New technical network policies cover network routing, domain name servers and email
The Government Digital Service (GDS) has laid out a set of technical network policies aimed at preserving security standards while giving organisations some flexibility in combining external services with the use of the Public Services Network (PSN).
The policies cover network routing, domain name servers (DNS) and email, and have been developed with the Technology Leaders Network, which represents government departments and devolved administrations, as “high level” guidance.
The objectives are to provide scope for the use of cloud email services that meet government security standards, and to allow government DNS records – the mapping files that associate a domain name with a specific IP address – to be hosted outside the PSN.
In addition, the policy is designed to ensure the PSN operates as a single network for information rated as OFFICIAL under the Government Security Classification Policy. This covers information for routine business that, if it goes astray, could have damaging consequences but would not cause a heightened threat.
This has influenced one of the guidelines, that organisations should enable routing between government networks carrying OFFICIAL data.
Another is that IP addresses that are reachable via the PSN, and information stored in a DNS about them, should be classified as OFFICIAL, and organisations should ensure the records are properly protected.
Thirdly, any central government email going outside the PSN should be encrypted in transit, and the organisations should have a technical and business policy to ensure senders and recipients of government email can be verified.
There is no specific timeframe for the implementation of the policies, suggesting that their immediate impact will be limited, but they are expected to be used in future planning.
“The agreed policies aim to create a simpler, clearer mechanism for managing network services in government,” the GDS said in its announcement. “The intention is not to force compliance to a new regime but rather to create the freedom to meet current and future demands.”