HMG Infosec Standard No.1

HMG Information Assurance Standard No.1, usually abbreviated to IS1, is a security standard applied to government computer systems in the UK.

The standard is used to assess - and suggest responses to - technical risks to confidentiality, integrity and availability.[1] In confidentiality terms, IS1 does not apply to information which is not protectively marked, but it may still be used for integrity and availability.[2]

IS1 part of the Security Policy Framework; Mandatory Requirement 32 requires UK government bodies to perform technical risk assessments using IS1; both annually, and when there is a significant change to risk (for instance when a new system is deployed).[3]

The results of IS1 assessment, and the responses to risks, should be recorded using IS2, which concerns risk management and the accreditation of government computer systems.[1]

CESG provides IS1 risk assessment tools.[4]

See also

References

  1. ^ a b "IS1 Part 1". Platinum Squared. http://www.platinumsquared.co.uk/IAStandardsPages/IS1part1.aspx. Retrieved 14 August 2011. 
  2. ^ "e-Government Strategy Framework Policy and Guidelines". 2009-08-24. http://www.cabinetoffice.gov.uk/media/252544/assurance_v2.pdf. Retrieved 2010-10-24. 
  3. ^ "HMG Security Policy Framework". Cabinet Office. May 2011. http://www.cabinetoffice.gov.uk/media/207318/hmg_security_policy.pdf. Retrieved 14 August 2011. 
  4. ^ "IS1 Risk Assessment Tools". CESG. July 2010. http://www.cesg.gov.uk/policy_technologies/policy/risk-tool.shtml. Retrieved 14 August 2011.