https://security-guidance.service.justice.gov.uk/MoJ Security Guidance2024-03-11T22:30:18.592733+00:00Ministry of Justiceitsecuritypolicy@digital.justice.gov.ukMinistry of Justiceitsecuritypolicy@digital.justice.gov.ukpython-feedgenhttps://security-guidance.service.justice.gov.uk/images/moj-logotype-crest.pngThis site documents the Ministry of Justice (MoJ) security policies and guidance.https://security-guidance.service.justice.gov.uk/202309111745Update ITHC details2024-03-11T22:30:18.596209+00:00Updates to information about IT Health Checks.2023-09-11T17:45:00+01:00https://security-guidance.service.justice.gov.uk/202308301745Clearance requirements2024-03-11T22:30:18.596177+00:00Added details about minimum user clearance requirements.2023-08-30T17:45:00+01:00https://security-guidance.service.justice.gov.uk/202308091735Build tooling updates2024-03-11T22:30:18.596147+00:00Updates to build tooling for security and performance improvements.2023-08-09T17:35:00+01:00https://security-guidance.service.justice.gov.uk/202307131700Accessing MoJ IT systems from overseas2024-03-11T22:30:18.596117+00:00Removed topic on accessing MoJ IT systems from overseas.2023-07-13T17:00:00+01:00https://security-guidance.service.justice.gov.uk/202307071645Taking equipment overseas2024-03-11T22:30:18.596087+00:00Removed general advice topic on taking equipment overseas.2023-07-07T16:45:00+01:00https://security-guidance.service.justice.gov.uk/202306221735Formatting and terminology updates2024-03-11T22:30:18.596056+00:00Minor improvements to formatting, and updates to terminology.2023-06-22T17:35:00+01:00https://security-guidance.service.justice.gov.uk/202306051813Updates to incident management policy2024-03-11T22:30:18.596024+00:00Refresh and add extra detail about managing security incidents.2023-06-05T18:13:00+01:00https://security-guidance.service.justice.gov.uk/202304291354Add 1Password guidance2024-03-11T22:30:18.595992+00:00Add information about using the 1Password tool.2023-04-29T13:54:00+01:00https://security-guidance.service.justice.gov.uk/202304191735Revise content2024-03-11T22:30:18.595959+00:00Updates to personnel and related information.2023-04-18T17:10:00+01:00https://security-guidance.service.justice.gov.uk/202303211735Restructure landing page, and added service owners responsibilities guidance2024-03-11T22:30:18.595926+00:00New material on service owner responsibilities.2023-03-21T17:35:00+00:00https://security-guidance.service.justice.gov.uk/202302161735Corrected policy reference number2024-03-11T22:30:18.595892+00:00Policy number POL.ITAUP.022 in the Acceptable Use Policy was incorrectly listed as number 021.2023-02-28T17:35:00+00:00https://security-guidance.service.justice.gov.uk/202302161735Corrected typo in template2024-03-11T22:30:18.595858+00:00Fixed minor typo in Asset template.2023-02-16T17:35:00+00:00https://security-guidance.service.justice.gov.uk/202302081735Updated remote working guidance2024-03-11T22:30:18.595823+00:00Clarification on using hotel or other public wifi spots.2023-02-08T17:35:00+00:00https://security-guidance.service.justice.gov.uk/202301221741Updated authorisation information2024-03-11T22:30:18.595788+00:00More details on implementing defensive depth and dealing with external IP addresses.2023-01-22T17:41:00+00:00https://security-guidance.service.justice.gov.uk/202301101804Updated contact details for secure disposal2024-03-11T22:30:18.595753+00:00When seeking help for secure disposal, contact IT Service Desk in the first instance.2023-01-10T18:04:00+00:00https://security-guidance.service.justice.gov.uk/202210191434Updated project README2024-03-11T22:30:18.595718+00:00An update to the README and refresh of the content.2022-10-19T14:34:00+01:00https://security-guidance.service.justice.gov.uk/202208310950Overseas travel2024-03-11T22:30:18.595688+00:00Clarification regarding transit or destination locations.2022-08-31T09:50:00+01:00https://security-guidance.service.justice.gov.uk/202208301043Added guidance on protecting WhatsApp accounts2024-03-11T22:30:18.595657+00:00Extra information on how WhatsApp accounts might be attacked, and how to protect your accounts.2022-08-30T10:43:00+01:00https://security-guidance.service.justice.gov.uk/202208091217Remove links to download leaflets2024-03-11T22:30:18.595627+00:00Remove links to leaflet downloads, ready for later updates.2022-08-09T12:17:00+01:00https://security-guidance.service.justice.gov.uk/202208051208Add guidance on video conferencing hardware2024-03-11T22:30:18.595597+00:00Provide more details on the use of dedicated hardware for video and conference calls.2022-08-05T12:08:00+01:00https://security-guidance.service.justice.gov.uk/202208041622Add connected vehicle reference in bluetooth guidance2024-03-11T22:30:18.595565+00:00Connected vehicles are discussed in personal devices, but the information also applies in the bluetooth guidance.2022-08-04T16:22:00+01:00https://security-guidance.service.justice.gov.uk/202207221314Use of personal devices to receive MFA codes2024-03-11T22:30:18.595534+00:00Added clarification that personal devices may be used to receive MFA authentication codes if an MoJ-issued device is not available.2022-07-22T13:14:00+01:00https://security-guidance.service.justice.gov.uk/202207211345Guidance on use of personal devices2024-03-11T22:30:18.595504+00:00Added clarification and emphasis that personal devices must not be used for work purposes. This includes accessing MoJ Slack channels using personal devices.2022-07-21T13:45:00+01:00https://security-guidance.service.justice.gov.uk/202207041423Correct broken links2024-03-11T22:30:18.595471+00:00Internal links on a page were broken; now fixed.2022-07-04T14:23:00+01:00https://security-guidance.service.justice.gov.uk/202206231202Accessibility updates2024-03-11T22:30:18.595440+00:00Improved the content tagging following guidance on accessibility improvements. Affects all pages, the link in this notification is to an example page.2022-06-23T12:02:00+01:00https://security-guidance.service.justice.gov.uk/202206011336Reporting phishing2024-03-11T22:30:18.595407+00:00Clarified process for reporting phishing attempts.2022-06-01T13:36:00+01:00https://security-guidance.service.justice.gov.uk/202205271609Add IASME certification information and templates.2024-03-11T22:30:18.595350+00:00Added material to assist suppliers in seeking security certification, particularly regarding the IASME Governance standard.2022-05-27T16:09:00+01:00https://security-guidance.service.justice.gov.uk/202205201537Updates to overseas travel information.2024-03-11T22:30:18.595320+00:00More information about applying with sufficient advance notice, and a reminder about passport validity dates.2022-05-20T15:37:00+01:00https://security-guidance.service.justice.gov.uk/202205061230Minor restructure to Phishing information.2024-03-11T22:30:18.595289+00:00The section on Out Of Band Checks has been slightly reordered, to improve readability.2022-05-06T12:30:00+01:00https://security-guidance.service.justice.gov.uk/202205061218Added link to Password Poster.2024-03-11T22:30:18.595260+00:00An information poster about how to make strong passwords is now available for download.2022-05-06T12:18:00+01:00https://security-guidance.service.justice.gov.uk/202204191745Update links for contacting security team.2024-03-11T22:30:18.595230+00:00Standardise on security@justice.gov.uk email address for contacting security team.2022-04-19T17:45:00+01:00https://security-guidance.service.justice.gov.uk/202204081009Add guidance on secure disposal of cloud materials.2024-03-11T22:30:18.595199+00:00New guidance to ensure the confidentiality of MoJ data remains when a cloud service is decommissioned.2022-04-08T10:09:00+01:00https://security-guidance.service.justice.gov.uk/202204061553Update security.txt link.2024-03-11T22:30:18.595168+00:00Corrected link to the standard security.txt file.2022-04-06T15:53:00+01:00https://security-guidance.service.justice.gov.uk/202204041050Add password manager guidance.2024-03-11T22:30:18.595137+00:00Added extra information on the use of password manager apps in the MoJ.2022-04-04T10:50:00+01:00https://security-guidance.service.justice.gov.uk/202203211035Add guidance on sharing information.2024-03-11T22:30:18.595101+00:00Added extra information on sharing information internally and externally.2022-03-21T10:35:00+00:00https://security-guidance.service.justice.gov.uk/202203211022Add guidance on QR codes.2024-03-11T22:30:18.595065+00:00Added information on QR codes; currently considered low risk.2022-03-21T10:22:00+00:00https://security-guidance.service.justice.gov.uk/202203111531Updates to ransomware information leaflet.2024-03-11T22:30:18.595033+00:00Updates to correct typos and improve style.2022-03-11T15:31:00+00:00https://security-guidance.service.justice.gov.uk/202203101701Updates to LastPass guidance.2024-03-11T22:30:18.595001+00:00More information about when and how LastPass may be used.2022-03-10T17:01:00+00:00https://security-guidance.service.justice.gov.uk/202203101309Various minor corrections.2024-03-11T22:30:18.594969+00:00Fixing broken links and updating references to standards.2022-03-10T13:09:00+00:00https://security-guidance.service.justice.gov.uk/202203040916Updated email security guide.2024-03-11T22:30:18.594934+00:00Clarification that phishing or spoofing of MoJ colleagues, by MoJ colleagues, is not permitted other than with formal approval in advance, justified by a good business case.2022-03-04T09:16:00+00:00https://security-guidance.service.justice.gov.uk/202202181835Added phishing guide.2024-03-11T22:30:18.594901+00:00New topic, providing advice on dealing with phishing threats.2022-02-18T18:35:00+00:00https://security-guidance.service.justice.gov.uk/202202161119Updated security.txt file.2024-03-11T22:30:18.594866+00:00Provided new expiry date for security.txt file.2022-02-16T11:19:00+00:00https://security-guidance.service.justice.gov.uk/202202151218Various minor corrections.2024-03-11T22:30:18.594829+00:00Corrected contact details, fixed an incorrect link, and updated secure disposal information.2022-02-15T12:18:00+00:00https://security-guidance.service.justice.gov.uk/202202071549Updated glossary.2024-03-11T22:30:18.594795+00:00Expanded list of glossary definitions, and explanation of out-of-band-checks.2022-02-07T15:49:00+00:00https://security-guidance.service.justice.gov.uk/202202011151Update to passwords guidance.2024-03-11T22:30:18.594758+00:00A reminder not to share passwords or other account details.2022-02-01T11:51:00+00:00https://security-guidance.service.justice.gov.uk/202201251037Publication of ransomware information leaflet.2024-03-11T22:30:18.594726+00:00Useful leaflet explaining what Ransomware is, and tips on protecting your work and your systems.2022-01-25T10:37:00+00:00https://security-guidance.service.justice.gov.uk/202201181706Updated guidance for hosting platforms.2024-03-11T22:30:18.594693+00:00Updated baseline guidance for AWS and Azure platforms.2022-01-18T17:06:00+00:00https://security-guidance.service.justice.gov.uk/202201071436Contact details for AWS2024-03-11T22:30:18.594660+00:00Updated contact details for Baseline AWS accounts.2022-01-07T14:36:00+00:00https://security-guidance.service.justice.gov.uk/202201060936System lockdown and hardening2024-03-11T22:30:18.594627+00:00Guidance added to prevent outbound connections to random internet systems, unless this is a core part of their design. Firewall rules and other network configuration must prevent this.2022-01-06T09:36:00+00:00https://security-guidance.service.justice.gov.uk/202201041627IT Health Check2024-03-11T22:30:18.594594+00:00Updated guidance with a new section on Cloud platforms.2022-01-04T16:27:00+00:00https://security-guidance.service.justice.gov.uk/202201041610Update Slack channel for privacy team2024-03-11T22:30:18.594558+00:00Provide revised channel details for contact privacy team through Slack IM.2022-01-04T16:10:00+00:00https://security-guidance.service.justice.gov.uk/202112231350Update overseas travel guidance2024-03-11T22:30:18.594523+00:00Updates to information on overseas travel and accessing MoJ IT systems from overseas.2021-12-23T13:50:00+00:00https://security-guidance.service.justice.gov.uk/202112211318Provide seasonal SMS scam advice2024-03-11T22:30:18.594489+00:00Material to help improve awareness and best practices for security.2021-12-21T13:18:00+00:00https://security-guidance.service.justice.gov.uk/202112151509Use DuckDuckGo search engine2024-03-11T22:30:18.594454+00:00Default to using DDG for content search.2021-12-15T15:09:00+00:00https://security-guidance.service.justice.gov.uk/202112131144Security threat level guidance2024-03-11T22:30:18.594420+00:00New security threat Level guidance, and associated procedures.2021-12-13T11:44:00+00:00https://security-guidance.service.justice.gov.uk/202112131127Debrief on return from travel2024-03-11T22:30:18.594385+00:00Added description of a security debrief that is mandatory after some travel or where other security conditions apply.2021-12-13T11:27:00+00:00https://security-guidance.service.justice.gov.uk/202112131124Accessing MoJ systems from overseas2024-03-11T22:30:18.594351+00:00Added link to supplementary information on the MoJ Intranet.2021-12-13T11:24:00+00:00https://security-guidance.service.justice.gov.uk/202112080915Email access2024-03-11T22:30:18.594316+00:00Added clarification regarding when access is permitted to a user's business email account.2021-12-08T09:15:00+00:00https://security-guidance.service.justice.gov.uk/202112071518Email Authentication2024-03-11T22:30:18.594279+00:00Added guidance requiring the use of MTA-SLS and TLS-RPT in MoJ email systems.2021-12-07T15:18:00+00:00https://security-guidance.service.justice.gov.uk/202111301354Personal Devices2024-03-11T22:30:18.594244+00:00Clarified guidance on connecting personal devices using Bluetooth, and added new section on connected vehicles.2021-11-30T13:54:00+00:00https://security-guidance.service.justice.gov.uk/202111221623MFA2024-03-11T22:30:18.594210+00:00Clarified guidance on sending one-time MFA codes only to individual devices or accounts, not to shared devices or accounts.2021-11-22T16:23:00+00:00https://security-guidance.service.justice.gov.uk/202111221414Government Classification Scheme2024-03-11T22:30:18.594175+00:00Updated and consolidated guidance on classification of Government information.2021-11-22T14:14:00+00:00https://security-guidance.service.justice.gov.uk/202111191522Other guidance and security.txt2024-03-11T22:30:18.594143+00:00Improved structure for other guidance information, and added security.txt file.2021-11-19T15:22:00+00:00https://security-guidance.service.justice.gov.uk/202111191009Sending information securely2024-03-11T22:30:18.594110+00:00Guidance on working securely with paper documents and files.2021-11-19T10:09:00+00:00https://security-guidance.service.justice.gov.uk/202111171707Personal devices2024-03-11T22:30:18.594077+00:00Updated guidance about using a personal device to connect to a business Teams meeting as a Guest.2021-11-17T17:07:00+00:00https://security-guidance.service.justice.gov.uk/202111091537Acceptable use policy2024-03-11T22:30:18.594043+00:00Provide more detail on monitoring of systems and information, and to clarify the situation regarding Data Protection and the storage or processing of information outside the UK.2021-11-09T15:37:00+00:00https://security-guidance.service.justice.gov.uk/202111081730System backup policy2024-03-11T22:30:18.594009+00:00Corrected broken links within the content, also some structural changes for easier cross-referencing with related topics.2021-11-08T17:30:00+00:00https://security-guidance.service.justice.gov.uk/202111040905Working securely with paper documents and files2024-03-11T22:30:18.593973+00:00This guidance helps you understand the risks involved in working with, sharing, and moving paper documents both inside and outside the office.2021-11-04T09:05:00+00:00https://security-guidance.service.justice.gov.uk/202111031712Email blocking2024-03-11T22:30:18.593939+00:00The policy and processes for blocking emails, and deleting emails through administrative processes, across email services across the MoJ.2021-11-03T17:12:00+00:00https://security-guidance.service.justice.gov.uk/202111031700Domain names2024-03-11T22:30:18.593903+00:00An overview of domain name registration and monitoring principles and responsibilities within the MoJ.2021-11-03T17:00:00+00:00https://security-guidance.service.justice.gov.uk/202110291152Logging retention2024-03-11T22:30:18.593871+00:00Information about keeping logging information.2021-10-29T11:52:00+01:00https://security-guidance.service.justice.gov.uk/202110191306Remote working2024-03-11T22:30:18.593832+00:00Simplified the guidance regarding remote working.2021-10-19T13:06:00+01:00https://security-guidance.service.justice.gov.uk/202110151627Email best practices2024-03-11T22:30:18.593800+00:00Added guidance regarding attachments and the use of 'cc' and 'bcc' fields in emails.2021-10-15T16:27:00+01:00https://security-guidance.service.justice.gov.uk/202110141347Azure subscription baselines2024-03-11T22:30:18.593767+00:00Added guidance on baselines and templates for Azure subscriptions.2021-10-14T13:47:00+01:00https://security-guidance.service.justice.gov.uk/202110131550IT Health Checks2024-03-11T22:30:18.593731+00:00Added guidance on requesting and managing IT Health Checks.2021-10-13T15:50:00+01:00https://security-guidance.service.justice.gov.uk/202110080956Wifi policy2024-03-11T22:30:18.593696+00:00Added policy information about wifi.2021-10-08T09:56:00+01:00https://security-guidance.service.justice.gov.uk/202110051428Client certificates2024-03-11T22:30:18.593656+00:00Added notes about obtaining client certificates.2021-10-05T14:28:00+01:00https://security-guidance.service.justice.gov.uk/202110011524Connection to public wifi2024-03-11T22:30:18.593597+00:00Clarification about connecting to public wifi spots, such as hotels or coffee shops, or home broadband. Also extra details for remote working securely.2021-10-01T15:24:00+01:00https://security-guidance.service.justice.gov.uk/202110011507Personal device attachment2024-03-11T22:30:18.593555+00:00Clarifying the connection of personal peripherals, and the charging of personal devices from USB ports.2021-10-01T15:07:00+01:00https://security-guidance.service.justice.gov.uk/202109131721Government Security Standard 007 V22024-03-11T22:30:18.593517+00:00Updates following the release of V2 of the Gov007 security standard.2021-09-13T17:21:00+01:00https://security-guidance.service.justice.gov.uk/202109021516Extra guidance on remote working.2024-03-11T22:30:18.593473+00:00Additional best practices for keeping safe and secure when working away from the office.2021-09-02T15:16:00+01:00https://security-guidance.service.justice.gov.uk/202108201414Update to general apps guidance.2024-03-11T22:30:18.593420+00:00Add Trello guidance, and clarification over Official and Official Sensitive material in apps.2021-08-20T14:14:00+01:00https://security-guidance.service.justice.gov.uk/202108181517Add change log page.2024-03-11T22:30:18.593369+00:00Created a change log page, and associated RSS and Atom feeds, to describe new or changed content.2021-08-18T15:17:00+01:00https://security-guidance.service.justice.gov.uk/202108161704Clarification for accessing MoJ IT systems overseas.2024-03-11T22:30:18.593310+00:00Additional information describing the process.2021-08-16T17:04:00+01:00https://security-guidance.service.justice.gov.uk/202108161703Data Movement Form updated.2024-03-11T22:30:18.593088+00:00Data Movement Form updated.2021-08-16T17:03:00+01:00