Service management

Standard id Standard Clasification
TRM.SRV.001 Use Secured Hypertext Transfer Protocol (HTTPS) for access over Internet/ Intranet. Mandatory
TRM.SRV.002 Use Hypertext Markup Language (HTML5). Mandatory
TRM.SRV.003 Use Simple Mail Transfer Protocol (SMTP) as the standard protocol used for mail exchange amongst clients and servers. BCC has established the email systems for Government of Bangladesh officers and it is essential for all Government officers to leverage the infrastructure instead of using private email service providers considering information security. Mandatory
TRM.SRV.004 Support latest versions of widely adopted browser(s) including
1. Microsoft Edge
2. Chrome
3. FireFox
4. Safari
5. Opera etc.
TRM.SRV.005 The browser shall support security controls such as download Active Controls, Java permissions, cache deletion, disable cookies, HTTPS and TLS 1.3. Recommended
TRM.SRV.006 Provide multiple modes of accessing government services (e.g. IVR, USSD, kiosks and mobile phone). Recommended


Standard id Standard Clasification
TRM.PLA.001 Support virtualization technologies and allow multiple operating system instances concurrently on a single physical server. Recommended
TRM.PLA.002 Use High-end servers to support critical business operations. Use Low-end servers for simple non-critical business operations. Recommended
TRM.PLA.003 Use portable computers where possible to enhance mobility and productivity. Recommended
TRM.PLA.004 Ensure operating system is licensed. Recommended
TRM.PLA.005 Support fiber channel for concurrent communication among workstations, servers and other peripherals for Storage Area Network (SAN) and Direct Attached Storage (DAS). Recommended
TRM.PLA.006 Support Ethernet (IEEE 802.3) for NAS. Recommended
TRM.PLA.007 Support Network Data Management Protocol (NDMP) for controlling backup, recovery, and other transfers of data between primary and secondary storage for NAS. Recommended
TRM.PLA.008 Support Network File System (NFS) for distributed file system for NAS. Recommended
TRM.PLA.009 Support Internet Small Computer System Interface (iSCSI) to provide block-level access to remote devices for SAN. Recommended
TRM.PLA.010 Support Fiber Channel over TCP/IP (FCIP) for connecting remote FC SANs. Recommended
TRM.PLA.011 Support Desktop Management Interface (DMI) standards to collect information about a computer environment for desktop management. Recommended
TRM.PLA.012 Support Web-Based Enterprise Management (WBEM) to enable server management through web-enabled application. Recommended
TRM.PLA.013 Support Alert Standard Format (ASF) to define OS-absent alerting for preventive monitoring. Recommended
TRM.PLA.014 Support hardened operating system. Recommended
TRM.PLA.015 Support Trusted Platform Module (TPM) for authenticating mobile computing device. Recommended
TRM.PLA.016 Use SAN for enterprise storage solution. Recommended
TRM.PLA.017 Implement enterprise-wide backup solution. Recommended


Standard id Standard Clasification
TRM.NW.001 Use TCP/IP as standard network protocol for all government agencies. Mandatory
TRM.NW.002 All devices in LAN and WAN infrastructure shall support IPv6 standards (128 bits for addressing). Recommended
TRM.NW.003 Support Open Shortest Path First (OSPF, OSPF2, Multi-path OSPF) for core switch. Recommended
TRM.NW.004 Support Internet Protocol Security (IPSec) for secure exchange packets at IP layer and IKE (Internet Key Exchange) for key exchange. Recommended
TRM.NW.005 Support Secure Sockets Layer (SSLv3) for mutual authentication between a client and server. Recommended
TRM.NW.006 Support SSH for secure remote login, secure file transfer and secure TCP/IP and X11 forwarding. Recommended
TRM.NW.007 Support IEEE 802.11i to enhance 802.11 Medium Access Control (MAC) for higher security and authentication mechanisms. Recommended
TRM.NW.008 Certified to Common Criteria EAL-4 (Evaluation Assurance Level) for firewall. Recommended
TRM.NW.009 Authenticate using multi factor authentication methods. Recommended
TRM.NW.010 Support Multi-Protocol Label Switching (MPLS). Mandatory
TRM.NW.011 Support ITU suite of standards for audio, video and graphical communications. Recommended
TRM.NW.012 Support any of the following:
(a) IEEE 802.3u-100Base T (for Fast Ethernet over twisted pair cables)
(b) IEEE 802.3u-100BaseFx (for fast Ethernet over optical fibre)
(c) IEEE 802.3ab (1 Gbps over Cat5e/6 cabling system)
(d) IEEE 802.3z (for Gigabit Ethernet over fibre and cable).
TRM.NW.013 Support Dynamic Host Configuration Protocol (DHCP) for dynamic IP addresses assignment to devices. Mandatory
TRM.NW.014 Support IEEE 802.1w (Rapid Spanning Tree Protocol) to provide rapid reconfiguration capability. Recommended
TRM.NW.015 Support IEEE 802.3ad for link aggregation for edge switch. Recommended
TRM.NW.016 Support IEEE 802.3x to define full duplex operation and flow control on 100Mbps Ethernet network for edge switch. Recommended
TRM.NW.017 Support Virtual Router Redundancy Protocol (VRRP) to eliminate the single point of failure inherent in the static default routed environment for core switch. Recommended
TRM.NW.018 Support Differentiated Service (DiffServ) to provide QoS to the traffic for core switch. Recommended
TRM.NW.019 Support IEEE 802.1q for Virtual LAN (VLAN). Recommended
TRM.NW.020 Support 1000Base-LH (Long Haul) to provide gigabit speed over distance between 70 and 100km. Recommended
TRM.NW.021 Support IEEE802.3af for edge switches supporting devices which require twisted pair cables (e.g. IP Phone Clients and wireless LAN access points). Recommended
TRM.NW.022 Support IEEE 802.3ae to support operating speed of 10Gbps Ethernet over fiber for core switch. Recommended
TRM.NW.023 Use Unshielded Twisted Pair (UTP) Category 6 for Structured Cabling System based on ANSI/TIA/EIA-568-B.2-1. Recommended
TRM.NW.024 Use fiber cables to interconnect network devices and backbone connections for Structured Cabling system as described by TIA/EIA 568. Multimode fiber is used for short distance transmissions with LED based fiber optic equipment. Single-mode fiber is used for long distance transmissions with laser diode based fiber optic transmission equipment.
Physical layer standards for optical fiber are:
(a) Support 1000Base-SX (short wavelength laser) to provide gigabit speed over maximum distance of 220m (for 62.5 micron multimode fiber) and 550m (for 50 micron multimode fiber).
(b) Support 1000Base-LX (long wavelength laser) to provide gigabit speed over maximum distance of 550m (for 50 and 62.5 micron multimode fiber) up to five km single mode with 9 micron fiber
TRM.NW.025 Use Commercial Building Telecommunications Cabling Standard 2001 based on ANSI/TIA/EIA 568-B. Recommended
TRM.NW.026 Use Generic Cabling for Customer Premises (International Standards) 2002 based on ISO/IEC 11801. Recommended
TRM.NW.027 Use Generic Cabling Systems (CENELEC Standards) 2002 based on EN 50173. Recommended
TRM.NW.028 Use Generic Universal Cabling Infrastructure with support voice and data applications based on ISO/IEC 11801, ISO/IEC 11801, 14763-1, 14763-2, 14763-3, IEC 61935-1, TIA/EIA 568-B, EN50173, TIA/EIA 606-A, IEC332-1 Recommended
TRM.NW.029 Use Commercial Building Standard for Telecommunications Pathways and Spaces 2004. Recommended
TRM.NW.030 Build and install cables based on ISO/IEC 18010 standards of Information Technology - Pathways and Spaces for Customer Premises Cabling. Recommended
TRM.NW.031 Test cables after installation based on TIA/ EIA-568-B and IEC 61935 standards. Recommended
TRM.NW.032 Support Class 1 or Class 3 (excluding Class 3B) laser for FSO. Recommended
TRM.NW.033 Implement WLAN that supports any of the following standards:
(a) Wi-Fi Protected Access (WPA)
(b) WPA2
(c) Advanced Encryption Standard (AES)
(d) Mobile Virtual Private Networks (VPNs).
TRM.NW.034 Support IEEE 802.11a for 54 Mbps high speed wireless LAN and 5 GHz range. Recommended
TRM.NW.035 Support IEEE 802.11g for 54 Mbps high speed wireless LAN and 2.4 GHz range. Recommended
TRM.NW.036 Support IEEE 802.11n for 54 Mbps high speed wireless LAN up to 600 Mbps (with 2.4 GHz and 5 GHz range). Recommended
TRM.NW.037 Support H.323 for converting between voice and data transmission formats and for managing connections between telephony endpoint and Real-Time Transport Protocol (RTP). Recommended
TRM.NW.038 Support H.248 for controlling media gateways on Internet Protocol (IP) network and Public Switched Telephone Network (PSTN). Recommended
TRM.NW.039 Support RTP for end-to-end network transmission of real-time data, such as audio, video or simulation data, over multicast or unicast network services. Recommended
TRM.NW.040 Support Real Time Streaming Protocol (RTSP) for control over the delivery of data with real-time properties. Recommended
TRM.NW.041 Support H.264 for compression algorithm and optimization for lower data rates. Recommended
TRM.NW.042 Use Session Initiation Protocol (SIP) to manage IP telephony sessions. SIP is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. Recommended
TRM.NW.043 Use Simple Network Management Protocol (SNMP) v2 and above as the main management protocol suite. Recommended
TRM.NW.044 Use IP Telephony where possible. Recommended
TRM.NW.045 Use video conferencing system for collaboration where possible. Recommended
TRM.NW.046 Use network management tools to manage LAN. Recommended

Data center

Standard id Standard Clasification
TRM.DC.001 Design data center in accordance to TIA 942 standards. Recommended
TRM.DC.002 Design data center with ample space for expansion to meet the growing demands. Locate the data center at a physically safe area. Recommended
TRM.DC.003 Implement 24/7 physical security monitoring through CCTV Surveillance Monitoring (e.g. Closed-circuit television (CCTV) /Automated Security Intrusion Alarm/Biometric/Motion Detector) with minimally an intrusion response exercise annually. Recommended
TRM.DC.004 Standardize use of 19-inch 42U racks which aids better cabling management and for cold/ hot air aisle efficiency. All racks should have perforated doors for front and back for front-in and back-out cross-air movement. Mandatory
TRM.DC.005 Install man-trap access to computer room as an additional barrier to prevent unauthorized access to the computer room. Recommended
TRM.DC.006 Conduct a risk assessment before building or implementing a data center. Implement appropriate controls to mitigate identified risks. Mandatory
TRM.DC.007 Separate the location of disaster recovery site from the primary data center. Mandatory
TRM.DC.008 Ensure smoke detection and fire suppression systems are in place and tested on periodic basis. Mandatory
TRM.DC.009 Design data center with ample space for growth. Recommended
TRM.DC.010 Locate the data center at a physically safe area. Recommended
TRM.DC.011 Use Fibre Optic Cable (FOC) for backbone cabling. Recommended
TRM.DC.012 Design and operate at minimum Tier II and where possible to have Tier III data center or higher. Recommended
TRM.DC.013 Carry out a detailed capacity requirements study for space, power and cooling. Recommended
TRM.DC.014 Implement “hot” and “cold” aisle setup for effective cooling. Recommended


Standard id Standard Clasification
TRM.CLO.001 Follow RFC 5246 Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Recommended
TRM.CLO.002 Follow RFC 3820: X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile Recommended
TRM.CLO.003 Follow RFC5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Recommended
TRM.CLO.004 Follow RFC 5849 OAuth (Open Authorization Protocol) Recommended
TRM.CLO.005 ISO/IEC 9594-8:2008 | X.509 Information technology -- Open Systems Interconnection -- The Directory: Publickey and attribute certificate frameworks Recommended
TRM.CLO.006 Follow ISO/IEC 29115 | X.1254 Information technology - Security techniques -- Entity authentication assurance framework Recommended
TRM.CLO.007 Follow OpenID Authentication Recommended
TRM.CLO.008 Follow eXtensible Access Control Markup Language (XACML) Recommended
TRM.CLO.009 Follow Security Assertion Markup Language (SAML) Recommended
TRM.CLO.010 Follow Key Management Interoperability Protocol (KMIP) Recommended
TRM.CLO.011 Follow XML Encryption Syntax and Processing Recommended
TRM.CLO.012 Follow XML signature (XMLDSig) Recommended
TRM.CLO.013 Follow Service Provisioning Markup Language (SPML) Recommended
TRM.CLO.014 Follow Web Services Federation Language (WSFederation) Version 1.2 Recommended
TRM.CLO.015 Follow WS-Trust 1.3 Recommended
TRM.CLO.016 Follow OpenID Authentication 1. Recommended
TRM.CLO.017 Follow ISO/IEC WD 27035-1 Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management Recommended
TRM.CLO.018 Follow ISO/IEC WD 27035-3 Information technology -- Security techniques -- Information security incident management -- Part 3: Guidelines for CSIRT operations Recommended
TRM.CLO.019 Follow ISO/IEC WD 27039; Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems Recommended
TRM.CLO.020 ISO/IEC 18180 Information technology - Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2 (NIST IR 7275) Recommended
TRM.CLO.021 Follow X.1500 Cybersecurity information exchange techniques Recommended
TRM.CLO.022 Follow X.1520: Common vulnerabilities and exposures Recommended
TRM.CLO.023 Follow X.1521 Common Vulnerability Scoring System Recommended
TRM.CLO.024 Follow PCI Data Security Standard Recommended
TRM.CLO.025 Follow Cloud Controls Matrix Version 1.3 Recommended
TRM.CLO.026 Follow ISO/IEC 27001:2005 Information Technology - Security Techniques Information Security Management Systems Requirements Recommended
TRM.CLO.027 Follow ISO/IEC WD TS 27017 Information technology -- Security techniques -- Information security management - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002 Recommended
TRM.CLO.028 Follow ISO/IEC 27018 Code of Practice for Data Protection Controls for Public Cloud Computing Services Recommended
TRM.CLO.029 Follow ISO/IEC 1st WD 27036-4 Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services Recommended
TRM.CLO.030 Follow ISO/IEC 27002 Code of practice for information security management Recommended
TRM.CLO.031 Follow eXtensible Access Control Markup Language (XACML) Recommended
TRM.CLO.032 Follow ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management Recommended
TRM.CLO.033 Follow IEEE P2301, Draft Guide for Cloud Portability and Interoperability Profiles (CPIP) Recommended
TRM.CLO.034 Follow IEEE P2302, Draft Standard for Intercloud Interoperability and Federation (SIIF) Recommended
TRM.CLO.035 Follow Y.3520 Cloud computing framework for end to end resource management (ITU) Recommended
TRM.CLO.036 Follow OASIS Cloud Application Management Platform (CAMP) Recommended
TRM.CLO.037 Follow OASIS Topology and Orchestration Specification or Cloud Applications (TOSCA),Version 1.0 Committee Specification Draft 06 / Public Review Draft 01 Recommended
TRM.CLO.038 Follow Open Cloud Computing Interface (OCCI) Recommended


Standard id Standard Clasification
TRM.ROB.001 Follow ISO 9787 to specify robot coordinate systems, nomenclature, including notations, for the basic robot motions. This specification is intended to aid in robot alignment, testing and programming. Mandatory
TRM.ROB.002 To assist users and manufacturers in the understanding and comparison of various types of robots, follow ISO 9946. It covers topics such as safety, performance criteria and related testing methods, coordinate systems, terminology and mechanical interfaces. Mandatory
TRM.ROB.003 Follow ISO 13482 for specification of requirements and guidelines for the inherently safe design, protective measures and information for use of personal care robots. Mandatory
TRM.ROB.004 For specification of requirements and guidelines for the inherent safe design, protective measures and information for use of industrial robots, follow ISO 10218. Mandatory