to add a new content
Resource
IDENT1

This document should be used in reference to the appropriate legislation, such as the Protection of Freedoms Act 2012: DNA & Fingerprint Provisions

IDENT1 is the UK’s nationals automated fingerprint system that provides biometric series for the police force and law enforcement agencies covering England, Scotland and Wales.

IDENT1 was introduced in 2004 and replaced the National Automated Fingerprint Identification System (NAFIS) of England and Wales, as well as the electronic fingerprint identification system used by the Scottish police forces. It was developed by Northrop Grumman with the use of advanced biometric identification technology.

IDENT1 enables the forces to search and compare fingerprints and crime scene marks in a single database, providing a unified collection of finger and palm prints.

The datasets that consist in within IDENT1 are the following:

  • Colour Type

  • Fingerprint Bureau Code Type

  • Fingerprint Owners sex Type

  • Fingerprint Status Type

  • Force Code Type

  • Force Station Coe Type

  • IDENT Offence Code Type

  • Jurisdiction Type

By using efficient algorithms and technology, IDENT1 is able to deliver a high degree of search accuracy and performance for the fingerprint officers (FPOs) and police officers by taking advantage of Biometric fusion technology.

Published 01/01/2019
Authoring body: Home Office
Reference Data / Templates
Resource
Resource Description Frameworks (RDF) for web development

The standards referred to by W3C are community generated standards, last reviewed by the National Standards Assurance Board in May 2021.

The World Wide Web Consortium (W3C) is an international community where Member organisations and the public work together to develop Web standards. It’s aim is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web. 

The social value of the Web is that it enables human communication, commerce, and opportunities to share knowledge. One of W3C's primary goals is to make these benefits available to all people, whatever their hardware, software, network infrastructure, native language, culture, geographical location, or physical or mental ability. Some people view the Web as a giant repository of linked data while others as a giant set of services that exchange messages.

W3C's vision for the Web involves participation, sharing knowledge, and thereby building trust on a global scale.

The Web has transformed the way we communicate with each other. In doing so, it has also modified the nature of our social relationships. People now "meet on the Web" and carry out commercial and personal relationships, in some cases without ever meeting in person. W3C recognises that trust is a social phenomenon, but technology design can foster trust and confidence. As more activity moves on-line, it will become even more important to support complex interactions among parties around the globe.

Published 01/01/2020
Authoring body: W3C
Guidance
Resource
CPA Security Characteristic Software Full Disk Encryption (Version 1.24)

This document has been reviewed by the National Standards Assurance Board in May 2021 and is still deemed relevant with sound principles, despite being dated in some areas. Users should also be aware of the NEP Windows Blueprints.

 

This document describes the features, testing and deployment requirements necessary to meet CPA certification for Software Full Disk Encryption security products. It is intended for vendors, system architects, developers, evaluation and technical staff operating within the security arena.

The purpose of a software disk encryption product is to protect the confidentiality of data. This document aims to describe the requirements for Software Full Disk Encryption products and obtaining Commercial Product Assurance (CPA) certification under the CPA scheme.

A typical use case is the protection of a mobile device such as a laptop in case of accidental loss or theft.

The Security Characteristic is primarily targeted towards a single user for each protected devices only applicable to software disk encryption products that operate on PCs with Extensible Firmware Interface (UEFI) or  Basic Input/Output System (BIOS). Multiple users can also be evaluated.

Intended readers are for developers, system, architects, vendors and technical staff. The disk encryption software will prevent an attacker from accessing the data.

Published 01/01/2016
Authoring body: CESG National Technical Authority for Information Assurance
Standards
Resource
ISO/IEC 27034-2:2015 IT Security techniques - Application Security - Part 2: Organisation Normative Framework

This document provides a framework for application security.

ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) form the specialised system for worldwide standardisation. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organisation to deal with particular fields of technical activity. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

There is an ever increasing need for businesses to focus on protecting their information and  technological infrastructures and Organisations must do this in order to stay in business. ISO/IEC 27034 provides concepts, principles, frameworks, components and processes to assist organisations in integrating security seamlessly throughout the life cycle of their applications. When an organisation uses a systematic approach for improving application security, it provides the organisation evidence and confidence that information being used and held in its application is being adequately protected. This part of ISO/IEC 27034 defines the processes required to manage the security of applications in the organisation.

The Organisation Normative Framework (ONF) is a key component for application security and provides a framework for best practises. It is the foundation of application security in the organisation. All organisations should base their decision regarding application security on this framework.

Therefore the purpose of this part of ISO/IEC 27034 is to assist organisations to create, maintain and validate their own ONF in compliance with the requirements of this International Standard.

Intended audience are managers, domain experts, auditors, ONF committee.

 

Published 01/01/2015
Authoring body: International Organisation for Standardisation (ISO)
Standards
Resource
Bluetooth General Guidance (v1.1)

Guidance on the risk-based approach to using Bluetooth enabled technology within the policing environment, including examples. This guide does not cover all use cases and for advice on exemptions for specific use cases, the NPIRMT team should be approached to provide a bespoke risk assessment.

 

 

Published 02/02/2017
Authoring body: National Policing Information Risk Management Team (NPIRMT)
Guidance