Security - NZISM
J Dough made this Official Information request to New Zealand Police
This request has an unknown status. We're waiting for J Dough to read a recent response and update the status.
From: J Dough
Dear New Zealand Police,
The NZ Police Firearms Safety Authority goes into a significant level of detail about the security of data it holds on the following page of their website:
https://www.firearmssafetyauthority.govt...
Example text includes:
* "These are similar controls to what you would see at your bank"
* "robust authentication, including two-factor verification"
* "Its data security and privacy requirements have been assessed against government standards for the use of cloud-hosted services."
When the NZ Police Firearms Safety Authority sends a letter to a firearms licence holder it uses encrypted PDFs documents to keep information "secure". I am deliberately not providing details of this to help protect the use of security through obscurity.
Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limted to, the following sections:
* 16.1.15
* 16.1.19
* 16.1.20
* 16.1.21
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
Section numbers are taken from version 3.7 of the NZISM (New Zealand Information Security Manual) which is available from the NZ Government Communications Security Bureau website:
* https://nzism.gcsb.govt.nz/ism-document/
Note that there are applications which will crack passwords on documents, including PDF documents, which can be easily obtained, with one example being Passware Kit Standard which has a free trial version (I have no connection with this organisation, this is just an example).
As per Section 112 of the Official Information Act 1982 I can confirm that I am entitled to make requests under this Act as I satisfy criteria as listed in Section 12(1) as being someone who may make requests under the Act, which includes residing in New Zealand.
All information should be shared via the FYI.org.nz website (as per the guidance on https://fyi.org.nz/body/new_zealand_police).
Yours faithfully,
J Dough
From: Ministerial Services
New Zealand Police
Tēnā koe
I acknowledge receipt of your three Official Information Act 1982 requests below, received by Police on 14 May 2024.
1. Could the NZ Police please provide the definition of "uplift" as used by the NZ Police and any legal definition(s) / advice they have with how that word is to be used.
2. Could the NZ Police please confirm all the valid ways to inform the Police / Firearms Safety Authority of any new / updated information.
From Regulation 37(1) of the Arms Regulations 1992:
"Except as otherwise provided in the Act or these regulations, information that the Act or these regulations require to be provided to the Police for the purposes of entry in the registry must be provided in a manner or form determined by the Commissioner."
Can you please provide the full list of "manner" and "form" that have been determined by the Commissioner. This must include the document(s) which list the methods and all legal advice to confirm the alignment with the all applicable NZ legislation.
Can you also provide the method(s) by which this information is easily accessible to any person with a firearms licence, e.g. a URL on the Police / Firearms Safety Authority website.
Can you confirm the publication date(s) (or similar as applicable to the method of publication).
3. The NZ Police Firearms Safety Authority goes into a significant level of detail about the security of data it holds on the following page of their website:
https://www.firearmssafetyauthority.govt...
Example text includes:
* "These are similar controls to what you would see at your bank"
* "robust authentication, including two-factor verification"
* "Its data security and privacy requirements have been assessed against government standards for the use of cloud-hosted services."
When the NZ Police Firearms Safety Authority sends a letter to a firearms licence holder it uses encrypted PDFs documents to keep information "secure". I am deliberately not providing details of this to help protect the use of security through obscurity.
Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limted to, the following sections:
* 16.1.15
* 16.1.19
* 16.1.20
* 16.1.21
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
Section numbers are taken from version 3.7 of the NZISM (New Zealand Information Security Manual) which is available from the NZ Government Communications Security Bureau website:
* https://nzism.gcsb.govt.nz/ism-document/
Note that there are applications which will crack passwords on documents, including PDF documents, which can be easily obtained, with one example being Passware Kit Standard which has a free trial version (I have no connection with this organisation, this is just an example).
These have been combined and logged as one request. Your reference number is IR-01-24-16550.
You can expect a response to your request on or before 12 June 2024 unless an extension is needed.
Ngā mihi
Lisa
Ministerial Services
Police National Headquarters
-----Original Message-----
From: J Dough <[FOI #26780 email]>
Sent: Tuesday, 14 May 2024 12:38 PM
To: Ministerial Services <[email address]>
Subject: [EXTERNAL] Official Information request - Security - NZISM
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Dear New Zealand Police,
The NZ Police Firearms Safety Authority goes into a significant level of detail about the security of data it holds on the following page of their website:
https://www.firearmssafetyauthority.govt...
Example text includes:
* "These are similar controls to what you would see at your bank"
* "robust authentication, including two-factor verification"
* "Its data security and privacy requirements have been assessed against government standards for the use of cloud-hosted services."
When the NZ Police Firearms Safety Authority sends a letter to a firearms licence holder it uses encrypted PDFs documents to keep information "secure". I am deliberately not providing details of this to help protect the use of security through obscurity.
Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limted to, the following sections:
* 16.1.15
* 16.1.19
* 16.1.20
* 16.1.21
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
Section numbers are taken from version 3.7 of the NZISM (New Zealand Information Security Manual) which is available from the NZ Government Communications Security Bureau website:
* https://nzism.gcsb.govt.nz/ism-document/
Note that there are applications which will crack passwords on documents, including PDF documents, which can be easily obtained, with one example being Passware Kit Standard which has a free trial version (I have no connection with this organisation, this is just an example).
As per Section 112 of the Official Information Act 1982 I can confirm that I am entitled to make requests under this Act as I satisfy criteria as listed in Section 12(1) as being someone who may make requests under the Act, which includes residing in New Zealand.
All information should be shared via the FYI.org.nz website (as per the guidance on https://fyi.org.nz/body/new_zealand_police).
Yours faithfully,
J Dough
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #26780 email]
Is [New Zealand Police request email] the wrong address for Official Information requests to New Zealand Police? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
===============================================================
WARNING
The information contained in this email message is intended for the addressee only and may contain privileged information. It may also be subject to the provisions of section 50 of the Policing Act 2008, which creates an offence to have unlawful possession of Police property. If you are not the intended recipient of this message or have received this message in error, you must not peruse, use, distribute or copy this message or any of its contents. Also note, the views expressed in this message may not necessarily reflect those of the New Zealand Police. If you have received this message in error, please email or telephone the sender immediately
hide quoted sections
From: Ministerial Services
New Zealand Police
Tēnā koe
I refer to your Official Information Act request dated 14 May 2024 below.
Some of the information to which your request relates is not held by us, but is believed to be held by and more closely related to the functions of the Department of Internal Affairs. In these circumstances, we are required by section 14 of the Official Information Act 1982 to transfer your request.
The following questions have been transferred to the Department of Internal Affairs:
1. Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limited to, the following sections:
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
You will hear further from the Department of Internal Affairs concerning your request.
Kind regards
Lisa
Ministerial Services
PNHQ
-----Original Message-----
From: J Dough <[FOI #26780 email]>
Sent: Tuesday, 14 May 2024 12:38 PM
To: Ministerial Services <[email address]>
Subject: [EXTERNAL] Official Information request - Security - NZISM
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Dear New Zealand Police,
The NZ Police Firearms Safety Authority goes into a significant level of detail about the security of data it holds on the following page of their website:
https://www.firearmssafetyauthority.govt...
Example text includes:
* "These are similar controls to what you would see at your bank"
* "robust authentication, including two-factor verification"
* "Its data security and privacy requirements have been assessed against government standards for the use of cloud-hosted services."
When the NZ Police Firearms Safety Authority sends a letter to a firearms licence holder it uses encrypted PDFs documents to keep information "secure". I am deliberately not providing details of this to help protect the use of security through obscurity.
Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limted to, the following sections:
* 16.1.15
* 16.1.19
* 16.1.20
* 16.1.21
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
Section numbers are taken from version 3.7 of the NZISM (New Zealand Information Security Manual) which is available from the NZ Government Communications Security Bureau website:
* https://nzism.gcsb.govt.nz/ism-document/
Note that there are applications which will crack passwords on documents, including PDF documents, which can be easily obtained, with one example being Passware Kit Standard which has a free trial version (I have no connection with this organisation, this is just an example).
As per Section 112 of the Official Information Act 1982 I can confirm that I am entitled to make requests under this Act as I satisfy criteria as listed in Section 12(1) as being someone who may make requests under the Act, which includes residing in New Zealand.
All information should be shared via the FYI.org.nz website (as per the guidance on https://fyi.org.nz/body/new_zealand_police).
Yours faithfully,
J Dough
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #26780 email]
Is [New Zealand Police request email] the wrong address for Official Information requests to New Zealand Police? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
===============================================================
WARNING
The information contained in this email message is intended for the addressee only and may contain privileged information. It may also be subject to the provisions of section 50 of the Policing Act 2008, which creates an offence to have unlawful possession of Police property. If you are not the intended recipient of this message or have received this message in error, you must not peruse, use, distribute or copy this message or any of its contents. Also note, the views expressed in this message may not necessarily reflect those of the New Zealand Police. If you have received this message in error, please email or telephone the sender immediately
hide quoted sections
From: SDO Official Correspondence
Tçnâ koe J Dough,
Thank you for your OIA request, which was partially transferred from the NZ Police to the Department of Internal Affairs (included in train of this email)
The Department will provide its response to your request as soon as practicable and within twenty working days. The 20th working day is 1 July 2024.
Please note that in cases where the Department’s response provides information that is identified to be of general public interest, the response may also be published on the Department of Internal Affairs website. If the Department publishes its response to your OIA request, all personal information, including your name and contact details, will be removed.
Nâku noa, nâ
Krystle Courtier| Official Correspondence Co-ordinator
Te Pâhekoheko, Kâwai ki te iwi | Operations, Service Delivery and Operations
Te Tari Taiwhenua The Department of Internal Affairs
http://www.dia.govt.nz/
-----Original Message-----
From: Ministerial Services <[email address]>
Sent: Thursday, May 30, 2024 10:22 AM
To: J Dough <[FOI #26780 email]>
Subject: Partial transfer of your Official Information Act request
Tçnâ koe
I refer to your Official Information Act request dated 14 May 2024 below.
Some of the information to which your request relates is not held by us, but is believed to be held by and more closely related to the functions of the Department of Internal Affairs. In these circumstances, we are required by section 14 of the Official Information Act 1982 to transfer your request.
The following questions have been transferred to the Department of Internal Affairs:
1. Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limited to, the following sections:
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
You will hear further from the Department of Internal Affairs concerning your request.
Kind regards
Lisa
Ministerial Services
PNHQ
-----Original Message-----
From: J Dough <[FOI #26780 email]>
Sent: Tuesday, 14 May 2024 12:38 PM
To: Ministerial Services <[email address]>
Subject: [EXTERNAL] Official Information request - Security - NZISM
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Dear New Zealand Police,
The NZ Police Firearms Safety Authority goes into a significant level of detail about the security of data it holds on the following page of their website:
https://www.firearmssafetyauthority.govt...
Example text includes:
* "These are similar controls to what you would see at your bank"
* "robust authentication, including two-factor verification"
* "Its data security and privacy requirements have been assessed against government standards for the use of cloud-hosted services."
When the NZ Police Firearms Safety Authority sends a letter to a firearms licence holder it uses encrypted PDFs documents to keep information "secure". I am deliberately not providing details of this to help protect the use of security through obscurity.
Can the NZ Police confirm that the security of all communications align with the security requirements and guideance provided by the NZ Government Communications Security Bureau, especially, but not limted to, the following sections:
* 16.1.15
* 16.1.19
* 16.1.20
* 16.1.21
* 16.1.40.R.03
* 16.1.40.R.04
* 16.1.40.C.02
* 16.1.41.R.01
Section numbers are taken from version 3.7 of the NZISM (New Zealand Information Security Manual) which is available from the NZ Government Communications Security Bureau website:
* https://nzism.gcsb.govt.nz/ism-document/
Note that there are applications which will crack passwords on documents, including PDF documents, which can be easily obtained, with one example being Passware Kit Standard which has a free trial version (I have no connection with this organisation, this is just an example).
As per Section 112 of the Official Information Act 1982 I can confirm that I am entitled to make requests under this Act as I satisfy criteria as listed in Section 12(1) as being someone who may make requests under the Act, which includes residing in New Zealand.
All information should be shared via the FYI.org.nz website (as per the guidance on https://fyi.org.nz/body/new_zealand_police).
Yours faithfully,
J Dough
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #26780 email]
Is [New Zealand Police request email] the wrong address for Official Information requests to New Zealand Police? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
From: SDO Official Correspondence
Kia ora,
Kindly find the attached response to your request.
Ngâ mihi
Linda
Linda Anderson ([1]she/her) |Advisor Official Correspondence
Te Pâhekoheko, Kâwai ki te iwi | Operations, Service Delivery and
Operations
Te Tari Taiwhenua The Department of Internal Affairs
[2]www.dia.govt.nz
[3]Logo: Te Tari Taiwhenua – Internal Affairs
*If you’re wondering about the use of pronouns she/her on this signature
you can find more information about how sharing pronouns can help to
create a sense of belonging and respect [4]here.
References
Visible links
1. https://ssc.govt.nz/our-work/diversity-a...
2. http://www.dia.govt.nz/
4. https://www.publicservice.govt.nz/our-wo...
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence