| Security
Guidelines for UK Government |
| 2003 |
Information Security Policy Documentation
This document is compliant with the British Standard
BS7799 (ISO 17799) for Information security management.
It is primarily intended for small Government systems,
Local Authorities and other non-government organisations
that need to connect to Government systems.
|
>
MS Word (724KB)
>
PDF (260KB)
|
|
HMG's Minimum Requirements for the Verification
of the Identity of Individuals
Guidance documents on HMG's requirements for the verification
of identity. These documents, which are detailed technical
documents supporting the Registration & Authentication
Framework, describe the minimum evidence that needs
to be presented by an organisation or an individual
in order to be issued with a digital certificate or
a password.
|
PDF
(133KB)
MS
Word (359KB)
|
|
HMG's Minimum Requirements for the Verification
of the Identity of Organisations
Guidance documents on HMG's requirements for the verification
of identity. These documents, which are detailed technical
documents supporting the Registration & Authentication
Framework, describe the minimum evidence that needs
to be presented by an organisation or an individual
in order to be issued with a digital certificate or
a password.
|
PDF
(136KB)
MS
Word (358KB)
|
|
Disposition of comments received following public
consultation (July 2002)
|
PDF(41KB)
MS
Word (96KB)
|
| 2002 |
Use of Biometrics for Identification
and Authentication - Advice on Product Selection - Issue
2.0
UK Biometrics Group
|
PDF
(120KB)
MS
Word
(193KB)
|
|
2002 |
Security Framework v 4.0
Details the security requirements for e-Government.
The scope of this document includes functional security
requirements appropriate for the delivery of services
by, and on behalf of, government. These security requirements
are also applicable to the delivery of government services
by third party organisations.
This high-level security framework is supported by
more detailed requirements statements for the following
specific topic areas:
(These are the current versions of the Security Framework
documents. Previous versions that are not published
within the archive are consultation and revision documents,
except for v 3.0 of the Security Document that is incorporated
into the Manual of Protective Security (MPS).
|
Now
available
Archive version is still available
|
|
|
|
| 2002 |
Disposition of Comments
This document contains comments received on the full
set of e-Government Security Frameworks from the public
consultation (December 2001 to 31 January 2002). General
themes are identified and responded to in sections together
with a number of general policy and technical themes,
jointly with specific detailed issues.
|
PDF
(880 KB)
MS
Word (937 KB)
|
| 2002 |
Registration & Authentication Framework
v 3.0
Framework for registration and authentication of citizens
and organisations in e-government transactions. It applies
in circumstances where government needs to have trust
in the identity and authority of those it is dealing
with to ensure that there is no breach of privacy or
confidentiality, theft/misuse of data, or other harm.
|
Now
available
|
|
|
|
| 2002 |
Confidentiality Framework v 3.0
A framework for all electronic transactions carried
out by or on behalf of government where there is a need
for confidentiality. It is intended to ensure that all
government bodies, and organisations providing service
on their behalf, ensure confidentiality in a consistent
manner when providing services electronically.
|
Now
available
|
|
|
|
| 2002 |
Trust Services Framework v 3.0
A set of guidelines so that all e-government users
can have confidence in the services they use. The trust
services enable the parties to determine who originated
the transaction, whether the transaction received matches
the transaction sent, and whether the recipient accepted
the transaction.
|
Now
available
|
|
|
|
| 2002 |
Business Services Framework v 2.0
A framework addressing those security requirements
related to the provision of business services to support
access to e-government services. In particular, it outlines
measures to ensure that e-government business service
applications and the systems that host them are designed,
configured and operated in a secure manner.
|
Now
available
|
|
|
|
| 2002 |
Network Defence Framework v 2.0
A framework dealing with the threats associated
with connecting business domains or IT resources electronically
and how they may be countered. This refers primarily
with ensuring that the e-government service provision
domain is adequately protected against outside malicious
electronic attack and non-malicious failures.
|
Now
available
|
|
|
|
| 2002 |
Assurance Framework v 2.0
A framework providing a methodology for assessing
whether the threats and vulnerabilities to e-government
security systems have been met by appropriately assured
countermeasures for each security objective.
|
Now
available
|
|
|
|
| 2002 |
Security Architecture Framework v
2.0
The security architecture builds on the security policy
and supports the development of security for the UKonline
services, the government gateway and related portals.
It provides illustrations and guidance on how the security
framework and related documents would be applied for
particular on-line business scenarios with currently
available technologies and processes.
|
Now
available
|
|
|
|
|
|
|
| 2002 |
Smart Card Framework v1.0 Framework
|
Now
available |
|
|
|
| 2002 |
Digital
Signatures Framework documents to be published
for consultation shortly. Citizen
to Government (C2G) Business
to Government (B2G) |
|
