Hmg ias 1&2

Hello sir, I am Andrew Flintoff. I am from London. I want you to help me by providing me some information about the HMG Information Assurance Standard (IAS) No.1 & 2. Give me some details about it.

[Kiran Chandar]

HMG Information Assurance Standard No.1, typically abbreviated to IS1, is a security standard smeared to government computer systems in the UK.

It is used to measure – and suggest responses to – technical risks to the confidentiality, integrity and availability of government information.

The modelling method used in the standard is an adaptation of Domain Based Security.
In confidentiality terms, IS1 does not put on to information which is not protectively marked, but it may still be used to evaluate risks to the integrity and accessibility of such information

The UK Cabinet Office Security Policy Framework requires that all ICT systems that manage government information or that are connected to them are evaluated to identify technical risks.
IS1 is the standard method for doing this and was instructed by previous versions of the Security Policy Framework, but other methods may now be used.

The results of an IS1 assessment, and the responses to risks, should be recorded using HMG Information Assurance Standard No.2, generally shortened to IS2, which concerns risk management and the accreditation of government computer systems.

CESG provides IS1 risk assessment tools

Example

An HMG IS2 Full Accreditation Statement based on an HMG IS1 ITSHC (IT Security Health Check) by Deloitte and subsequent remediation by Recipero of its interface between Recipero's NMPR and the UK government's PNC, which are systems used to track mobile devices for law enforcement purposes was posted publicly.
A public HMG IS2 Full Accreditation Statement based on an actual ITSHC (by Deloitte in this case) puts the auditor's reputation on the line, in a way that a confidential statement does not.