Search - National Standard Microsite

to add a new content

Filter/Order

Active Filters

Status

Live

Categories

Cloud

Status

Help

Status describes what stage of the lifecycle a standard is at:

Draft - This National Standard workstream is resourced, has clear outputs and is actively in development
Review - The National Standards Assurance Board are currently reviewing this National Standard
Consensus - The category community are now being encouraged to review and give feedback on this National Standard
Live - This National Standard has been through the established process and is now live, being reviewed at least annually
Retired - This National Standard has been retired and is present for historical reference only

Classification

Help

National Standards can be classified based on whether they are conceptual, rule based or value based:

Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.

Grade: PMR

Help

National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.

4Pol Criteria:

Support minimum legal requirements where they exist
Align with the National Policing Digital Strategy to ensure strategic alignment and design
Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
Direct relevance and applicability to policing
Represent best practice
Able to be measured and achieved within the unique landscape of policing

Grade: LMR

Help

National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.

Internally Amended / Developed

Police Approved Secure Facilities (PASF) security review checklist (v1.8)

Please note this is an OFFICIAL-SENSITIVE document, to request access please use the 'Contact Us' tab to raise a general query

This checklist covers the range of security measures to be assessed when reviewing how appropriate a premises is for handling police data. This can be used for both police premises but also suppliers premises, where they are handling or hosting data.

Published 01/06/2020

Authoring body: National Police Information Risk Management Team (NPIRMT)

Reference Data / Templates

Cloud Security Principles

Published by the National cyber security centre, this guidance document provides details and context on the following 14 cloud security principles.

1. Data in transit

2. Asset protection and resilience

3. Separation between users

4. Governance framework

5. Operational security

6. Personnel security

7. Secure development

8. Supply chain security

9. Secure user management

10. Identity and authentication

11. External interface protection

12. Secure service administration

13. Audit information for users

14. Secure use of the service

Published 17/11/2018

Authoring body: National Cyber Security Centre (NCSC)

Principles

Cyber Security: Vulnerability management

Step 5 from the 10 steps to Cyber Security covers how to keep your systems protected throughout their lifecycle.

The majority of cyber security incidents are the result of attackers exploiting publicly disclosed vulnerabilities to gain access to systems and networks. Attackers will, often indiscriminately, seek to exploit vulnerabilities as soon as they have been disclosed. So it is important (and essential for any systems that are exploitable from the internet) to install security updates as soon as possible to protect your organisation. Some vulnerabilities may be harder to fix, and a good vulnerability management process will help you understand which ones are most serious and need addressing first.

Published 11/05/2021

Authoring body: National Cyber Security Centre (NCSC)

Guidance

Cyber Security: Supply chain security

Step 10 from the 10 steps to Cyber Security covers how and why it is sensible to collaborate with your suppliers and partners

Most organisations rely upon suppliers to deliver products, systems, and services. An attack on your suppliers can be just as damaging to you as one that directly targets your own organisation. Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it. The first step is to understand your supply chain, including commodity suppliers such cloud service providers and those suppliers you hold a bespoke contract with. Exercising influence where you can, and encouraging continuous improvement, will help improve security across your supply chain.

Published 11/05/2021

Authoring body: National Cyber Security Centre (NCSC)

Guidance

Police Assured Landing Zone (PALZ) Amazon Web Services (AWS) Blueprint

The AWS Police Assured Landing Zone (PALZ), is a set of configuration, code, security model and design decision rationale artefacts created specifically for policing workloads. The goal is to enable policing organisations to get started using cloud services more quickly, with confidence that they are implementing an assured set of baseline controls, reviewed by National Police Technology Council (NPTC), Police Digital Service (PDS) and National Police Information Risk Management Team (NPIRMT). These control documents are available in the PALZ documentation set. This will allow them to focus their efforts on activities and assurances unique to their workloads.

PALZ provides a landing zone with a multi-account structure aligned with AWS best practice including standardised AWS account and organisational unit (OU) structure, best-practice centralised networking and additional preventative and detective guardrails. It also provides a series of AWS Service Catalogue portfolios and products, which provide a self-service capability that greatly simplifies tasks such as the provisioning of new AWS accounts and the creation of private networks within an AWS account. Finally, PALZ integrates with a number of AWS security services to provide dashboards and alerts which support ongoing compliance monitoring, plus alignment to NEP designs for IAM and NMC.

PALZ has been through the NPTC “Security by Design” process. This process identifies key design decisions which are related to form a series of risks identified with common policing data. NPTC have used an independent third-party assessor to review the design decisions and generate the assurance documentation. This has been reviewed by the Police assuror, National Police Information Risk Management Team (NPIRMT), to approve the security controls and the solution design.

Note: This blueprint is marked OFFICIAL-SENSITIVE, for enquiries on access please contact the National Standards team who can put you in touch with the relevant team

Published 01/06/2021

Authoring body: Amazon / Police Digital Service (PDS)

Reference Data / Templates

Police Digital Service National Standards

Search - National Standard Microsite

Status

Categories

Police Approved Secure Facilities (PASF) security review checklist (v1.8)

Cloud Security Principles

Cyber Security: Vulnerability management

Cyber Security: Supply chain security

Police Assured Landing Zone (PALZ) Amazon Web Services (AWS) Blueprint

Knowledge Hub

Quick links

Partners

Contact us