Skip to content.
|Networking government in New Zealand.
You are here: Home » Services » NIIP » National information infrastructure protection - Internet

National information infrastructure protection - Internet

Internet Security Standards

A full copy of the Minimum Internet Security document may be obtained from http://www.security.govt.nz.

Background

On 8 December 2000, the E-government Unit of the State Services Commission reported to the Minister of State Services on 'Protecting New Zealand’s Infrastructure From Cyber-Threats' and its recommendations were accepted. One recommendation from that report was:

(That Ministers) Through the State Services Commission, direct government agencies to adopt specified appropriate IT security standards.

In February 2001, the State Services Commissioner invited the Government Communication Security Bureau (GCSB) to establish how the recommendation could be implemented. GCSB consulted with 17 agencies that comprise the government’s Interdepartmental Committee on Computer Security (DCCS), developed and presented the Commission with a draft set of standards.

A consultation period was held with presentations having been made to the E-government Agency Leaders Network and Chief Information Officers Forum. The draft standard was posted on the E-government web site. Responses received have been reviewed and included. The Internet Security Standard has been finalised with GCSB taking on the sponsor and custodian roles for the new standards. The Department of The Prime Minister and Cabinet has accepted the Standard into its 'Security in Government Departments' (SIGD) publication. This document has recently been revised and reissued as 'Security in the Government Sector' (SIGS).

The Standards that have been developed:

  • Do NOT encompass all aspects of Confidentiality, Integrity, or Availability – as many aspects are addressed in other documents;
  • Are based on readily available standards that are in public domain – there is a desire not to re-invent standards that are already adequately established;
    • Cover five key areas –
    • Management Standards
    • Internet Gateway Standards
    • Internet Server Configuration
    • Malware Protection
  • Incident Detection And Handling
  • Comprise 12 standards (3 are mandated, 9 are for guidance); and
  • Constitute minimum requirements for Internet connectivity.