Minimum User Clearance Requirements Guide
This Minimum User Clearance Requirements Guide outlines the level of security clearance required for staff in order to access specific account types. This is a sub-page to the Access Control Guide.
Security clearance levels
The Ministry of Justice (MoJ) uses the national security vetting clearance levels:
- Baseline Personnel Security Standard (BPSS)
- Counter Terrorist Check (CTC)
- Security Check (SC)
- Developed Vetting (DV)
Where appropriate, Enhanced checks apply, for example Enhanced Security Check (eSC).
Minimum user clearance requirements
Most of the MoJ IT systems are able to process Official information. Therefore all roles in the MoJ require staff to attain BPSS clearance as a minimum to be granted access rights to view Official information. Some roles require staff to have higher clearance.
For an individual to perform any of the following tasks, clearance higher than BPSS is required:
- Has long term, regular, unsupervised access to data centres or communications rooms.
- Has regular privileged unsupervised and unconstrained access to systems which contain data for multiple MoJ systems, for example backups, or console access to multiple cloud services.
- Has cryptography responsibilities and handling, under advice from the Crypto Custodian.
- Has access to multiple system security testing outcomes which reveal vulnerabilities in live services.
- Has a role such as system support or IT investigation role, such that without further authority or authorisation, an individual might:
- Act as another user.
- Obtain credentials for another user.
- Directly access other users’ data.
If an individual does not need to perform any of the previous tasks, then BPSS, DBS or Enhanced Check is sufficient.
The MoJ HQ and Executive Agencies might have additional, specific requirements for DV/DV STRAP clearance for individual systems. These requirements should be followed where applicable.
For any further questions or advice relating to security, contact: firstname.lastname@example.org.
If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: email@example.com.