Search - National Standard Microsite
National Standards can be classified based on whether they are conceptual, rule based or value based:
- Principles - The defining characteristic of a principle document is that it is conceptual. It describes a target state or end goal without specifying how it will be achieved.
- Guidance/Policies/Standards - The defining characteristic of guidance, policies and standards are that they are rule based. The document specifies the rules to be applied to achieve a particular state.
- Technical Reference Templates - The defining characteristic of a template is that it is value based. It specifies exactly the values that must be used.
National Standards graded 4Pol are standards which meet the below criteria and should be considered first, before any other standard in that category, as they fit the National Policing Digital Strategy allowing forces and suppliers to converge on a single set of standards.
4Pol Criteria:
- Support minimum legal requirements where they exist
- Align with the National Policing Digital Strategy to ensure strategic alignment and design
- Align with the TechUK Justice & Emergency Services Interoperability Charter to deliver better data sharing, exchanging and exploitation
- Direct relevance and applicability to policing
- Represent best practice
- Able to be measured and achieved within the unique landscape of policing
National Standards graded MLR stem directly from legislative requirements, such as the General Data Protection Regulation (GDPR) standards. These are National Standards which represent the minimum requirements to ensure that data and technology in use is operated in a lawfully compliant manner. These should be considered the baseline in applicable categories.
National Standards are divided into broad categories based on their focus. To recognise there is no clear dividing line, some National Standards may possess two categories, but the selected category reflects the primary focus of the National Standard:
- Analytics - Digital systems capable of creating actionable information from structured or unstructured data
- Asset Management - The way in which IT assets are acquired, used and disposed of
- Incident, Crime and Records Management Systems
- Digital systems used to manage policing and corporate records
- Cloud - Remote, off-premises computer system resources which host a range of functions across a potentially wide range of distributed sites
- Data - Information held in a structured or unstructured digital format
- Devices - Physical devices capable of viewing, changing, creating, distributing or storing digital information
- Digital Media - Media stored in an electronic format from any source
- Enterprise Resource Planning - Enterprise resource planning (ERP) is the management of integrated business processes via a software solution
- Forensics - The use of investigative technology and methodology to gather intelligence and admissible evidence
- Intelligence Systems - Digital system used to view, change, create, distribute or store sensitive digital information
- Justice - Systems, technologies and methodologies used within the Criminal Justice System
- Mobility - Software specifically designed to run on a mobile device such as a phone, tablet or watch
- Office Productivity & Collaboration Systems - Software specifically designed to address specific business needs such as communication, collaboration, document creation and content management
- Operational Policing - Specialist operational policing functions
- Security - The technology and methodology used in the protection of digital assets and services
Tags are assigned to National Standards to help users find grouped / related documentation
IDENT1
This document should be used in reference to the appropriate legislation, such as the Protection of Freedoms Act 2012: DNA & Fingerprint Provisions
IDENT1 is the UK’s nationals automated fingerprint system that provides biometric series for the police force and law enforcement agencies covering England, Scotland and Wales.
IDENT1 was introduced in 2004 and replaced the National Automated Fingerprint Identification System (NAFIS) of England and Wales, as well as the electronic fingerprint identification system used by the Scottish police forces. It was developed by Northrop Grumman with the use of advanced biometric identification technology.
IDENT1 enables the forces to search and compare fingerprints and crime scene marks in a single database, providing a unified collection of finger and palm prints.
The datasets that consist in within IDENT1 are the following:
-
Colour Type
-
Fingerprint Bureau Code Type
-
Fingerprint Owners sex Type
-
Fingerprint Status Type
-
Force Code Type
-
Force Station Coe Type
-
IDENT Offence Code Type
-
Jurisdiction Type
By using efficient algorithms and technology, IDENT1 is able to deliver a high degree of search accuracy and performance for the fingerprint officers (FPOs) and police officers by taking advantage of Biometric fusion technology.
Resource Description Frameworks (RDF) for web development
The standards referred to by W3C are community generated standards, last reviewed by the National Standards Assurance Board in May 2021.
The World Wide Web Consortium (W3C) is an international community where Member organisations and the public work together to develop Web standards. It’s aim is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web.
The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability. Some people view the Web as a giant repository of linked data while others as a giant set of services that exchange messages.
W3C's vision for the Web involves participation, sharing knowledge, and thereby building trust on a global scale.
The Web has transformed the way we communicate with each other. In doing so, it has also modified the nature of our social relationships. People now "meet on the Web" and carry out commercial and personal relationships, in some cases without ever meeting in person. W3C recognises that trust is a social phenomenon, but technology design can foster trust and confidence. As more activity moves on-line, it will become even more important to support complex interactions among parties around the globe.
CPA Security Characteristic Software Full Disk Encryption (Version 1.24)
This document has been reviewed by the National Standards Assurance Board in May 2021 and is still deemed relevant with sound principles, despite being dated in some areas. Users should also be aware of the NEP Windows Blueprints.
This document describes the features, testing and deployment requirements necessary to meet CPA certification for Software Full Disk Encryption security products. It is intended for vendors, system architects, developers, evaluation and technical staff operating within the security arena.
The purpose of a software disk encryption product is to protect the confidentiality of data. This document aims to describe the requirements for Software Full Disk Encryption products and obtaining Commercial Product Assurance (CPA) certification under the CPA scheme.
A typical use case is the protection of a mobile device such as a laptop in case of accidental loss or theft.
The Security Characteristic is primarily targeted towards a single user for each protected devices only applicable to software disk encryption products that operate on PCs with Extensible Firmware Interface (UEFI) or Basic Input/Output System (BIOS). Multiple users can also be evaluated.
Intended readers are for developers, system, architects, vendors and technical staff. The disk encryption software will prevent an attacker from accessing the data.
ISO/IEC 27034-2:2015 IT Security techniques - Application Security - Part 2: Organisation Normative Framework
This document provides a framework for application security.
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
There is an ever increasing need for businesses to focus on protecting their information and technological infrastructures and Organisations must do this in order to stay in business. ISO/IEC 27034 provides concepts, principles, frameworks, components and processes to assist organisations in integrating security seamlessly throughout the life cycle of their applications. When an organisation uses a systematic approach for improving application security, it provides the organisation evidence and confidence that information being used and held in its application is being adequately protected. This part of ISO/IEC 27034 defines the processes required to manage the security of applications in the organisation.
The Organisation Normative Framework (ONF) is a key component for application security and provides a framework for best practises. It is the foundation of application security in the organisation. All organisations should base their decision regarding application security on this framework.
Therefore the purpose of this part of ISO/IEC 27034 is to assist organisations to create, maintain and validate their own ONF in compliance with the requirements of this International Standard.
Intended audience are managers, domain experts, auditors, ONF committee.
Bluetooth General Guidance (v1.1)
Guidance on the risk-based approach to using Bluetooth enabled technology within the policing environment, including examples. This guide does not cover all use cases and for advice on exemptions for specific use cases, the NPIRMT team should be approached to provide a bespoke risk assessment.
Showing 131 to 135 of 204 entries.