Service management

Standard id Standard Clasification
TRM.SRV.001 Use Hypertext Transfer Protocol (HTTP) or Secured Hypertext Transfer Protocol (HTTPS) for access over Internet/ Intranet. Mandatory
TRM.SRV.002 Use Hypertext Markup Language (HTML). Mandatory
TRM.SRV.003 Use Extensible Hypertext Markup language (XHTML) as the markup language for creating web applications wherever possible.
XHTML is a family of XML markup languages that mirror or extend versions of the existing widely used Hypertext Markup Language (HTML). The only essential difference between XHTML and HTML is that XHTML must be well formed XML while HTML does not impose strict XML compliance.
Recommended
TRM.SRV.004 Use Simple Mail Transfer Protocol (SMTP) as the standard protocol used for mail exchange amongst clients and servers. BCC has established the email systems for Government of Bangladesh officers and it is essential for all Government officers to leverage the infrastructure instead of using private email service providers considering information security. Mandatory
TRM.SRV.005 Use Hypertext Transfer Protocol Secure (HTTPS) for transactions that need to be secured over the Internet. Avoid use of transactional e-services unless these e-services are authenticated and encrypted.
http://w3.org/TR/xhtm
Mandatory
TRM.SRV.006 Use Wireless Access Protocol (WAP) as the mobile Internet technology which allows mobile phone access to Internet sites. WAP is an open international standard for application layer network communications in a wireless communication environment. Its main use is to enable access to Mobile Web from a mobile phone or PDA. Recommended
TRM.SRV.007 Use Wireless Transport Layer Security (WTLS) for micro browsers. Recommended
TRM.SRV.008 There is no technical standard for compliance. N.A.
TRM.SRV.009 There is no technical standard for compliance. N.A.
TRM.SRV.010 There is no technical standard for compliance. N.A.
TRM.SRV.011 Support latest versions of widely adopted browser(s) including
Internet Explorer (IE) - version 6
Chrome
FireFox
Safari
Opera etc.
Mandatory
TRM.SRV.012 The browser shall support security controls such as download Active Controls, Java permissions, cache deletion, disable cookies, HTTPS and SSL. Recommended
TRM.SRV.013 Provide multiple modes of accessing government services (e.g. kiosks and mobile phone). Recommended
TRM.SRV.014 Implement IVR system as an alternative to Browser for access to government services. Recommended

Platforms

Standard id Standard Clasification
TRM.PLA.001 There is no technical standard for compliance. Use rack-optimised server for efficient space management. N.A.
TRM.PLA.002 Use High-end servers to support critical business operations. Use Low-end servers for simple non-critical business operations. Recommended
TRM.PLA.003 Support virtualisation technologies and allow multiple operating system instances concurrently on a single physical server. Recommended
TRM.PLA.004 There is no technical standard for compliance. N.A.
TRM.PLA.005 Use portable computers where possible to enhance mobility and productivity. Recommended
TRM.PLA.006 Ensure operating system is certified and designed to run under the vendor hardware platform. Please refer to the enterprise licensing agreement for client operating system established by ITA for agencies. Recommended
TRM.PLA.007 There is no technical standard for compliance. N.A.
TRM.PLA.008 Support fibre channel for concurrent communication among workstations, servers and other peripherals for Storage Area Network (SAN) and Direct Attached Storage (DAS). Recommended
TRM.PLA.009 Support Ethernet (IEEE 802.3) for NAS. Recommended
TRM.PLA.010 Support Common Internet File System (CIFS) for file sharing for NAS. Recommended
TRM.PLA.011 Support Network Data Management Protocol (NDMP) for controlling backup, recovery, and other transfers of data between primary and secondary storage for NAS. Recommended
TRM.PLA.012 Support Network File System (NFS) for distributed file system for NAS. Recommended
TRM.PLA.013 Support Internet Small Computer System Interface (iSCSI) to provide block-level access to remote devices for SAN. Recommended
TRM.PLA.014 Support Fibre Channel over TCP/IP (FCIP) for connecting remote FC SANs. Recommended
TRM.PLA.015 There is no technical standard for compliance. Please refer to Architecture Design Considerations or Best Practices for more information. N.A.
TRM.PLA.016 Support Directory Enabled Networking (DEN) to map service and policy to directory. Recommended
TRM.PLA.017 Support Desktop Management Interface (DMI) standards to collect information about a computer environment for desktop management. Recommended
TRM.PLA.018 Support Web-Based Enterprise Management (WBEM) to enable server management through web-enabled application. Recommended
TRM.PLA.019 Support Alert Standard Format (ASF) to define OS-absent alerting for preventive monitoring. Recommended
TRM.PLA.020 Support hardened operating system. Recommended
TRM.PLA.021 Support Trusted Platform Module (TPM) for authenticating mobile computing device. Recommended
TRM.PLA.022 Use SAN for enterprise storage solution. Please refer to Paragraph 4.6.4(a) for SAN solution guidance. Recommended
TRM.PLA.023 Implement enterprise-wide backup solution. Please refer to Paragraph 4.6.4(a) for backup solution guidance. Recommended

Networks

Standard id Standard Clasification
TRM.NW.001 Use TCP/IP as standard network protocol for all government agencies. Mandatory
TRM.NW.002 All devices in LAN and WAN infrastructure shall support IPv6 standards (128 bits for addressing). Recommended
TRM.NW.003 Support Open Shortest Path First (OSPF, OSPF2, Multi-path OSPF) for core switch. Recommended
TRM.NW.004 Support Internet Protocol Security (IPSec) for secure exchange packets at IP layer and IKE (Internet Key Exchange) for key exchange. Recommended
TRM.NW.005 Support Secure Sockets Layer (SSLv3) for mutual authentication between a client and server. Recommended
TRM.NW.006 Support SSH for secure remote login, secure file transfer and secure TCP/IP and X11 forwarding. Recommended
TRM.NW.007 Support IEEE 802.11i to enhance 802.11 Medium Access Control (MAC) for higher security and authentication mechanisms. Recommended
TRM.NW.008 Certified to Common Criteria EAL-4 (Evaluation Assurance Level) for firewall. Recommended
TRM.NW.009 Authenticate using two factor authentication methods such as Token or One-time Password (RFC 2289). Recommended
TRM.NW.010 Support Multi-Protocol Label Switching (MPLS). Mandatory
TRM.NW.011 Support H.320 for audio, video and graphical communications. Recommended
TRM.NW.012 Support any of the following:
(a) IEEE 802.3u-100Base T (for Fast
Ethernet over twisted pair cables)
(b) IEEE 802.3u-100BaseFx (for fast Ethernet over optical fibre)
(c) IEEE 802.3ab (1 Gbps over Cat5e/6 cabling system)
(d) IEEE 802.3z (for Gigabit Ethernet over fibre and cable).
Mandatory
TRM.NW.013 Support Dynamic Host Configuration Protocol (DHCP) for dynamic IP addresses assignment to devices. Mandatory
TRM.NW.014 Support IEEE 802.1w (Rapid Spanning Tree Protocol) to provide rapid reconfiguration capability. Recommended
TRM.NW.015 Support IEEE 802.3ad for link aggregation for edge switch. Recommended
TRM.NW.016 Support IEEE 802.3x to define full duplex operation and flow control on 100Mbps Ethernet network for edge switch. Recommended
TRM.NW.017 Support Virtual Router Redundancy Protocol (VRRP) to eliminate the single point of failure inherent in the static default routed environment for core switch. Recommended
TRM.NW.018 Support Differentiated Service (DiffServ) to provide QoS to the traffic for core switch. Recommended
TRM.NW.019 Support IEEE 802.1q for Virtual LAN (VLAN). Recommended
TRM.NW.020 Support 1000Base-LH (Long Haul) to provide gigabit speed over distance between 70 and 100km. Recommended
TRM.NW.021 Support IEEE802.3af for edge switches supporting devices which require twisted pair cables (e.g. IP Phone Clients and wireless LAN access points). Recommended
TRM.NW.022 Support IEEE 802.3ae to support operating speed of 10Gbps Ethernet over fibre for core switch. Recommended
TRM.NW.023 Use Unshielded Twisted Pair (UTP) Category 6 for Structured Cabling System based on ANSI/TIA/EIA-568-B.2-1. Recommended
TRM.NW.024 Use fibre cables to interconnect network devices and backbone connections for Structured Cabling system as described by TIA/EIA 568. Multimode fibre is used for short distance transmissions with LED based fibre optic equipment. Single-mode fibre is used for long distance transmissions with laser diode based fibre optic transmission equipment.
Physical layer standards for optical fibre are:
(a) Support 1000Base-SX (short wavelength laser) to provide gigabit speed over maximum distance of 220m (for 62.5 micron multimode fibre) and 550m (for 50 micron multimode fibre).
(b) Support 1000Base-LX (long wavelength laser) to provide gigabit speed over maximum distance of 550m (for 50 and 62.5 micron multimode fibre). upto five km single mode with 9 micron fibre
Recommended
TRM.NW.025 Use Commercial Building Telecommunications Cabling Standard 2001 based on ANSI/TIA/EIA 568-B. Recommended
TRM.NW.026 Use Generic Cabling for Customer Premises (International Standards) 2002 based on ISO/IEC 11801. Recommended
TRM.NW.027 Use Generic Cabling Systems (CENELEC Standards) 2002 based on EN 50173. Recommended
TRM.NW.028 Use Generic Universal Cabling Infrastructure with support voice and data applications based on ISO/IEC 11801, ISO/IEC 11801, 14763-1, 14763-2, 14763-3, IEC 61935-1, TIA/EIA 568-B, EN50173, TIA/EIA 606-A, IEC332-1 Recommended
TRM.NW.029 Use Commercial Building Standard for Telecommunications Pathways and Spaces 2004. Recommended
TRM.NW.030 Build and install cables based on ISO/IEC 18010 standards of Information Technology - Pathways and Spaces for Customer Premises Cabling. Recommended
TRM.NW.031 Test cables after installation based on TIA/ EIA-568-B and IEC 61935 standards. Recommended
TRM.NW.032 Support Class 1 or Class 3 (excluding Class 3B) laser for FSO. Recommended
TRM.NW.033 Implement WLAN that supports any of the following standards:
(a) Wi-Fi Protected Access (WPA)
(b) WPA2
(c) Advanced Encryption Standard (AES)
(d) Mobile Virtual Private Networks (VPNs).
Mandatory
TRM.NW.034 Support IEEE 802.11a for 54 Mbps high speed wireless LAN and 5 GHz range. Recommended
TRM.NW.035 Support IEEE 802.11g for 54 Mbps high speed wireless LAN and 2.4 GHz range. Recommended
TRM.NW.036 Support IEEE 802.11n for 54 Mbps high speed wireless LAN up to 600 Mbps (with 2.4 GHz and 5 GHz range). Recommended
TRM.NW.037 Support H.323 for converting between voice and data transmission formats and for managing connections between telephony endpoint and Real-Time Transport Protocol (RTP). Recommended
TRM.NW.038 Support H.248 for controlling media gateways on Internet Protocol (IP) network and Public Switched Telephone Network (PSTN). Recommended
TRM.NW.039 Support RTP for end-to-end network transmission of real-time data, such as audio, video or simulation data, over multicast or unicast network services. Recommended
TRM.NW.040 Support Real Time Streaming Protocol (RTSP) for control over the delivery of data with real-time properties. Recommended
TRM.NW.041 Support H.263 for compression algorithm and optimization for lower data rates. Recommended
TRM.NW.042 Use Session Initiation Protocol (SIP) to manage IP telephony sessions. SIP is an application-layer control (signalling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. Recommended
TRM.NW.043 Use Simple Network Management Protocol (SNMP) v2 and above as the main management protocol suite. Recommended
TRM.NW.044 Use IP Telephony where possible. Recommended
TRM.NW.045 Use video conferencing system for collaboration where possible. Recommended
TRM.NW.046 Use network management tools to manage LAN. Recommended

Data center

Standard id Standard Clasification
TRM.DC.001 Design data center in accordance to TIA 942 standards. Recommended
TRM.DC.002 Design data center with ample space for expansion to meet the growing demands. Locate the data center at a physically safe area. Recommended
TRM.DC.003 Implement 24/7 physical security monitoring through CCTV Surveillance Monitoring (e.g. Closed-circuit television (CCTV) /Automated Security Intrusion Alarm/Biometric/Motion Detector) with minimally an intrusion response exercise annually. Recommended
TRM.DC.004 Standardize use of 19-inch 42U racks which aids better cabling management and for cold/ hot air aisle efficiency. All racks should have perforated doors for front and back for front-in and back-out cross-air movement. Mandatory
TRM.DC.005 Install man-trap access to computer room as an additional barrier to prevent unauthorized access to the computer room. Recommended
TRM.DC.006 Conduct a risk assessment before building or implementing a data center. Implement appropriate controls to mitigate identified risks. Mandatory
TRM.DC.007 Separate the location of disaster recovery site from the primary data center. Mandatory
TRM.DC.008 Ensure smoke detection and fire suppression systems are in place and tested on periodic basis. Mandatory
TRM.DC.009 Design data center with ample space for growth. Recommended
TRM.DC.010 Locate the data center at a physically safe area. Recommended
TRM.DC.011 Use Fibre Optic Cable (FOC) for backbone cabling. Recommended
TRM.DC.012 Use Category 6 for horizontal cabling. Recommended
TRM.DC.013 Design and operate at minimum Tier II and where possible to have Tier III data center or higher. Recommended
TRM.DC.014 Carry out a detailed capacity requirements study for space, power and cooling. Recommended
TRM.DC.015 Implement “hot” and “cold” aisle setup for effective cooling. Recommended

Cloud

Standard id Standard Clasification
TRM.CLO.001 RFC 5246 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Recommended
TRM.CLO.002 RFC 3820: X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile Recommended
TRM.CLO.003 RFC5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Recommended
TRM.CLO.004 RFC 5849 OAuth (Open Authorization Protocol) Recommended
TRM.CLO.005 ISO/IEC 9594-8:2008 | X.509 Information technology -- Open Systems Interconnection -- The Directory: Publickey and attribute certificate frameworks Recommended
TRM.CLO.006 ISO/IEC 29115 | X.1254 Information technology - Security techniques -- Entity authentication assurance framework Recommended
TRM.CLO.007 OpenID Authentication Recommended
TRM.CLO.008 eXtensible Access Control Markup Language (XACML) Recommended
TRM.CLO.009 Security Assertion Markup Language (SAML) Recommended
TRM.CLO.010 RFC 5246 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Recommended
TRM.CLO.011 Key Management Interoperability Protocol (KMIP) Recommended
TRM.CLO.012 XML Encryption Syntax and Processing Recommended
TRM.CLO.013 XML signature (XMLDSig) Recommended
TRM.CLO.014 Service Provisioning Markup Language (SPML) Recommended
TRM.CLO.015 Web Services Federation Language (WSFederation) Version 1.2 Recommended
TRM.CLO.016 WS-Trust 1.3 Recommended
TRM.CLO.017 Security Assertion Markup Language (SAML) Recommended
TRM.CLO.018 OpenID Authentication 1. Recommended
TRM.CLO.019 ISO/IEC WD 27035-1 Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management Recommended
TRM.CLO.020 ISO/IEC WD 27035-3 Information technology -- Security techniques -- Information security incident management -- Part 3: Guidelines for CSIRT operations Recommended
TRM.CLO.021 ISO/IEC WD 27039; Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems Recommended
TRM.CLO.022 ISO/IEC 18180 Information technology - Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 (NIST IR 7275) Recommended
TRM.CLO.023 X.1500 Cybersecurity information exchange techniques Recommended
TRM.CLO.024 X.1520: Common vulnerabilities and exposures Recommended
TRM.CLO.025 X.1521 Common Vulnerability Scoring System Recommended
TRM.CLO.026 PCI Data Security Standard Recommended
TRM.CLO.027 Cloud Controls Matrix Version 1.3 Recommended
TRM.CLO.028 ISO/IEC 27001:2005 Information Technology - Security Techniques Information Security Management Systems Requirements Recommended
TRM.CLO.029 ISO/IEC WD TS 27017 Information technology -- Security techniques -- Information security management - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002 Recommended
TRM.CLO.030 ISO/IEC 27018 Code of Practice for Data Protection Controls for Public Cloud Computing Services Recommended
TRM.CLO.031 ISO/IEC 1st WD 27036-4 Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services Recommended
TRM.CLO.032 ISO/IEC 27002 Code of practice for information security management Recommended
TRM.CLO.033 eXtensible Access Control Markup Language (XACML) Recommended
TRM.CLO.034 ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management Recommended
TRM.CLO.035 IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP) Recommended
TRM.CLO.036 IEEE P2302, Draft Standard for Intercloud Interoperability and Federation (SIIF) Recommended
TRM.CLO.037 Y.3520 Cloud computing framework for end to end resource management (ITU) Recommended
TRM.CLO.038 OASIS Cloud Application Management Platform (CAMP) Recommended
TRM.CLO.039 OASIS Topology and Orchestration Specification or Cloud Applications (TOSCA),Version 1.0 Committee Specification Draft 06 / Public Review Draft 01 Recommended
TRM.CLO.040 Open Cloud Computing Interface (OCCI) Recommended