Skip to content
Text Size
Contrast

Standards

Principle

In accordance with CPS Architectural Principle 22, all CPS information technology will comply with open standards where applicable.

Content scanning, sanitisation and remediation.

HTTP content offload and scanning RFC3507

Identity and Access Management (IAM / IDAM)

User identity

Provide identity and access management
Azure Active Directory (Azure AD)
Consumer identity and access management
Azure Active Directory External Identities
Join virtual machines in Azure to a domain
Azure Active Directory Domain Services

Service to Service Authentication

Azure Managed Identity

AWS IAM

Authentication against Azure AD

  • OpenID Connect

Other authentication requirements

  • AML 2.0
  • OpenID Connect
  • OAuth 2.0
  • WS-Federation

Standards for Containers for Code Execution

Standard
Open container initiative

Simple Mail Transfer Protocol based Email

Email Security

DomainKeys Identified Mail RFC6376

Domain-based Message A, R and C RFC7489

Sender Policy Framework RFC7208

MTA Strict Transport Security RFC8461

DNS Authentication of Named Entities RFC7671

Simple Mail Transfer Protocol RFC5321

Transport Layer Security Protocol V1.2 RFC5246

Transport Layer Security Protocol V1.3 RFC8446

Email Structure

MIME Part One RFC2045

MIME Part Two RFC2046

MIME Part Three RFC2047

MIME PVEWE RFC2231

Internet Message Format RFC5322

Security

Transport Layer Security Protocol V1.2 RFC5246

Transport Layer Security Protocol V1.3 RFC8446

Advanced Encryption Standard FIPS197

Scanning and Filtering

ICAP (Internet Content Adaption Protocol) RFC3507

This is a protocol providing simple object-based content vectoring for HTTP services. ICAP is, in essence, a lightweight protocol for executing a "remote procedure call" on HTTP messages. It allows ICAP clients to pass HTTP messages to ICAP servers for some sort of transformation or other processing ("adaptation"). The server executes its transformation service on messages and sends back responses to the client, usually with modified messages. Typically, the adapted messages are either HTTP requests or HTTP responses.

Work in Progress!

This site is a work in progress and any opinions contained here are intended to spark discussion within each discipline's community of practice.

Last update: 2023-06-27
Created: 2023-06-27