Table of contents

Change log for Ministry of Justice (MoJ) Security Guidance

This document summarises what changes were made, and when, to MoJ Security policy and guidance. The most recent changes appear at the beginning of the list.

  • 2023-08-09 17:35 BST Build tooling updates

    Updates to build tooling for security and performance improvements.

  • 2023-04-18 17:10 BST Revise content

    Updates to personnel and related information.

  • 2022-08-31 09:50 BST Overseas travel

    Clarification regarding transit or destination locations.

  • 2022-07-21 13:45 BST Guidance on use of personal devices

    Added clarification and emphasis that personal devices must not be used for work purposes. This includes accessing MoJ Slack channels using personal devices.

  • 2022-06-23 12:02 BST Accessibility updates

    Improved the content tagging following guidance on accessibility improvements. Affects all pages, the link in this notification is to an example page.

  • 2022-06-01 13:36 BST Reporting phishing

    Clarified process for reporting phishing attempts.

  • 2022-03-04 09:16 GMT Updated email security guide.

    Clarification that phishing or spoofing of MoJ colleagues, by MoJ colleagues, is not permitted other than with formal approval in advance, justified by a good business case.

  • 2022-02-18 18:35 GMT Added phishing guide.

    New topic, providing advice on dealing with phishing threats.

  • 2022-02-15 12:18 GMT Various minor corrections.

    Corrected contact details, fixed an incorrect link, and updated secure disposal information.

  • 2022-02-07 15:49 GMT Updated glossary.

    Expanded list of glossary definitions, and explanation of out-of-band-checks.

  • 2022-01-06 09:36 GMT System lockdown and hardening

    Guidance added to prevent outbound connections to random internet systems, unless this is a core part of their design. Firewall rules and other network configuration must prevent this.

  • 2022-01-04 16:27 GMT IT Health Check

    Updated guidance with a new section on Cloud platforms.

  • 2021-12-13 11:27 GMT Debrief on return from travel

    Added description of a security debrief that is mandatory after some travel or where other security conditions apply.

  • 2021-12-08 09:15 GMT Email access

    Added clarification regarding when access is permitted to a user’s business email account.

  • 2021-12-07 15:18 GMT Email Authentication

    Added guidance requiring the use of MTA-SLS and TLS-RPT in MoJ email systems.

  • 2021-11-30 13:54 GMT Personal Devices

    Clarified guidance on connecting personal devices using Bluetooth, and added new section on connected vehicles.

  • 2021-11-22 16:23 GMT MFA

    Clarified guidance on sending one-time MFA codes only to individual devices or accounts, not to shared devices or accounts.

  • 2021-11-17 17:07 GMT Personal devices

    Updated guidance about using a personal device to connect to a business Teams meeting as a Guest.

  • 2021-11-09 15:37 GMT Acceptable use policy

    Provide more detail on monitoring of systems and information, and to clarify the situation regarding Data Protection and the storage or processing of information outside the UK.

  • 2021-11-08 17:30 GMT System backup policy

    Corrected broken links within the content, also some structural changes for easier cross-referencing with related topics.

  • 2021-11-03 17:12 GMT Email blocking

    The policy and processes for blocking emails, and deleting emails through administrative processes, across email services across the MoJ.

  • 2021-11-03 17:00 GMT Domain names

    An overview of domain name registration and monitoring principles and responsibilities within the MoJ.

  • 2021-10-29 11:52 BST Logging retention

    Information about keeping logging information.

  • 2021-10-19 13:06 BST Remote working

    Simplified the guidance regarding remote working.

  • 2021-10-15 16:27 BST Email best practices

    Added guidance regarding attachments and the use of ‘cc’ and ‘bcc’ fields in emails.

  • 2021-10-13 15:50 BST IT Health Checks

    Added guidance on requesting and managing IT Health Checks.

  • 2021-10-08 09:56 BST Wifi policy

    Added policy information about wifi.

  • 2021-10-01 15:24 BST Connection to public wifi

    Clarification about connecting to public wifi spots, such as hotels or coffee shops, or home broadband. Also extra details for remote working securely.

  • 2021-10-01 15:07 BST Personal device attachment

    Clarifying the connection of personal peripherals, and the charging of personal devices from USB ports.

  • 2021-08-18 15:17:00 BST Add change log page.

    Created a change log page, and associated RSS and Atom feeds, to describe new or changed content.

Contact details

For any further questions or advice relating to security, contact:


If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: