Change log for Ministry of Justice (MoJ) Security Guidance
This document summarises what changes were made, and when, to MoJ Security policy and guidance. The most recent changes appear at the beginning of the list.
-
2023-09-11 17:45 BST Update ITHC details
Updates to information about IT Health Checks.
-
2023-08-30 17:45 BST Clearance requirements
Added details about minimum user clearance requirements.
-
2023-08-09 17:35 BST Build tooling updates
Updates to build tooling for security and performance improvements.
-
2023-07-13 17:00 BST Accessing MoJ IT systems from overseas
Removed topic on accessing MoJ IT systems from overseas.
-
2023-07-07 16:45 BST Taking equipment overseas
Removed general advice topic on taking equipment overseas.
-
2023-06-22 17:35 BST Formatting and terminology updates
Minor improvements to formatting, and updates to terminology.
-
2023-06-05 18:13 BST Updates to incident management policy
Refresh and add extra detail about managing security incidents.
-
2023-04-29 13:54 BST Add 1Password guidance
Add information about using the 1Password tool.
-
2023-04-18 17:10 BST Revise content
Updates to personnel and related information.
-
2023-03-21 17:35 GMT Restructure landing page, and added service owners responsibilities guidance
New material on service owner responsibilities.
-
2023-02-28 17:35 GMT Corrected policy reference number
Policy number POL.ITAUP.022 in the Acceptable Use Policy was incorrectly listed as number 021.
-
2023-02-16 17:35 GMT Corrected typo in template
Fixed minor typo in Asset template.
-
2023-02-08 17:35 GMT Updated remote working guidance
Clarification on using hotel or other public wifi spots.
-
2023-01-22 17:41 GMT Updated authorisation information
More details on implementing defensive depth and dealing with external IP addresses.
-
2023-01-10 18:04 GMT Updated contact details for secure disposal
When seeking help for secure disposal, contact IT Service Desk in the first instance.
-
2022-10-19 14:34 BST Updated project README
An update to the README and refresh of the content.
-
2022-08-31 09:50 BST Overseas travel
Clarification regarding transit or destination locations.
-
2022-08-30 10:43 BST Added guidance on protecting WhatsApp accounts
Extra information on how WhatsApp accounts might be attacked, and how to protect your accounts.
-
2022-08-09 12:17 BST Remove links to download leaflets
Remove links to leaflet downloads, ready for later updates.
-
2022-08-05 12:08 BST Add guidance on video conferencing hardware
Provide more details on the use of dedicated hardware for video and conference calls.
-
2022-08-04 16:22 BST Add connected vehicle reference in bluetooth guidance
Connected vehicles are discussed in personal devices, but the information also applies in the bluetooth guidance.
-
2022-07-22 13:14 BST Use of personal devices to receive MFA codes
Added clarification that personal devices may be used to receive MFA authentication codes if an MoJ-issued device is not available.
-
2022-07-21 13:45 BST Guidance on use of personal devices
Added clarification and emphasis that personal devices must not be used for work purposes. This includes accessing MoJ Slack channels using personal devices.
-
2022-07-04 14:23 BST Correct broken links
Internal links on a page were broken; now fixed.
-
2022-06-23 12:02 BST Accessibility updates
Improved the content tagging following guidance on accessibility improvements. Affects all pages, the link in this notification is to an example page.
-
2022-06-01 13:36 BST Reporting phishing
Clarified process for reporting phishing attempts.
-
2022-05-27 16:09 BST Add IASME certification information and templates.
Added material to assist suppliers in seeking security certification, particularly regarding the IASME Governance standard.
-
2022-05-20 15:37 BST Updates to overseas travel information.
More information about applying with sufficient advance notice, and a reminder about passport validity dates.
-
2022-05-06 12:30 BST Minor restructure to Phishing information.
The section on Out Of Band Checks has been slightly reordered, to improve readability.
-
2022-05-06 12:18 BST Added link to Password Poster.
An information poster about how to make strong passwords is now available for download.
-
2022-04-19 17:45 BST Update links for contacting security team.
Standardise on security@justice.gov.uk email address for contacting security team.
-
2022-04-08 10:09 BST Add guidance on secure disposal of cloud materials.
New guidance to ensure the confidentiality of MoJ data remains when a cloud service is decommissioned.
-
2022-04-06 15:53 BST Update security.txt link.
Corrected link to the standard security.txt file.
-
2022-04-04 10:50 BST Add password manager guidance.
Added extra information on the use of password manager apps in the MoJ.
-
2022-03-21 10:35 GMT Add guidance on sharing information.
Added extra information on sharing information internally and externally.
-
2022-03-21 10:22 GMT Add guidance on QR codes.
Added information on QR codes; currently considered low risk.
-
2022-03-11 15:31 GMT Updates to ransomware information leaflet.
Updates to correct typos and improve style.
-
2022-03-10 17:01 GMT Updates to LastPass guidance.
More information about when and how LastPass may be used.
-
2022-03-10 13:09 GMT Various minor corrections.
Fixing broken links and updating references to standards.
-
2022-03-04 09:16 GMT Updated email security guide.
Clarification that phishing or spoofing of MoJ colleagues, by MoJ colleagues, is not permitted other than with formal approval in advance, justified by a good business case.
-
2022-02-18 18:35 GMT Added phishing guide.
New topic, providing advice on dealing with phishing threats.
-
2022-02-16 11:19 GMT Updated security.txt file.
Provided new expiry date for security.txt file.
-
2022-02-15 12:18 GMT Various minor corrections.
Corrected contact details, fixed an incorrect link, and updated secure disposal information.
-
2022-02-07 15:49 GMT Updated glossary.
Expanded list of glossary definitions, and explanation of out-of-band-checks.
-
2022-02-01 11:51 GMT Update to passwords guidance.
A reminder not to share passwords or other account details.
-
2022-01-25 10:37 GMT Publication of ransomware information leaflet.
Useful leaflet explaining what Ransomware is, and tips on protecting your work and your systems.
-
2022-01-18 17:06 GMT Updated guidance for hosting platforms.
Updated baseline guidance for AWS and Azure platforms.
-
2022-01-07 14:36 GMT Contact details for AWS
Updated contact details for Baseline AWS accounts.
-
2022-01-06 09:36 GMT System lockdown and hardening
Guidance added to prevent outbound connections to random internet systems, unless this is a core part of their design. Firewall rules and other network configuration must prevent this.
-
2022-01-04 16:27 GMT IT Health Check
Updated guidance with a new section on Cloud platforms.
-
2022-01-04 16:10 GMT Update Slack channel for privacy team
Provide revised channel details for contact privacy team through Slack IM.
-
2021-12-23 13:50 GMT Update overseas travel guidance
Updates to information on overseas travel and accessing MoJ IT systems from overseas.
-
2021-12-21 13:18 GMT Provide seasonal SMS scam advice
Material to help improve awareness and best practices for security.
-
2021-12-15 15:09 GMT Use DuckDuckGo search engine
Default to using DDG for content search.
-
2021-12-13 11:44 GMT Security threat level guidance
New security threat Level guidance, and associated procedures.
-
2021-12-13 11:27 GMT Debrief on return from travel
Added description of a security debrief that is mandatory after some travel or where other security conditions apply.
-
2021-12-13 11:24 GMT Accessing MoJ systems from overseas
Added link to supplementary information on the MoJ Intranet.
-
2021-12-08 09:15 GMT Email access
Added clarification regarding when access is permitted to a user’s business email account.
-
2021-12-07 15:18 GMT Email Authentication
Added guidance requiring the use of MTA-SLS and TLS-RPT in MoJ email systems.
-
2021-11-30 13:54 GMT Personal Devices
Clarified guidance on connecting personal devices using Bluetooth, and added new section on connected vehicles.
-
2021-11-22 16:23 GMT MFA
Clarified guidance on sending one-time MFA codes only to individual devices or accounts, not to shared devices or accounts.
-
2021-11-22 14:14 GMT Government Classification Scheme
Updated and consolidated guidance on classification of Government information.
-
2021-11-19 15:22 GMT Other guidance and security.txt
Improved structure for other guidance information, and added security.txt file.
-
2021-11-19 10:09 GMT Sending information securely
Guidance on working securely with paper documents and files.
-
2021-11-17 17:07 GMT Personal devices
Updated guidance about using a personal device to connect to a business Teams meeting as a Guest.
-
2021-11-09 15:37 GMT Acceptable use policy
Provide more detail on monitoring of systems and information, and to clarify the situation regarding Data Protection and the storage or processing of information outside the UK.
-
2021-11-08 17:30 GMT System backup policy
Corrected broken links within the content, also some structural changes for easier cross-referencing with related topics.
-
2021-11-04 09:05 GMT Working securely with paper documents and files
This guidance helps you understand the risks involved in working with, sharing, and moving paper documents both inside and outside the office.
-
2021-11-03 17:12 GMT Email blocking
The policy and processes for blocking emails, and deleting emails through administrative processes, across email services across the MoJ.
-
2021-11-03 17:00 GMT Domain names
An overview of domain name registration and monitoring principles and responsibilities within the MoJ.
-
2021-10-29 11:52 BST Logging retention
Information about keeping logging information.
-
2021-10-19 13:06 BST Remote working
Simplified the guidance regarding remote working.
-
2021-10-15 16:27 BST Email best practices
Added guidance regarding attachments and the use of ‘cc’ and ‘bcc’ fields in emails.
-
2021-10-14 13:47 BST Azure subscription baselines
Added guidance on baselines and templates for Azure subscriptions.
-
2021-10-13 15:50 BST IT Health Checks
Added guidance on requesting and managing IT Health Checks.
-
2021-10-08 09:56 BST Wifi policy
Added policy information about wifi.
-
2021-10-05 14:28 BST Client certificates
Added notes about obtaining client certificates.
-
2021-10-01 15:24 BST Connection to public wifi
Clarification about connecting to public wifi spots, such as hotels or coffee shops, or home broadband. Also extra details for remote working securely.
-
2021-10-01 15:07 BST Personal device attachment
Clarifying the connection of personal peripherals, and the charging of personal devices from USB ports.
-
2021-09-13 17:21 BST Government Security Standard 007 V2
Updates following the release of V2 of the Gov007 security standard.
-
2021-09-02 15:16:00 BST Extra guidance on remote working.
Additional best practices for keeping safe and secure when working away from the office.
-
2021-08-20 14:14:00 BST Update to general apps guidance.
Add Trello guidance, and clarification over Official and Official Sensitive material in apps.
-
2021-08-18 15:17:00 BST Add change log page.
Created a change log page, and associated RSS and Atom feeds, to describe new or changed content.
-
2021-08-16 17:04:00 BST Clarification for accessing MoJ IT systems overseas.
Additional information describing the process.
-
2021-08-16 17:03:00 BST Data Movement Form updated.
Data Movement Form updated.
Contact and Feedback
For any further questions or advice relating to security, or for any feedback or suggestions for improvement, contact: security@justice.gov.uk.
Feedback
If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: itpolicycontent@digital.justice.gov.uk.