Good Practice Guidelines
The Good Practice Guidelines (GPG) are a series of informational documents which provide good practice advice in technology-specific areas of Information Security and Information Governance.
These guidelines are updated with the latest security information and if you feel there is something missing please contact firstname.lastname@example.org.
We recognise these GPGs as essential communication from the Infrastructure Security Team and as such are aiming for the documents to be published to the highest possible standard.
All documents on this page have 'Approved' status. As Information Security is an evolving discipline these documents will be updated regularly and should be regarded as 'living documents'.
|3G / HSDPA||Provides guidance for organisations who wish to deploy or operate 3G / HSDPA systems||In Progress|
|Access Control Lists (PDF 77Kb)||This guide addresses the major issues associated with creating and maintaining secure networks using both the New NHS Network (N3) and other network infrastructures.||11/05/2009||2.0|
|Anti-Virus and Malware (PDF 305Kb)||Provides guidance on the deployment, configuration and management of Anti-Virus software.||01/03/2010||2.0|
|Application Security (PDF 133Kb)||Provides guidance for organisations providing user applications to users.||31/03/2007||1.0|
|Approved Cryptographic Algorithms (PDF 504Kb)||Guidance on Authority standards for cryptographic algorithms and key sizes.
A guidance document on the changes between the previous version (v2.2) and this version (v3.0) of the Approved Cryptographic Algorithms GPG can be found in "Approved Cryptographic Algorithms Good Practice Guideline – changes between v2.2 and v3 (PDF 299Kb)".
|Biometrics||Provides guidance on facial, iris and finger recognition technologies.||Proposed|
|Business Continuity and Disaster Planning (PDF 148Kb)||Provides guidance for organisations implementing BCP and DR Procedures||29/09/2009||1.0|
|Connecting Modem Devices to Local Area Networks (PDF, 261Kb)||Provides guidance on the security challenges associated with connecting modems to Local Area Networks.||25/10/2010||1.0|
|Content Filtering||Provides guidance for organisations who wish to deploy or operate Content Filtering systems||In Progress|
|Disposal and Destruction of Sensitive Data (PDF, 331.8kB)||Provides guidance for organisations on the disposal and destruction of sensitive data (UPDATED)||13/03/2015||3.0|
|Email, Calendar and Messaging Services (PDF 75Kb)||Provides guidance for organisations using Email, Calendar and Messaging Services.||13/10/2006||1.0|
|Firewall Technologies (PDF 2Mb)||Provides guidance on the planning, implementation and operation of firewalls and associated technologies||20/12/2007||1.0|
|General Principles for Securing Information System (PDF 130Kb)||Provides introductory information on general principles for securing information systems.||26/05/2009||1.0|
|Glossary of Security Terms (PDF 277Kb)||Glossary of Security Terms used in the Good Practice Guidelines||13/12/2007||1.0|
|GPRS and PDAs (PDF 371Kb)||Provides guidance for organisations who wish to deploy or operate GPRS and PDA services||31/03/2007||1.0|
|IDS and IPS Technologies (PDF 1Mb)||Provides guidance for organisations implementing IDS/IPS solutions||02/10/2009||2.0|
|Local Area Network Security (PDF 171Kb)||Provides guidance on security good practice in relation to Local Area Network security||29/09/2009||1.0|
|Network Address Translation (PDF 183Kb)||Provides guidance on the implementation of NAT and the possible security implications||10/03/2006||1.0|
|Password Policy for Non-Spine Connected Applications (PDF 302Kb)||Provides guidance on the use and control of passwords for organisations deploying and using non-SPINE connected applications.||23/07/2010||1.0|
|Patching Management (PDF 168Kb)||Provides advice and guidance relating to Patch Management in NHS or other healthcare environments||07/10/2009||1.0|
|Portable Storage Devices||Provides guidance on security good practice in the implementation of portable storage devices within an organisation||Proposed|
|Proxy Services (PDF 86Kb)||Provides guidance on Proxy Services such as web proxies, application proxies and gateway services||26/01/2006||1.0|
|Remote Access (PDF 150Kb)||Provides guidance on the implementation of Remote Access technologies||15/07/2009||2.0|
|Remote Management||Provides guidance for organisations who wish to deploy or operate Remote Management||In Progress|
|Secure Use of the N3 Network (PDF 88Kb)||Provides guidance for organisations who wish to move sensitive information using the N3 network.||08/03/2006||1.0|
|Securing Web Infrastructure and supporting services||Provide information on good security practices in relation to the security, and securing of Web infrastructure and associated systems.||26/02/2010||1.0|
|Security of the Endpoint||Provides guidance on implementing security of endpoint devices such as desktops||Proposed|
|Server Virtualisation Security (PDF 307Kb)||Provides security guidance to technical and policy making personnel when deploying virtualisation within their organisations. This document focuses on the security aspects of virtualisation.||06/07/2009||1.0|
|Site to Site VPN (PDF 97Kb)||Provides guidance for organisations who wish to deploy or operate Site to Site VPNs||08/03/2006||1.0|
|Smart Card Best Practices||Provides guidance on the implementation and operation of smartcard based systems.||Proposed|
|System Hardening (PDF 96Kb)||Provides guidance on the implementation of security for devices such as firewalls, routers etc||01/10/2009||1.0|
|TCP IP Ports and Protocols (PDF 149Kb)||Provides guidance on the security risks associated with common TCP/IP services||07/11/2007||1.0|
|Use of Tablet Devices in NHS environments (PDF 213Kb)||Provides vendor and product independent security guidance to organisations wishing to make use of tablet devices in NHS environments||19/12/2011||1.0|
|VLANs (PDF 104Kb)||Provides guidance on the use of VLANs within a network infrastructure.||24/06/2009||2.0|
|Voice Over IP||Provides guidance on the implentation of Voice over IP services and the security issues which may be encountered||In Progress|
|WiMAX / WiBRO||Provides guidance for organisations who wish to deploy or operate WiMAX or WiBRO wireless systems||In Progress|
|Wireless LAN Technologies (PDF 123Kb)||Covers the design and deployment of Wireless Local Area Networks||08/03/2006|