Government Functional Standard 007 (GovS 007) Security
- Physical security
- Personnel security
- Cyber security
- Technical security
- Industry security
- Security risk management
- Information management
- Critical assets and resources
- Capability, capacity and resources
- Security culture, education and awareness
Government Functional Standard 003 (GovS 003) Human Resources
The purpose of this government functional standard is to set expectations for the leadership and management of human resources across government, ensuring people are recruited, developed and deployed to meet the government’s needs.
Government Security Group, Government BPSS (2018)
The HMG Baseline Personnel Security Standard (or ‘BPSS’) describes the pre-employment controls for all civil servants, members of the Armed Forces, temporary staff and government contractors generally. Its rigorous and consistent application also underpins national security vetting.
The personnel security controls described in this document must be applied to any individual who, in the course of their work, has access to government assets. Every effort must be made to complete the BPSS, but where it cannot be applied this must be risk-managed and the details recorded for audit purposes.
Government Security Group, Minimum Cyber Security Standard (2018)
This is a new minimum set of cyber security standards that government expects departments to adhere to and exceed wherever possible.
CPNI - Personnel Security Risk Assessment
This risk assessment is crucial in helping security and human resources (HR) managers, and other people involved in strategic risk decisions, communicate to senior managers the risks to which the organisation is exposed. This guidance aims to help risk management practitioners to:
- Conduct personnel security risk assessments in a robust and transparent way.
- Prioritise the insider risks to an organisation.
- Evaluate existing countermeasures and identify appropriate countermeasures to mitigate those risks.
- Allocate security resources (be they personnel, physical or information) in a way which is cost effective and proportionate to the risk posed.
Government Security Group, Government Security Roles & Responsibilities (2018)
This document establishes the protective security roles and responsibilities within departments and their organisations, to ensure a risked-based approach to security.
Government Security Group, Industrial Security Policies
- Industry Personnel Security Assurance: Policy and Guidance – Policy and Guidance for MOD Industry partners to apply for Industry Personnel Security Assurance (IPSA).
- Contractual Process: Placing Contracts or Releasing Assets – Government organisations who are placing contracts or releasing assets must ensure that appropriate protective security controls are in place to protect assets.
- Security Requirements for List X (FSC) Contractors – Guidance on maintaining security for List X (FSC) contractors.
- Industrial Security: Departmental Responsibilities – Guidance for departments and agencies on protecting classified information when working with contractors.
- Government Supplier Assurance Framework – This framework helps the government to manage supplier risk.
National Cyber Security Centre, Advice and Guidance
- Access Control
- Active Cyber Defence
- Artificial Intelligence
- Asset Management
- Bulk Data
- Configuration Management
- Critical National Infrastructure
- Cyber Attack
- Cyber Strategy
- Cyber Threat
- Incident Management
- NCSC for Start-Ups
- Operational Security
- Penetration Testing
- People-Centred Security
- Personal Data
- Remote Working
- Research & Academia
- Risk Management
- Secure Design & Development
- Security Architecture
- Security Monitoring Social Media
- Supply Chain
- Video Conferencing
National Security Vetting: Advice for people who are Being Vetted
This advice explains national security vetting and how the process works.
UKSV: Existing Clearance Holders including:
MoD and UKSV, NSV: Clearance Levels (2020)
List of national security vetting clearance levels with guidance on who needs it and what checks are completed.
Government Security Group, Government Security Classifications Policy (2018)
This policy describes how HM Government classifies information assets to: ensure they are appropriately protected; support Public Sector business and the effective exploitation of information; and meet the requirements of relevant legislation and international / bilateral agreements and obligations. It applies to all information that government collects, stores, processes, generates or shares to deliver services and conduct business, including information received from or exchanged with external partners.
Everyone who works with government has a duty to respect the confidentiality and integrity of any HMG information and data that they access, and is personally accountable for safeguarding assets in line with this policy.
HMG Personnel Security Controls - January 2022
This booklet describes the government’s personnel security and national security vetting policies and how the processes work including:
- why and in what circumstances personnel security and national security vetting controls may be applied
- the information you may be asked to provide about yourself, your partner, your family and other third parties, and the checks that may be made against it
- decision making criteria and avenues of appeal
A statement of HMG’s personnel security and vetting policy and set of frequently asked questions and answers can be found at the back of this booklet.