Macro Security for Microsoft Office

This guidance describes how administrators can help protect their systems from malicious Microsoft Office macros. It outlines why macros are a threat, and the approaches you can take to protect your devices. We recommend you also read the Australian Cyber Security Centre’s technical document on macro security. What are macros, and why are they a …

Macro Security for Microsoft Office Read More »

MIKEY-SAKKE frequently asked questions

What is MIKEY-SAKKE? MIKEY-SAKKE is a protocol designed for government and relevant enterprises to enable secure, cross-platform multimedia communications. What are the advantages of MIKEY-SAKKE? MIKEY-SAKKE is highly scalable, requiring no prior setup between users or distribution of user certificates. It is highly flexible, supporting both real-time communications (such as voice), conference calls, and deferred …

MIKEY-SAKKE frequently asked questions Read More »

Internet Gateways (Architectural Pattern 17)

This Pattern deals with generic usage scenarios, such as browsing the Internet, sending emails and accessing other generic uses. For specific use cases, especially where there is a perceived level of increased risk, it is recommended that you seek advice from CESG. Read more here:: NCSC Guidance

Information Risk Management: HMG IA Standard Numbers 1 & 2

When setting an organisation’s Information Security Strategy, supporting IA structures, policies and processes need to be established. This Standard, its Supplement and the supporting documents published in the CESG IA Policy Portfolio will help Departments and Agencies to achieve this. Read more here:: NCSC Guidance

Infographic: Managing your information risk

Using technology to deliver business benefit attracts risk. Applying the guidance described below will help organisations to understand how to approach the assessment and management of risks. Read more here:: NCSC Guidance

Improving Information Assurance at the Enterprise Level (GPG 28)

This gidance complements the HMG/CESG IA Maturity Model (CIAMM®)and its associated Assessment Framework. In particular, it provides advice to SIROs to meet a fundamental requirement at Level 2 of the CIAMM®; “to have personally made and gained approval for a business case to the Main Board for a targeted programme of work to improve the …

Improving Information Assurance at the Enterprise Level (GPG 28) Read More »

Identity Proofing and Verification of an Individual (GPG 45)

This document is designed to demonstrate how a combination of the breadth of evidence provided, the strength of the evidence itself, the validation and verification processes conducted and a history of activity can provide various levels of assurance around the legitimacy of an identity. Read more here:: NCSC Guidance

ICT Service Management: Security Considerations (GPG 20)

This good practice guide (GPG) is aimed at IA practitioners who are involved in managing the risks to ICT Service Management Systems. This may include Accreditors, information risk managers, Information Technology (IT) Security Officers, information security consultants and system architects or designers. Read more here:: NCSC Guidance

Forensic Readiness (GPG 18)

Forensic Readiness is the achievement of an appropriate level of capability by an organisation in order for it to be able to collect, preserve, protect and analyse Digital Evidence so that this evidence can be effectively used in any legal matters, in security investigations, in disciplinary matters, in an employment tribunal or in a court …

Forensic Readiness (GPG 18) Read More »

End User Devices: Security Principles

The EUD Security Framework describes twelve principles for securing devices, all of which must be considered when deploying a particular solution. Principle Description Data-in-transit protection Data should be protected as it transits from the EUD to any services the EUD uses. IPsec VPNs provide the most standards-compliant way of doing this, but TLS VPNs or …

End User Devices: Security Principles Read More »

End User Devices: Common Questions

You should read and understand all the points raised by this section before proceeding with a new deployment of EUDs within your organisation’s network. Wi-Fi In general, devices which support Wi-Fi can be used securely on any Wi-Fi network which allows VPN traffic to transit the network. However, there are risks associated with using Wi-Fi …

End User Devices: Common Questions Read More »

End User Devices Security Guidance: Windows 7 and Windows 8

This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features. This guidance was developed following testing performed on a logo compliant device running Windows 7 SP1 and Windows 8.0 respectively. The guidance for Windows 7 …

End User Devices Security Guidance: Windows 7 and Windows 8 Read More »

End User Devices Security Guidance: Samsung Devices with Android 4.2

This guidance is applicable to Samsung devices running Android 4.2.2 and supporting the Samsung SAFE API. This guidance was developed following testing performed on Samsung Galaxy S4 devices running Android 4.2. 1. Usage Scenario Samsung Android devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working …

End User Devices Security Guidance: Samsung Devices with Android 4.2 Read More »

End User Devices Security Guidance: Introduction

Modern smartphones, laptops and tablets provide users with great flexibility and functionality, and include security technologies to help protect information. This security guidance is general to all End User Device (EUD) deployments and aims to help organisations harness these security technologies in a way that does not significantly reduce their functionality. Who is this guidance …

End User Devices Security Guidance: Introduction Read More »

End User Devices Security Guidance: Google Chrome OS 26

This guidance was developed following testing performed on Samsung Chromebooks running Chrome OS version 26.0. All device management services are provided by Google Infrastructure. This guidance was prepared with the provided versions as of June 2013. 1. Usage Scenario Chrome OS devices will be used remotely over any network bearer, including Ethernet, Wi-Fi and 3G, …

End User Devices Security Guidance: Google Chrome OS 26 Read More »

End User Devices Security Guidance: Apple iOS 6 Application Development

This document provides guidance on application security for iOS devices. It provides recommendations on development good practices to help applications appropriately store and process OFFICIAL information. Future guidance is planned to cover applications for other platforms. This document should be read by: Anyone developing applications which will handle protectively marked data Administrators considering deploying applications …

End User Devices Security Guidance: Apple iOS 6 Application Development Read More »