to add a new content
Resource
National Community Security Policy Framework v1.4

This framework provides all national policing and its partners with a clear guide of how information security policies and standards work in national policing, the objectives of the framework, whom the framework and its supporting policy and principles apply to, whom has accountability for information security and risk and how policies will be governed.

Published 01/09/2024
Authoring body: Police Digital Service (PDS)
Policy
Resource
National Policing Community Security Policy Framework v1.3

This framework provides all National Policing and its partners with a clear guide of how information security policies and standards work in National Policing, the objectives of the framework, whom the framework and its supporting policy and principles apply to, whom has accountability for information security and risk and how policies will be governed.

Published 01/10/2023
Authoring body: Police Digital Service (PDS)
Policy
Resource
NCSP Cryptography Standard

This standard sets out the Cryptographic Algorithms to be used within policing. A list of algorithms are provided initially followed by applications and the associated cryptography required for each application. Finally the standard provides some commentary on the emerging cryptography for post quantum computing and lightweight computing.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing

Published 01/07/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
System Access annual review

This standard defines the requirements which, when applied, will prevent unauthorised access to national policing IT systems. Areas considered include account management, access control mechanisms e.g. biometrics and customer access.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.
This standard also relates to other PDS standards passwords and IAM, which the audience should also consider.

Published 01/07/2024
Authoring body: Police Digital Service PDS
Standards
Resource
Identity & Access Management Standard annual review

This standard defines the requirements which, when applied, will define identity and access management standards to national policing IT systems. Areas considered include account management, access control mechanism, privilege access, account provisioning, account review, access suspension and termination, guest accounts, third party access and audit requirements.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.
This standard also relates to other PDS standards such as passwords, system access, PAM, vetting, which the audience should also consider

Published 01/06/2024
Authoring body: Police Digital Service PDS
Standards
Resource
Third Party Assurance for Policing (TPAP)

This Standard is to ensure that all third party suppliers are examined to fully understand their overall security posture and how that may impact upon Policing, ensure they fully understand the responsibilities they have in looking after policing data, that elements such as the importance of vetting and the cyber security of their systems is understood and they are aware of the requirements when handling and communicating that data.

Published 25/05/2023
Authoring body: The Police Digital Service (PDS)
Standards
Resource
Third Party Assurance for Policing (TPAP)

This Standard is to ensure that all third party suppliers are examined to fully understand their overall security posture and how that may impact upon Policing, ensure they fully understand the responsibilities they have in looking after policing data, that elements such as the importance of vetting and the cyber security of their systems is understood and they are aware of the requirements when handling and communicating that data.

Published 01/07/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
PIN & Biometric guideline

The Biometric & Pin Guidance provides recommendations and best practices for securely implementing and managing biometric authentication and PIN systems.

 

Published 28/06/2024
Authoring body: Police Digital Service (PDS)
Guidance
Resource
NCSP Police Security Classification Guideline V1.0

This guidance is to assist members of the policing community of trust to correctly classify and protect information assets in line with UK Government Security Classification Policy.
This guidance in conjunction with the National Policing Community Security Policy (NCSP) and associated documents supports the requirements of the NCSP Information Management standard.

Published 01/04/2024
Authoring body: Police Digital Service (PDS)
Guidance
Resource
Information Compliance using Microsoft Purview Cyber Guideline

This guidance describes best practice for monitoring, auditing and assuring  the Office 365 tenancy minimise the risk to policing information within the Microsoft 365 service.

Published 01/03/2024
Authoring body: Police Digital Service (PDS)
Guidance
Resource
Physical & Environmental Security Management Standard

This Standard sets out the Physical and Environmental Security measures and considerations to be used within policing. This standard will outline key guidance and advice that should be acknowledged and referred to, and where practicably possible, implemented to safeguard Policing locations including the assets within them.

Published 01/03/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
Electronic Communications Management Standard

This standard supports the policy set out in the National Community Security Policy, providing requirements for those designing, building and running electronic communications services within national policing systems. This standard details a minimum set of security requirements and controls that must be met to ensure security of electronic communications services. Consideration is given to the following areas of configuration, email systems, collaboration platforms and voice communications platforms.

Published 01/03/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
NCSP People Security Management Standard

This standard is intended to guide the reader through the process of securely managing personnel and embedding security at all stages of the employee lifecycle.

Published 01/05/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
Privileged Access Management Standard

This standard defines the requirements and best practice for privileged access management which should be adopted to manage elevated access consistently and securely across national policing IT systems.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.

Published 01/05/2024
Authoring body: Police Digital Service (PDS)
Principles
Resource
Physical asset Management standard

The standard aims to ensure that physical assets are acquired securely, configured properly, maintained regularly, and disposed of safely and securely, while ensuring the confidentiality, integrity, and availability of the information they handle. By adopting this standard, organisations can ensure that they are protecting their assets against potential threats, mitigating risks, and complying with regulatory requirements.

Published 01/02/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
Cyber System Management Standard v1.0

This standard defines the requirements which, when applied, will assist with the secure management of systems and networks.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.

Published 01/01/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
Cyber Technical Security Management Standard v1.0

This Standard specifies the minimum requirements regarding technical security management. It describes the requirements to enable members of the community of trust to build and operate an effective technical security infrastructure, applying security architecture principles and integrating technical security solutions, such as malware protection, intrusion detection and cryptography.

Published 01/01/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
Cyber Network Security Standard v1.0

This standard supports the policy set out in the National Community Security Policy, providing requirements for those designing, building and running network services within PDS & policing systems. This standard details a minimum set of security requirements and controls that must be met to ensure security and segregation of network services. Consideration is given to the following areas network device configuration, physical network management, wireless access, external network connections, firewalls and remote maintenance.

Published 01/01/2024
Authoring body: Police Digital Service (PDS)
Standards
Resource
Application Management Standard v1.0

This Standard is intended to guide the reader through the process of securely managing business applications both internally developed and externally sourced, regardless of whether locally installed or cloud based. Centred around stocktaking, documenting and actively managing those applications, this standard should enable the visibility of all business utilised applications, ensuring all are appropriately assessed for risk, appropriately licensed and managed in such a way as to not introduce cyber security risk going forward.

Published 01/11/2023
Authoring body: Police Digital Service (PDS)
Standards
Resource
Vulnerability Management v1.0

This standard supports the policy set out in the National Community Security Policy, providing requirements for those designing, building and running IT services and managing vulnerabilities within PDS & policing systems.

Published 01/11/2023
Authoring body: Police Digital Service (PDS)
Policy
Resource
Information Management v1.0

This Standard defines the requirements to implement Information Management as mandated in the National Community Security Policy. It encompasses the management of policing information within the OFFICAL tier of the Government Security Classification model.

Published 01/12/2023
Authoring body: Police Digital Service (PDS)
Standards
Resource
Identity & Access Management Standard annual review

This standard defines the requirements which, when applied, will define identity and access management 
standards to national policing IT systems. Areas considered include account management, access control 
mechanism, privilege access, account provisioning, account review, access suspension and termination, 
guest accounts, third party access and audit requirements. 
This standard adheres to the National Policing Community Security Policy Framework and is a suitable 
reference for community members, notably those who build and implement IT systems on behalf of 
national policing.
This standard also relates to other PDS standards such as passwords, system access, PAM, vetting, which 
the audience should also consider

Published 01/05/2023
Authoring body: Police Digital Service (PDS)
Standards
Resource
National Policing Community Security Principles v1.2

Principles are general rules and guidelines, intended to be enduring and seldom amended, that inform and support and prioritise the way in which National Policing decides which ideas, initiatives and/or opportunities are to be progressed (and warrant investment) and those that are not. These principles are a fundamental part of the National Policing Community Security Policy Framework and provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of information security capabilities can be assembled. The primary focus of these principles is to provide the starting point for, setting the policy, standards and control objectives, which support the Community Security Policy Framework. The audience, scope, objectives, and governance for these principles are defined by the National Policing Community Security Policy Framework, which can be found on Knowledge Hub. For clarity these principles are approved by the Police Information Assurance Board (PIAB) and apply to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing.

Published 09/02/2023
Authoring body: Police Digital Service (PDS)
Principles
Resource
National Policing Community Security Policy v1.0

National Policing will maintain public trust by securing our data and by applying a consistent, proportional approach to technology risk across policing. The Community Security Policy (CSP) is an integral part of the Community Security Policy Framework and combined with Community Security Principles and the supporting standards, control objectives and other supporting documentation will help policing maintain public trust in its management of information assets. This Policy should be read in conjunction with the National Policing Community Security Policy (CSP) Framework, and Community Security Principles with which this policy is aligned. The audience, scope, objectives, governance and exception process for this policy are defined by the National Policing Community Security Policy Framework, which can be found in Knowledge Hub. For clarity this policy has been approved by the Police Information Assurance Board (PIAB) and applies to all members of the ‘Community of Trust’ as defined by the National Policing Community Security Policy Framework, and any suppliers and partners that have access to, store and/or process Police information, to provide services to Policing. This policy has taken into consideration and is aligned with industry best practice, which includes ISO/IEC 27002:2022, CIS Controls v8 (Center for Information Security), NIST Cyber Security Framework, CSA Cloud Controls Matrix v4 (Cloud Security Alliance) and NCSC 10 Steps to Cyber Security.

Published 26/10/2022
Authoring body: Police Digital Service (PDS)
Policy
Resource
System Development Standard

This standard outlines the functions within the Secure By Design (SbD) process, aligned to project stages, to ensure a consistent approach to cyber security is achieved throughout a system’s development. The purpose of this standard is to define an approach to ensure that all products / solutions are assured in a repeatable, structured and consistent way. This will enable security controls to be designed into solutions at an early stage, ensuring the secure delivery of solutions across policing, whilst identifying and managing risk to within risk appetite.
This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.

Published 01/09/2023
Authoring body: Police Digital Service (PDS)
Standards
Resource
Cyber Threat and Incident Management v1.0

This Standard specifies the minimum requirements regarding cyber threat and incident processes and actions. It aims to provide PDS (Police Digital Service) and policing with clear direction to manage threat, vulnerabilities and incidents associated with cyber-attacks and cyber incidents.

Published 01/12/2023
Authoring body: Police Digital Service (PDS)
Standards
Resource
NCSP Overseas IT Access Guidelines v1.1

This guidance describes best practice risk management controls for accessing Policing ICT resources whilst abroad. It also describes the circumstances when forces can make a local decision or when referral to NSIRO is required when use abroad is required.

Published 01/05/2024
Authoring body: Police Digital Service (PDS)
Principles
Resource
Cryptography Standard v 1.0

The purpose of this standard is to establish a set of cryptographic algorithms and protocols for use in specific applications for the transmission and storage of Police Data up to the classification of OFFICIAL. The requirements are the minimum acceptable levels of encryption and are aligned to the NIST and NCSC frameworks and are applicable to cloud environment, on premises environments and the data networks that interconnect them.

Published 25/05/2023
Authoring body: The Police Digital Service (PDS)
Standards
Resource
System Access Standard

This standard defines the requirements which, when applied, will prevent unauthorised access to national policing IT systems. Areas considered include account management, access control mechanisms e.g. biometrics and customer access.

This standard adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.

This standard also relates to other PDS standards passwords and IAM, which the audience should also consider.

Published 02/04/2023
Authoring body: Police Digital Service
Standards
Resource
Memorandum of understanding in relation to digital evidence sharing between the CPS and XX (police force) TEMPLATE

The purpose of this Memorandum of Understanding(“MOU”) is to detail the arrangements in place to enable the efficient sharing of multimedia evidence (“MME”) by the Relevant Police Force to the CPS via the relevant Digital Evidence Management System Link (“DEMS”).

Published 31/05/2024
Authoring body: PDS Police Digital Service
Reference Data / Templates