesty's Government, and wider public sector including policing, where it has been trialled and used as a standardised template for effectively sharing data science work and includes security features using pre-commit hooks to preserve sensitive information.
It also provides an Agile, centralised, and lightweight analytical quality assurance (AQA) process. Pull or merge request templates are used to nudge users to complete this process. This helps meet HM Government best practice on producing quality analysis, as defined in the Aqua Book.
The original developer in GDS has provided a blog post explaining the reasons for creation and provided a live demonstration from March 2021 on version 0.5.3.
The National Standards Assurance Board reviewed this in January 2022 and found it being owned and actively developed by the Office for National Statistics, Best Practice and Impact team.
Open Source Software - Exploring the Risk (Good Practice Guide 38)
This guidance seeks to assist a range of IA professionals in exploring the risks associated with the use of Open Source Software (OSS) products. It does so by prompting a number of ‘whole lifecycle’ issues and questions which potential users should ask themselves when making software choices, not just of OSS, but also of proprietary products. This is because there are no ‘right’ or ‘wrong’ answers when it comes to the security of OSS versus that of proprietary (typically closed source code) products. There are good and bad examples of each in this respect and no one type is inherently more, or less, secure than the other.
This guidance supports the Government ICT StrategyI objective of creating a level playing field for open source software solutions. It does not evaluate, recommend or otherwise offer judgement on the following:
Specific OSS products;
Savings in running costs that an organisation may realise by the adoption of OSS over proprietary products;
The legal risks that may arise, for example from issues concerning copyright, intellectual property, or infringement of licences
This guidance was reviewed by the National Standards Assurance Board in January 2021 and was deemed to still provide relevant information
Retention, Storage and Destruction of Materials and Records relating to Forensic Examination
The purpose of this document is to provide guidance on the retention, storage and destruction of forensic materials and their associated records retained by physical and digital Forensic Units.
Biometric Standards and Exchange Requirements for Home Office Partners and their Suppliers v3.04
The purpose of this document is to provide details of the biometric interchange and image standards that must be adhered to by Partner1 organisations and their Suppliers that need to communicate with the back end biometric matching systems governed by the Home Office Biometrics (HOB) programme. (Note that the current HOB systems covered in this document are the HOB Biometric Services Gateway (BSG), Home Office “Immigration and Asylum Biometric System” (IABS) and national police fingerprint system, “IDENT1”.)
The document is divided into five parts as follows:
1) The Home Office biometric exchange format – “HONE-1”
2) Biometric recording and image standards, mandatory
3) Biometric recording and image standards, conditional
4) Biographic data, general
5) Appendices