Probation

Circular

GSI IT SECURITY – TECHNICAL REFERENCE NO:

STANDARDS 44/2005

PURPOSE ISSUE DATE:

In support of GSI accreditation requirements and to underpin NPS/NOMS 17 June 2005
Policy a number of technical standards are available.
IMPLEMENTATION DATE:
ACTION Immediate
Areas should confirm that any locally managed systems, shared premises,
applications and infrastructure comply with the applicable standards. EXPIRY DATE:
June 2009
SUMMARY
A number of technical standards have been produced and are currently in TO:
the process of being applied to centrally managed aspects of the NPS
Chairs of Probation Boards
environment. This process has enabled the requirements to be refined and a
Chief Officers of Probation
final set for issue is now available.
Secretaries of Probation Boards
Not all standards will be sent automatically as some are unlikely to be IT/Systems Managers
required at area level (e.g. PIX Firewall configuration standards).
CC:
The list on the next page represents the complete list. Areas who require any Board Treasurers
of the standards (aside form those attached) should contact NOMS OIS as Regional Managers
below.
AUTHORISED BY:
RELEVANT PREVIOUS PROBATION CIRCULARS Bob Nicholls, NOMS Offender
N/A Information Services

CONTACT FOR ENQUIRIES ATTACHED:

Piers Wilson, NOMS OIS (NPD IMTU) N/A
Tel: 0207 2170671 / 07971 566579
Email: piers.wilson@insight.co.uk

National Probation Directorate

Horseferry House, Dean Ryle Street, London, SW1P 2AW
The standards are listed below. Due to the number of attachments to this PC it has been decided to include these on a
CD-Rom which will be sent to Chief Officers of Probation Service Areas under separate cover. Please note that this CD
will only include the technical standards in the third list:

Draft (not yet available):

• NPS Internet Proxy and Browser Configuration Standard 0.3
• NPS Oracle (CRAMS) Baseline Standard 0.1

Issued (available on request):

• PIX Firewall Standard 1.11 (RESTRICTED)

Issued (and supplied on CD for your attention):

• NPS Network Code of Connection 1.01 (see below)
• NPS Logging and Monitoring Standard 1.0 (RESTRICTED)
• NPS Network Device Security Configuration Standard 1.2 (RESTRICTED)
• NPS Patch and Vulnerability Management Standard 1.0 (RESTRICTED)
• UNIX (CRAMS AIX) Security Configuration Standard 1.21

NPD would highlight that the most applicable of these documents is the “Network Code of Connection”. This
governs the connection of the NPS network to external networks, the requirements for the use of shared building
infrastructure with other agencies and the requirements for the connection of locally or third-party managed
systems to the STEPS network.

It explains the requirements for notifying and consulting with NOMS OIS (formerly NPD IMTU) and the
requirements for security controls and IT Security healthchecks.

Technical standards have been classified RESTRICTED in those cases where they could be of clear benefit to an
external attacker who is attempting to circumvent security controls.

PC44/2005 – GSI IT Security - Technical Standards 2