Search - National Standard Microsite

to add a new content

Filter/Order

Status

Help

Status describes what stage of the lifecycle a standard is at:

Draft - This National Standard workstream is resourced, has clear outputs and is actively in development
Review - The National Standards Assurance Board are currently reviewing this National Standard
Consensus - The category community are now being encouraged to review and give feedback on this National Standard
Live - This National Standard has been through the established process and is now live, being reviewed at least annually
Retired - This National Standard has been retired and is present for historical reference only

Classification

Help

National Standards can be classified based on whether they are conceptual, rule based or value based:

Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.

Grade: PMR

Help

National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.

4Pol Criteria:

Support minimum legal requirements where they exist
Align with the National Policing Digital Strategy to ensure strategic alignment and design
Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
Direct relevance and applicability to policing
Represent best practice
Able to be measured and achieved within the unique landscape of policing

Grade: LMR

Help

National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.

Internally Amended / Developed

DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) verifies an email’s domain and ensures it has not been tampered with in transit. The receiving email service can then filter or reject email that fails the DKIM check. In order for DKIM to verify an emails domain it uses public key encryption to check email by creating a hash using the content of each outbound email. The sending service then encrypts the hash with its private key and adds it to the email header. This is the DKIM signature.

The receiving email service looks up the public key in the sender’s DKIM DNS (DOMAIN NAME SYSTEM) record then uses the public key to decrypt the DKIM signature on the email. It also generates a hash of the email in the same way the sending email service did. If the hash matches the decrypted DKIM signature then the email passes the DKIM check. This means the email came from where it says it came from and has not changed in transit.

Published 01/01/2016

Authoring body: Government Digital Service (GDS)

Guidance

Criminal Justice System: Data Standards Forum Guidance

An agreed and designed common data standards are used by the Criminal Justice System, ICT suppliers to support ICT communications between systems used by Criminal Justice Organisations (CJO) to support CJS operations. They are also used with open data standards as defined in the government’s Open Standards Principles. These common standards are also used to support data analytics, bidding for CJS contracts etc.

The selection of the CJS data standards is made by the CJS Data Standards Forum. This is a technical forum which has representatives from the principal CJOs.

There is a Data Standard Catalogue used to support the exchange of criminal justice information between different CJOs.

There are three different types of data standard reflected in the catalogued:

formatting standards
organisational structure standards
reference data standard

The Data Standard catalogue is constantly reviewed by the Data Standards Forum to ensure a set of standards is produced that is as small as possible while still being fit for purpose.

Published 17/12/2020

Authoring body: Ministry of Justice (MOJ)

Guidance

End User Device (EUD) Security Principles (Version 1.0)

The End User Device (EUD) Security Principles sets out 12 core guidance principles that underpin the safety and security of using devices that serve the purpose of working remotely. The twelve principles are as follows:

1. Data-in-transit Protection: Data should be protected as it transits from the EUD to any services the EUD uses.

2. Data-at-rest Protection: Data stored on the device should be satisfactorily encrypted when the device is in its “rest” state.

3. Authentication:

- User to device: the user is only granted access to the device after successfully authenticating to the device.

- User to service: The user is only able to access enterprise services after successfully authenticating to the service, via their device.

- Device to service: Only devices which can authenticate to the enterprise are granted access.

4. Secure Boot: An unauthorised entity should not be able to modify the boot process of a device, and any attempt to do so should be detected.

5. Platform Integrity and Application Sandboxing: The device can continue to operate securely despite potential compromise of an application or component within the platform,

6. Application allow Listing: The enterprise can define which applications are able to execute on the device, and these policies are robustly enforced on the device.

7. Malicious code detection and prevention: The device can detect, isolate and defeat malicious code which is present on the device.

8. Security policy enforcement: Security policies set by your organisation are robustly implemented across the platform.

9. External interface protection: The device is able to constrain the set of ports (physical and logical) and services exposed to untrusted networks and devices.

10. Device Update Policy: You are able to issue security updates and can remotely validate the patch level of your entire device estate.

11. Event Collection for Enterprise Analysis: The device reports security-critical events to your audit and monitoring service.

12. Incident Response: Your organisation has a plan in place to respond to and understand the impact of security incidents.

All of these principles must be considered when securing and deploying devices.

Published 01/01/2019

Authoring body: National Cyber Security Centre (NCSC)

Principles

End User Device (EUD) Security Guidance

Data-in-transit Protection
Data-at-rest Protection
Authentication
Secure Boot
Platform Integrity and Application Sandboxing
Application allow Listing
Malicious Code Detection and Prevention
Security policy Enforcement
External Interface Protection
Device Update Policy
Event Collection for Enterprise Analysis
Incident Response

All of these principles must be considered when securing and deploying devices.

Published 01/01/2019

Authoring body: National Cyber security Centre (NCSC)

Principles

Auditing Principles - Directive 2006/43/EC of the European Parliament and of the Council

Statutory auditors should adhere to the highest ethical standards and should be subject to professional ethics. This Directive aims at high-level to bring about harmonisation of statutory audit requirements as a result of lack of a harmonised approach to statutory auditing in the Community. This was the reason why the Commission proposed, in its 1998 Communication on the statutory audit in the European Union that a creation of a Committee on Auditing which could develop further action in close cooperation with the accounting profession and Member States be established.

The output/recommendation from the committee setup was a Recommendation was a set of Fundamental auditing Principles. The statutory audit requires adequate knowledge of matters such as company law, fiscal law and social law for Audit qualifications obtained by statutory auditors. In order to protect third parties, all approved auditors and audit firms should be entered in a register which is accessible to the public and which contains basic information concerning statutory auditors and audit firms.  

It is important to note that good audit quality contributes to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements.  

Published 01/01/2006

Authoring body: European Parliament

Principles

Showing 86 to 90 of 204 entries.

Previous Page
Page1
Intermediate Pages
- Page2
- Page3
- Page4
- Page5
- Page6
- Page7
- Page8
- Page9
- Page10
- Page11
- Page12
- Page13
- Page14
- Page15
- Page16
Page17
Page18
Page19
Intermediate Pages
- Page20
- Page21
- Page22
- Page23
- Page24
- Page25
- Page26
- Page27
- Page28
- Page29
- Page30
- Page31
- Page32
- Page33
- Page34
- Page35
- Page36
- Page37
- Page38
- Page39
Page41
Next Page

Police Digital Service National Standards

Search - National Standard Microsite

DomainKeys Identified Mail (DKIM)

Criminal Justice System: Data Standards Forum Guidance

End User Device (EUD) Security Principles (Version 1.0)

End User Device (EUD) Security Guidance

Auditing Principles - Directive 2006/43/EC of the European Parliament and of the Council

Knowledge Hub

Quick links

Partners

Contact us