Probation Circular

GSI IT SECURITY – TECHNICAL STANDARDS
PURPOSE
In support of GSI accreditation requirements and to underpin NPS/NOMS Policy a number of technical standards are available.

REFERENCE NO: 44/2005 ISSUE DATE: 17 June 2005 IMPLEMENTATION DATE: Immediate EXPIRY DATE: June 2009 TO: Chairs of Probation Boards Chief Officers of Probation Secretaries of Probation Boards IT/Systems Managers CC: Board Treasurers Regional Managers AUTHORISED BY: Bob Nicholls, NOMS Offender Information Services ATTACHED: N/A

ACTION
Areas should confirm that any locally managed systems, shared premises, applications and infrastructure comply with the applicable standards.

SUMMARY
A number of technical standards have been produced and are currently in the process of being applied to centrally managed aspects of the NPS environment. This process has enabled the requirements to be refined and a final set for issue is now available. Not all standards will be sent automatically as some are unlikely to be required at area level (e.g. PIX Firewall configuration standards). The list on the next page represents the complete list. Areas who require any of the standards (aside form those attached) should contact NOMS OIS as below.

RELEVANT PREVIOUS PROBATION CIRCULARS
N/A

CONTACT FOR ENQUIRIES
Piers Wilson, NOMS OIS (NPD IMTU) Tel: 0207 2170671 / 07971 566579 Email: piers.wilson@insight.co.uk

National Probation Directorate
Horseferry House, Dean Ryle Street, London, SW1P 2AW

The standards are listed below. Due to the number of attachments to this PC it has been decided to include these on a CD-Rom which will be sent to Chief Officers of Probation Service Areas under separate cover. Please note that this CD will only include the technical standards in the third list: Draft (not yet available): • NPS Internet Proxy and Browser Configuration Standard 0.3 • NPS Oracle (CRAMS) Baseline Standard 0.1 Issued (available on request): • PIX Firewall Standard 1.11 (RESTRICTED) Issued (and supplied on CD for your attention): • NPS Network Code of Connection 1.01 (see below) • NPS Logging and Monitoring Standard 1.0 (RESTRICTED) • NPS Network Device Security Configuration Standard 1.2 (RESTRICTED) • NPS Patch and Vulnerability Management Standard 1.0 (RESTRICTED) • UNIX (CRAMS AIX) Security Configuration Standard 1.21 NPD would highlight that the most applicable of these documents is the “Network Code of Connection”. This governs the connection of the NPS network to external networks, the requirements for the use of shared building infrastructure with other agencies and the requirements for the connection of locally or third-party managed systems to the STEPS network. It explains the requirements for notifying and consulting with NOMS OIS (formerly NPD IMTU) and the requirements for security controls and IT Security healthchecks. Technical standards have been classified RESTRICTED in those cases where they could be of clear benefit to an external attacker who is attempting to circumvent security controls.

PC44/2005 – GSI IT Security - Technical Standards

2