Security Policy Framework

The Security Policy Framework (or "SPF") is a set of high-level policies on security, mainly affecting the UK government and its suppliers.^[1]^[2]

The structure has changed over time. As of June 2013^[update], version 10 of the SPF had 20 "Mandatory Requirements". Previously it had 70 more detailed Mandatory Requirements, which were grouped into 7 areas:^[3]

1: Governance, Risk Management & Compliance

2: Protective Marking & Asset Control

3: Personnel Security

4: Information Security & Assurance

5: Physical Security

6: Counter-Terrorism

7: Business Continuity

These mandatory requirements are a baseline which apply to all UK government departments; higher requirements may apply in some cases.^[4] Public-sector bodies are responsible for managing their own technical security risks, but can draw on expertise and guidelines provided by CESG and the Cabinet Office. The Centre for Protection of National Infrastructure also helps protect critical infrastructure.^[5] The Ministry of Defence has its own separate policies and systems.

The SPF superseded the Manual of Protective Security. Part of the SPF is produced by CESG, and part by the Cabinet Office's Security Policy Division.^[6]

External links

References

^ "Government publishes new Security Policy Framework". Agenda Security. Retrieved 14 August 2011.
^ "Information Assurance Requirements for Transformational Government" (PDF). CESG. January 2010. Retrieved 14 August 2011.
^ "STREAM for the Security Policy Framework" (PDF). Acuity Risk Management. 14 August 2011. {{cite web}}: Cite has empty unknown parameter: |1= (help)
^ "Only one in five adults trust government to keep their personal details safe". Security Park. 16 June 2009. {{cite web}}: Text "14 August 2011" ignored (help)
^ "Cyber Security Strategy of the United Kingdom" (PDF). p. 23. Retrieved 14 August 2011. {{cite web}}: Text "June 2009" ignored (help)
^ "The Department of 'No' - The Privacy, Identity & Consent Blog". 17 February 2011. Retrieved 14 August 2011.

[1] "Government publishes new Security Policy Framework". Agenda Security. Retrieved 14 August 2011.

[2] "Information Assurance Requirements for Transformational Government" (PDF). CESG. January 2010. Retrieved 14 August 2011.

[3] "STREAM for the Security Policy Framework" (PDF). Acuity Risk Management. 14 August 2011. {{cite web}}: Cite has empty unknown parameter: |1= (help)

[4] "Only one in five adults trust government to keep their personal details safe". Security Park. 16 June 2009. {{cite web}}: Text "14 August 2011" ignored (help)

[5] "Cyber Security Strategy of the United Kingdom" (PDF). p. 23. Retrieved 14 August 2011. {{cite web}}: Text "June 2009" ignored (help)

[6] "The Department of 'No' - The Privacy, Identity & Consent Blog". 17 February 2011. Retrieved 14 August 2011.

[1]

[2]

[3]

[4]

[5]

[6]