| Standard id | Standard | Clasification |
|---|---|---|
| TRM.SRV.001 | Use Secured Hypertext Transfer Protocol (HTTPS) for access over Internet/ Intranet. | Mandatory |
| TRM.SRV.002 | Use Hypertext Markup Language (HTML5). | Mandatory |
| TRM.SRV.003 | Use Simple Mail Transfer Protocol (SMTP) as the standard protocol used for mail exchange amongst clients and servers. BCC has established the email systems for Government of Bangladesh officers and it is essential for all Government officers to leverage the infrastructure instead of using private email service providers considering information security. | Mandatory |
| TRM.SRV.004 | Support latest versions of widely adopted browser(s) including 1. Microsoft Edge 2. Chrome 3. FireFox 4. Safari 5. Opera etc. |
Mandatory |
| TRM.SRV.005 | The browser shall support security controls such as download Active Controls, Java permissions, cache deletion, disable cookies, HTTPS and TLS 1.3. | Recommended |
| TRM.SRV.006 | Provide multiple modes of accessing government services (e.g. IVR, USSD, kiosks and mobile phone). | Recommended |
| Standard id | Standard | Clasification |
|---|---|---|
| TRM.PLA.001 | Support virtualization technologies and allow multiple operating system instances concurrently on a single physical server. | Recommended |
| TRM.PLA.002 | Use High-end servers to support critical business operations. Use Low-end servers for simple non-critical business operations. | Recommended |
| TRM.PLA.003 | Use portable computers where possible to enhance mobility and productivity. | Recommended |
| TRM.PLA.004 | Ensure operating system is licensed. | Recommended |
| TRM.PLA.005 | Support fiber channel for concurrent communication among workstations, servers and other peripherals for Storage Area Network (SAN) and Direct Attached Storage (DAS). | Recommended |
| TRM.PLA.006 | Support Ethernet (IEEE 802.3) for NAS. | Recommended |
| TRM.PLA.007 | Support Network Data Management Protocol (NDMP) for controlling backup, recovery, and other transfers of data between primary and secondary storage for NAS. | Recommended |
| TRM.PLA.008 | Support Network File System (NFS) for distributed file system for NAS. | Recommended |
| TRM.PLA.009 | Support Internet Small Computer System Interface (iSCSI) to provide block-level access to remote devices for SAN. | Recommended |
| TRM.PLA.010 | Support Fiber Channel over TCP/IP (FCIP) for connecting remote FC SANs. | Recommended |
| TRM.PLA.011 | Support Desktop Management Interface (DMI) standards to collect information about a computer environment for desktop management. | Recommended |
| TRM.PLA.012 | Support Web-Based Enterprise Management (WBEM) to enable server management through web-enabled application. | Recommended |
| TRM.PLA.013 | Support Alert Standard Format (ASF) to define OS-absent alerting for preventive monitoring. | Recommended |
| TRM.PLA.014 | Support hardened operating system. | Recommended |
| TRM.PLA.015 | Support Trusted Platform Module (TPM) for authenticating mobile computing device. | Recommended |
| TRM.PLA.016 | Use SAN for enterprise storage solution. | Recommended |
| TRM.PLA.017 | Implement enterprise-wide backup solution. | Recommended |
| Standard id | Standard | Clasification |
|---|---|---|
| TRM.NW.001 | Use TCP/IP as standard network protocol for all government agencies. | Mandatory |
| TRM.NW.002 | All devices in LAN and WAN infrastructure shall support IPv6 standards (128 bits for addressing). | Recommended |
| TRM.NW.003 | Support Open Shortest Path First (OSPF, OSPF2, Multi-path OSPF) for core switch. | Recommended |
| TRM.NW.004 | Support Internet Protocol Security (IPSec) for secure exchange packets at IP layer and IKE (Internet Key Exchange) for key exchange. | Recommended |
| TRM.NW.005 | Support Secure Sockets Layer (SSLv3) for mutual authentication between a client and server. | Recommended |
| TRM.NW.006 | Support SSH for secure remote login, secure file transfer and secure TCP/IP and X11 forwarding. | Recommended |
| TRM.NW.007 | Support IEEE 802.11i to enhance 802.11 Medium Access Control (MAC) for higher security and authentication mechanisms. | Recommended |
| TRM.NW.008 | Certified to Common Criteria EAL-4 (Evaluation Assurance Level) for firewall. | Recommended |
| TRM.NW.009 | Authenticate using multi factor authentication methods. | Recommended |
| TRM.NW.010 | Support Multi-Protocol Label Switching (MPLS). | Mandatory |
| TRM.NW.011 | Support ITU suite of standards for audio, video and graphical communications. | Recommended |
| TRM.NW.012 | Support any of the following: (a) IEEE 802.3u-100Base T (for Fast Ethernet over twisted pair cables) (b) IEEE 802.3u-100BaseFx (for fast Ethernet over optical fibre) (c) IEEE 802.3ab (1 Gbps over Cat5e/6 cabling system) (d) IEEE 802.3z (for Gigabit Ethernet over fibre and cable). |
Mandatory |
| TRM.NW.013 | Support Dynamic Host Configuration Protocol (DHCP) for dynamic IP addresses assignment to devices. | Mandatory |
| TRM.NW.014 | Support IEEE 802.1w (Rapid Spanning Tree Protocol) to provide rapid reconfiguration capability. | Recommended |
| TRM.NW.015 | Support IEEE 802.3ad for link aggregation for edge switch. | Recommended |
| TRM.NW.016 | Support IEEE 802.3x to define full duplex operation and flow control on 100Mbps Ethernet network for edge switch. | Recommended |
| TRM.NW.017 | Support Virtual Router Redundancy Protocol (VRRP) to eliminate the single point of failure inherent in the static default routed environment for core switch. | Recommended |
| TRM.NW.018 | Support Differentiated Service (DiffServ) to provide QoS to the traffic for core switch. | Recommended |
| TRM.NW.019 | Support IEEE 802.1q for Virtual LAN (VLAN). | Recommended |
| TRM.NW.020 | Support 1000Base-LH (Long Haul) to provide gigabit speed over distance between 70 and 100km. | Recommended |
| TRM.NW.021 | Support IEEE802.3af for edge switches supporting devices which require twisted pair cables (e.g. IP Phone Clients and wireless LAN access points). | Recommended |
| TRM.NW.022 | Support IEEE 802.3ae to support operating speed of 10Gbps Ethernet over fiber for core switch. | Recommended |
| TRM.NW.023 | Use Unshielded Twisted Pair (UTP) Category 6 for Structured Cabling System based on ANSI/TIA/EIA-568-B.2-1. | Recommended |
| TRM.NW.024 | Use fiber cables to interconnect network devices and backbone connections for Structured Cabling system as described by TIA/EIA 568. Multimode fiber is used for short distance transmissions with LED based fiber optic equipment. Single-mode fiber is used for long distance transmissions with laser diode based fiber optic transmission equipment. Physical layer standards for optical fiber are: (a) Support 1000Base-SX (short wavelength laser) to provide gigabit speed over maximum distance of 220m (for 62.5 micron multimode fiber) and 550m (for 50 micron multimode fiber). (b) Support 1000Base-LX (long wavelength laser) to provide gigabit speed over maximum distance of 550m (for 50 and 62.5 micron multimode fiber) up to five km single mode with 9 micron fiber |
Recommended |
| TRM.NW.025 | Use Commercial Building Telecommunications Cabling Standard 2001 based on ANSI/TIA/EIA 568-B. | Recommended |
| TRM.NW.026 | Use Generic Cabling for Customer Premises (International Standards) 2002 based on ISO/IEC 11801. | Recommended |
| TRM.NW.027 | Use Generic Cabling Systems (CENELEC Standards) 2002 based on EN 50173. | Recommended |
| TRM.NW.028 | Use Generic Universal Cabling Infrastructure with support voice and data applications based on ISO/IEC 11801, ISO/IEC 11801, 14763-1, 14763-2, 14763-3, IEC 61935-1, TIA/EIA 568-B, EN50173, TIA/EIA 606-A, IEC332-1 | Recommended |
| TRM.NW.029 | Use Commercial Building Standard for Telecommunications Pathways and Spaces 2004. | Recommended |
| TRM.NW.030 | Build and install cables based on ISO/IEC 18010 standards of Information Technology - Pathways and Spaces for Customer Premises Cabling. | Recommended |
| TRM.NW.031 | Test cables after installation based on TIA/ EIA-568-B and IEC 61935 standards. | Recommended |
| TRM.NW.032 | Support Class 1 or Class 3 (excluding Class 3B) laser for FSO. | Recommended |
| TRM.NW.033 | Implement WLAN that supports any of the following standards: (a) Wi-Fi Protected Access (WPA) (b) WPA2 (c) Advanced Encryption Standard (AES) (d) Mobile Virtual Private Networks (VPNs). |
Mandatory |
| TRM.NW.034 | Support IEEE 802.11a for 54 Mbps high speed wireless LAN and 5 GHz range. | Recommended |
| TRM.NW.035 | Support IEEE 802.11g for 54 Mbps high speed wireless LAN and 2.4 GHz range. | Recommended |
| TRM.NW.036 | Support IEEE 802.11n for 54 Mbps high speed wireless LAN up to 600 Mbps (with 2.4 GHz and 5 GHz range). | Recommended |
| TRM.NW.037 | Support H.323 for converting between voice and data transmission formats and for managing connections between telephony endpoint and Real-Time Transport Protocol (RTP). | Recommended |
| TRM.NW.038 | Support H.248 for controlling media gateways on Internet Protocol (IP) network and Public Switched Telephone Network (PSTN). | Recommended |
| TRM.NW.039 | Support RTP for end-to-end network transmission of real-time data, such as audio, video or simulation data, over multicast or unicast network services. | Recommended |
| TRM.NW.040 | Support Real Time Streaming Protocol (RTSP) for control over the delivery of data with real-time properties. | Recommended |
| TRM.NW.041 | Support H.264 for compression algorithm and optimization for lower data rates. | Recommended |
| TRM.NW.042 | Use Session Initiation Protocol (SIP) to manage IP telephony sessions. SIP is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. | Recommended |
| TRM.NW.043 | Use Simple Network Management Protocol (SNMP) v2 and above as the main management protocol suite. | Recommended |
| TRM.NW.044 | Use IP Telephony where possible. | Recommended |
| TRM.NW.045 | Use video conferencing system for collaboration where possible. | Recommended |
| TRM.NW.046 | Use network management tools to manage LAN. | Recommended |
| Standard id | Standard | Clasification |
|---|---|---|
| TRM.DC.001 | Design data center in accordance to TIA 942 standards. | Recommended |
| TRM.DC.002 | Design data center with ample space for expansion to meet the growing demands. Locate the data center at a physically safe area. | Recommended |
| TRM.DC.003 | Implement 24/7 physical security monitoring through CCTV Surveillance Monitoring (e.g. Closed-circuit television (CCTV) /Automated Security Intrusion Alarm/Biometric/Motion Detector) with minimally an intrusion response exercise annually. | Recommended |
| TRM.DC.004 | Standardize use of 19-inch 42U racks which aids better cabling management and for cold/ hot air aisle efficiency. All racks should have perforated doors for front and back for front-in and back-out cross-air movement. | Mandatory |
| TRM.DC.005 | Install man-trap access to computer room as an additional barrier to prevent unauthorized access to the computer room. | Recommended |
| TRM.DC.006 | Conduct a risk assessment before building or implementing a data center. Implement appropriate controls to mitigate identified risks. | Mandatory |
| TRM.DC.007 | Separate the location of disaster recovery site from the primary data center. | Mandatory |
| TRM.DC.008 | Ensure smoke detection and fire suppression systems are in place and tested on periodic basis. | Mandatory |
| TRM.DC.009 | Design data center with ample space for growth. | Recommended |
| TRM.DC.010 | Locate the data center at a physically safe area. | Recommended |
| TRM.DC.011 | Use Fibre Optic Cable (FOC) for backbone cabling. | Recommended |
| TRM.DC.012 | Design and operate at minimum Tier II and where possible to have Tier III data center or higher. | Recommended |
| TRM.DC.013 | Carry out a detailed capacity requirements study for space, power and cooling. | Recommended |
| TRM.DC.014 | Implement “hot” and “cold” aisle setup for effective cooling. | Recommended |
| Standard id | Standard | Clasification |
|---|---|---|
| TRM.CLO.001 | Follow RFC 5246 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) | Recommended |
| TRM.CLO.002 | Follow RFC 3820: X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile | Recommended |
| TRM.CLO.003 | Follow RFC5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile | Recommended |
| TRM.CLO.004 | Follow RFC 5849 OAuth (Open Authorization Protocol) | Recommended |
| TRM.CLO.005 | ISO/IEC 9594-8:2008 | X.509 Information technology -- Open Systems Interconnection -- The Directory: Publickey and attribute certificate frameworks | Recommended |
| TRM.CLO.006 | Follow ISO/IEC 29115 | X.1254 Information technology - Security techniques -- Entity authentication assurance framework | Recommended |
| TRM.CLO.007 | Follow OpenID Authentication | Recommended |
| TRM.CLO.008 | Follow eXtensible Access Control Markup Language (XACML) | Recommended |
| TRM.CLO.009 | Follow Security Assertion Markup Language (SAML) | Recommended |
| TRM.CLO.010 | Follow Key Management Interoperability Protocol (KMIP) | Recommended |
| TRM.CLO.011 | Follow XML Encryption Syntax and Processing | Recommended |
| TRM.CLO.012 | Follow XML signature (XMLDSig) | Recommended |
| TRM.CLO.013 | Follow Service Provisioning Markup Language (SPML) | Recommended |
| TRM.CLO.014 | Follow Web Services Federation Language (WSFederation) Version 1.2 | Recommended |
| TRM.CLO.015 | Follow WS-Trust 1.3 | Recommended |
| TRM.CLO.016 | Follow OpenID Authentication 1. | Recommended |
| TRM.CLO.017 | Follow ISO/IEC WD 27035-1 Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management | Recommended |
| TRM.CLO.018 | Follow ISO/IEC WD 27035-3 Information technology -- Security techniques -- Information security incident management -- Part 3: Guidelines for CSIRT operations | Recommended |
| TRM.CLO.019 | Follow ISO/IEC WD 27039; Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems | Recommended |
| TRM.CLO.020 | ISO/IEC 18180 Information technology - Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 (NIST IR 7275) | Recommended |
| TRM.CLO.021 | Follow X.1500 Cybersecurity information exchange techniques | Recommended |
| TRM.CLO.022 | Follow X.1520: Common vulnerabilities and exposures | Recommended |
| TRM.CLO.023 | Follow X.1521 Common Vulnerability Scoring System | Recommended |
| TRM.CLO.024 | Follow PCI Data Security Standard | Recommended |
| TRM.CLO.025 | Follow Cloud Controls Matrix Version 1.3 | Recommended |
| TRM.CLO.026 | Follow ISO/IEC 27001:2005 Information Technology - Security Techniques Information Security Management Systems Requirements | Recommended |
| TRM.CLO.027 | Follow ISO/IEC WD TS 27017 Information technology -- Security techniques -- Information security management - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002 | Recommended |
| TRM.CLO.028 | Follow ISO/IEC 27018 Code of Practice for Data Protection Controls for Public Cloud Computing Services | Recommended |
| TRM.CLO.029 | Follow ISO/IEC 1st WD 27036-4 Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services | Recommended |
| TRM.CLO.030 | Follow ISO/IEC 27002 Code of practice for information security management | Recommended |
| TRM.CLO.031 | Follow eXtensible Access Control Markup Language (XACML) | Recommended |
| TRM.CLO.032 | Follow ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management | Recommended |
| TRM.CLO.033 | Follow IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP) | Recommended |
| TRM.CLO.034 | Follow IEEE P2302, Draft Standard for Intercloud Interoperability and Federation (SIIF) | Recommended |
| TRM.CLO.035 | Follow Y.3520 Cloud computing framework for end to end resource management (ITU) | Recommended |
| TRM.CLO.036 | Follow OASIS Cloud Application Management Platform (CAMP) | Recommended |
| TRM.CLO.037 | Follow OASIS Topology and Orchestration Specification or Cloud Applications (TOSCA),Version 1.0 Committee Specification Draft 06 / Public Review Draft 01 | Recommended |
| TRM.CLO.038 | Follow Open Cloud Computing Interface (OCCI) | Recommended |
| Standard id | Standard | Clasification |
|---|---|---|
| TRM.ROB.001 | Follow ISO 9787 to specify robot coordinate systems, nomenclature, including notations, for the basic robot motions. This specification is intended to aid in robot alignment, testing and programming. | Mandatory |
| TRM.ROB.002 | To assist users and manufacturers in the understanding and comparison of various types of robots, follow ISO 9946. It covers topics such as safety, performance criteria and related testing methods, coordinate systems, terminology and mechanical interfaces. | Mandatory |
| TRM.ROB.003 | Follow ISO 13482 for specification of requirements and guidelines for the inherently safe design, protective measures and information for use of personal care robots. | Mandatory |
| TRM.ROB.004 | For specification of requirements and guidelines for the inherent safe design, protective measures and information for use of industrial robots, follow ISO 10218. | Mandatory |