uk normas watchful
TRANSCRIPT
-
8/13/2019 UK Normas Watchful
1/3
APPLICATION NOTE 1
www.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.com Copyright Watchful Software S.A. 2013 All Rights Reserved.
TheTheTheThe UKUKUKUK Government Protective Marking SystemGovernment Protective Marking SystemGovernment Protective Marking SystemGovernment Protective Marking System (GPMS)(GPMS)(GPMS)(GPMS)Government Departments and Agencies in the United Kingdom (UK) must abide by the Security
Poicy !rame"ork# issued by the $abinet %&&ice# and adopt poicies in accordance "ith the
Government Protective Marking System (GPMS)' The system# as the name impies# is a marking on a
document or piece o& in&ormation "hich identi&ies the con&identiaity reuirements o& the
in&ormation# and at the same time conveys those protective reuirements to a those "ho hande
it'
hat does it mean to appy the UK GPMS*
The UK GPMS is a security cassi&ication schema o& &ive security cassi&ications# indicating in
descending order the ikey impact resuting &rom compromise or oss o& in&ormation abeed as&oo"+
,' T%P S-$.-T
/' S-$.-T
0' $%1!2D-1T2A3
4' .-ST.2$T-D
5' P.%T-$T6Unmarked materia is considered 7uncassi&ied' The
term 7U1$3ASS2!2-D8 or 71%T P.%T-$T29-3:
MA.K-D8 is used to indicate that a protective marking
is not needed'
Access to sensitive in&ormation or assets
must ony be granted to those "ho have a
business need and the appropriate
personne security contro (;aseine
Personne Security Standard (;PSS) or
1ationa Security 9etting (1S9)'
This 7need to kno"8 principe is
&undamenta to the security o& a
protectivey marked Government assets
and casua access to protectivey marked
assets is never acceptabe'
-
8/13/2019 UK Normas Watchful
2/3
APPLICATION NOTE 2
www.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.com Copyright Watchful Software S.A. 2013 All Rights Reserved.
/) %&&ers too @tips= and contentconteBt a"are poicy rues "hich are automaticay appied to any
government in&ormation asset# heping to educate users about the sensitivity o& in&ormation C
ensuring adherence to poicy?
0) Appies -nterprise .ights Management to keep in&ormation sa&e &rom security breaches or
discosure# resuting &rom maicious "rongdoing or inadvertent misusage'
Abiding by Mandatory .euirements under the Security Poicy n'/ o& the UK GPMS#
.ightsAT$< enabes+
2n&ormation and others assets to be+
,' ceary and conspicuousy marked
according to their vaue?
/' protected in ine "ith GPMS
reuirements throughout their
i&ecyce &rom creation to
destruction to ensure a
proportionate eve o& protection?
0' reguary audited to check
compiance and ao" eBtraction o&
data in the event o& an incident?
Access to sensitive assets may be
restricted to+
,' adherence to a genuine @needEtoE
kno"= poicy?
/' an appropriate eve o& personne
security contro?
2mpementing and ensuring that+
,' the receiving party understands the
obigations and protects the assets
appropriatey?
/' the originator o& an asset is
responsibe &or appying the correct
marking?
0' appropriate identi&ication and
authentication contros are in pace
to manage the risk o& unauthoriFed
access?
4' a comprehensive audit o& user and admin accounts and actions are in pace?
5' appropriate poicies and procedures to support mobie and remote "orking are put in pace?
The transition to the ne" Government Security $assi&ications
The UK GPMS is being repaced "ith a ne" Government Security $assi&ications (GS$) poicy that
"i invove ony three eves o& cassi&ication &or in&ormation assets# these being+
-
8/13/2019 UK Normas Watchful
3/3
APPLICATION NOTE 3
www.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.cowww.watchfulsoftware.com Copyright Watchful Software S.A. 2013 All Rights Reserved.
,' %!!2$2A3
/' S-$.-T
0' T%P S-$.-T#6 )ith an %!!2$2A3ES-1S2T29- marking being used "here stronger 7need to kno"8 en&orcement is re(uired at the o"est tier'
This simpi&ied threeEtier poicy schema "i make it easier and more costEe&&ective &or