Search - National Standard Microsite
National Police Information Security Risk Management Framework
This framework is to ensure that all security risks are identified, assessed, and managed in accordance with best practice in order to facilitate improved governance. It is mandatory for all information systems that hold Police information or which deliver an operational service to policing to undergo a risk assessment, as stipulated in the National Policing Community Security Policy. The Security Risk Management Framework mutually supports the Police Cyber Assurance Framework (PCAF). The framework supports the requirements of the National Community Security Policy (NCSP.)
National Police Information Security Risk Management Guidance
The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF). This guidance supports the risk management framework by detailing the actions required to firstly assess a risk, and then to manage it via the national risk register. This guide must be read in conjunction with the National Security Risk Management Framework.
National Police Information Security Risk Management Risk Balance Case Template
The National Policing Information Security Risk Management Framework provides the foundations of risk management across policing in line with the Police Cyber Assurance Framework (PCAF).
This template must be completed in conjunction with the National Security Risk Management Framework and Guidance.
The Risk Decision Document should be a single document that outlines any national risk, and the recommended measures for mitigating it. The template is organised into sections, each containing specific guidance points on content to be included.
Bluetooth Guidance V1.0
This guidance provides policing and law enforcement organisations with relevant information regarding risks associated with deploying Bluetooth technology within the workplace, and to enhance the risk-based decisions required in the use of such technology. This guidance adheres to the National Policing Community Security Policy Framework and is a suitable reference for community members, notably those who build and implement IT systems on behalf of national policing.
Password Standard v1 approved by NCPSB JAN 23
This standard supports the National Community System Policy System Access requirements with respect to defining requirements for the use and selection of a password / passphrase-based method of authentication. It should be read in conjunction with the System Access standard. Passwords represent only one method of authentication (something that you know) and should be combined with other methods such as something you have (token) or something you are (biometric). It is not always possible especially with legacy applications or services to utilise multi-factor authentication, and this is where this standard can help to ensure that risks are effectively managed. A strong passphrase / password will help to ensure lawful business access to applications, mobile devices, systems and networks when combined with an agreed access control policy and supported by an Identity and Access Management (IAM) system. Undertaking a business impact assessment (BIA) is important to determine specific information security requirements to support proportionate risk management. This Standard is aligned with the NCSC’s password guidance.