NSW Government

Wireless Services (WiFi) Standard

v2.0

December 2015

Wireless Service (WiFi) Standard

CONTENTS

1. CONTEXT 3

1.1. Background 3

1.2. Purpose 3

1.3. Scope and application 3

1.4. Policy context 3

1.5. The ICT Services Catalogue 4

2. KEY PRINCIPLES 4

3. REQUIREMENTS 5

3.1. Requirements tables 5

3.3.1 Silver (Standard) Use Cases / Scenarios 6

3.3.2 Gold (Enhanced) Use Cases / Scenarios 7

3.2. Elements of this standard 8

3.2.1 Wireless Services (WiFi) Requirements 8

3.2.2 Service Management Requirements 9

DOCUMENT CONTROL 11

APPENDIX A – IMPLEMENTING A WiFi SERVICE 12

APPENDIX B – EXPECTED TECHNICAL FEATURES 13

APPENDIX C – DEFINITIONS 14

APPENDIX D – ABBREVIATIONS 15

APPENDIX E – REFERENCES 16

APPENDIX F – STANDARDS 17

Developing technical standards 17

Management and implementation 17

Wireless Service (WiFi) Standard

1. CONTEXT

1.1. Background This is a technical standard developed through the NSW ICT Procurement and Technical Standards Working Group. The standard contains technical and functional requirements that agencies should consider when procuring wireless service (WiFi) solutions.

By defining the necessary and common elements across agencies the standard provides an opportunity to leverage the buying power of Government as a whole, improve procurement efficiency and increase interoperability.

1.2. PurposeThe purpose of this standard is to assist NSW Government agencies to develop, procure and implement WiFi solutions and tools, as well as take full advantage of their benefits. This standard also helps agencies procure in a strategic manner that reflects the NSW Government’s priorities as outlined in the NSW Government ICT Strategy.

This standard details the issues that need to be considered so each agency can identify the available options that best suit their business requirements, helping agencies achieve value for money through cost savings and improved flexibility of service offerings.

1.3. Scope and applicationThis standard applies to all NSW Government departments, statutory bodies and shared service providers. It does not apply to state owned corporations, but is recommended for their adoption.

For the purposes of this standard, a Wireless Service (WiFi) means a data transmission service for users of wireless devices through radio frequency (RF) signals rather than through wired end-to-end communication.

This standard sets out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW ICT Services Catalogue. Agencies should consider any specific operational or regulatory factors that impact their requirements, and specific requirements they have in addition to those detailed in this standard.

1.4. Policy contextThe NSW Government ICT Strategy and Digital+ 2015 Final Update set out the Government’s plan to: build capability across the NSW public sector to deliver better, more customer-focused services that are available anywhere, anytime; and to derive increased value from the Government’s annual investment in ICT.

Information sharing, open data and reuse of technology are priority initiatives of the ICT Strategy, to maximise the return on government investments, support better policy development and service delivery. The NSW Government ICT Investment Policy and Guidelines establishes these requirements for all new ICT projects, particular to make better use of the functionality in existing systems. APIs are an essential mechanism for meeting these requirements.

The NSW Government Enterprise Architecture (NSW GEA) provides direction and practical guidance to accelerate the development of agency EA capability and enabling a common, intra and inter agency approach to the design of digital government. It encompasses all aspects of enterprise architecture activity at the business, information, application and technology

Wireless Service (WiFi) Standard

infrastructure layers. The NSW GEA is mapping the landscape of Whole of Government systems available across the sector, highlighting opportunities for reuse and where APIs can add value.

NSW Government, along with many governments in other jurisdictions, has moved towards opening up previously protected databases and applications, so that data and functionality can be accessed across agency boundaries or reused in new systems. Within NSW this has been reflected in the development of the NSW Government Open Data Policy, which provides clear direction for agencies to make their data available to the public in machine readable forms, including through the availability of APIs.

Developing whole of NSW Government ICT technical standards is a key initiative of the NSW Government ICT Strategy, driven by the ICT Procurement and Technical Standards Working Group. These standards leverage principles defined in the NSW Government ICT Strategy and the NSW Government Cloud Policy, and they support the NSW ICT Services Catalogue.

The standards set out service definitions as minimum requirements that vendors must meet to be able to offer their services through the NSW Services Catalogue. This helps achieve consistency across service offerings, emphasising a move to as a service sourcing strategies in line with the NSW Government ICT Strategy, and it signals government procurement priorities to industry.

This standard should be applied along with existing NSW Government policies and guidance, including the NSW Digital Information Security Policy. More information on the process for the development of standards that populate the ICT Services Catalogue is at Appendix F – Standards.

1.5. The ICT Services CatalogueThis catalogue provides suppliers with a showcase for their products and services, and an opportunity to outline how their offerings meet or exceed standard government requirements. The standards, together with supplier service offerings, help to reduce red tape and duplication of effort by allowing suppliers to submit service details only once against the standards. The offerings are then available to all potential buyers, simplifying procurement processes for government agencies.

Implementing this category management approach will embed common approaches, technologies and systems to maintain currency, improve interoperability and provide better value ICT investment across NSW Government.

2. KEY PRINCIPLESThe following key principles underpin this standard:

Fit for purpose: Wireless solutions should meet agency business requirements, and provide sufficient bandwidth for current and future applications.

Information security: Meet any applicable requirements of the NSW Digital Information Security Policy and ISO 27001.

Interoperability: Wireless services should meet applicable industry and open interoperability standards.

Value for money: API development should deliver value for money, in line with the investment principles set out in the NSW Government ICT Investment Policy and Guidelines.

Technology currency: Solutions should be designed to maintain technology currency for key systems, and to maintain a pace that aligns with business context and risk profile.

Wireless Service (WiFi) Standard

Facilitating as a service: Wireless solutions should facilitate the agency transition to as a service, and ensure agency alignment with broader NSW ICT Strategy.

Mobility: Wireless services should support mobility for NSW Government employees, contractors, and those engaging and interacting with NSW Government (including consuming government services).

Wireless Service (WiFi) Standard

3. REQUIREMENTS

3.1. Requirements tablesThe following tables set out the recommended business and technical requirements for NSW Government. They provide a consistent approach for all NSW Government agencies regardless of their size.

When considering any aspect of a wireless solution an agency must consider the Service Management aspects of the service(s) on offer. The following applies in these requirements tables:

Use Case ExplanationAgency (Internal) Provision of agency services in place of, or supplementary to wired

services. Access to services via agency identity management service.

Government Service Access Provision of service to other areas of the Government service, access provided via means of Government Identity Hub identity.

Public (External) Provision of services to members of the public, access granted via ‘appropriate electronic usage agreement’.

Implementation of WiFi solutions should align with best practice, as outlined at Appendix A – Implementing a WiFi Service.

Explanations elements of the following tables are provided at section 3.4.

Additional definitions for items discussed can be found in Appendix C, and details of abbreviations can be found at Appendix D.

Wireless Service (WiFi) Standard

3.3.1 Silver (Standard) Use Cases / Scenarios

‘Use cases’ for wireless service solutions that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.

Use Case / ScenarioSILVER

Wireless Services (WiFi) Service Management

Alig

nmen

t with

inte

rnati

onal

be

st p

racti

ce

Mob

ile a

nd fl

exib

le

Vend

or /

oper

ating

en

viro

nmen

t agn

ostic

Perf

orm

ance

Relia

ble,

scal

able

and

dyn

amic

Supp

orts

app

licati

ons

and

adva

nced

func

tiona

lity

Auth

entic

ation

and

acc

ess

oper

ation

Info

rmati

on c

aptu

re a

nd

reco

rdin

g

Voic

e an

d da

ta e

nabl

ed

Voic

e ca

pabl

e, d

ata

enab

led

Self-

serv

ice

adm

inist

ratio

n

Full-

serv

ice

adm

inist

ratio

n

Clou

d co

mpl

iant

hos

ting

faci

lity

NSW

Gov

ernm

ent D

ata

Cent

re

Ons

hore

/offs

hore

m

anag

emen

t

Serv

ice

leve

l man

agem

ent

Mul

ti-se

rvic

e br

oker

pro

visio

n

Disa

ster

reco

very

Agency (Internal) Government Service Access Public (External)

7

Wireless Service (WiFi) Standard

3.3.2 Gold (Enhanced) Use Cases / Scenarios

‘Use cases’ for wireless service solutions that are anticipated in agencies are included in the table below. The corresponding requirement sections of this standard are ticked in the columns.

Use Case / ScenarioGOLD

Wireless Services (WiFi) Service Management

Alig

nmen

t with

inte

rnati

onal

be

st p

racti

ce

Mob

ile a

nd fl

exib

le

Vend

or/o

pera

ting

envi

ronm

ent a

gnos

tic

Perf

orm

ance

Relia

ble,

scal

able

and

dyn

amic

Supp

orts

app

licati

ons

and

adva

nced

func

tiona

lity

Auth

entic

ation

and

acc

ess

oper

ation

Info

rmati

on c

aptu

re a

nd

reco

rdin

g

Voic

e an

d da

ta e

nabl

ed

Voic

e ca

pabl

e, d

ata

enab

led

Self-

serv

ice

adm

inist

ratio

n

Full-

serv

ice

adm

inist

ratio

n

Clou

d co

mpl

iant

hos

ting

faci

lity

NSW

Gov

ernm

ent D

ata

Cent

re

Ons

hore

/offs

hore

m

anag

emen

t

Serv

ice

leve

l man

agem

ent

Mul

ti-se

rvic

e br

oker

pro

visio

n

Disa

ster

reco

very

Agency (Internal) Government Service Access Public (External)

8

Wireless Service (WiFi) Standard

3.2. Elements of this standard

3.2.1 Wireless Services (WiFi) Requirements

Alignment with international best practice

The underpinning purpose of sourcing as a service is to allow agencies to access and consume the best off-the-shelf ICT services in a scalable and flexible way, rather than procuring or developing bespoke solutions that fail to keep pace with new developments in technology.

Rather than designing a new series of bespoke technical requirements for WiFi technology the NSW Government relies on the best practice specifications contained in the IEEE 802.11 suite of standards (see Appendix B – Expected Technical Features).

WiFi services advertised and sourced via the NSW ICT Services Catalogue must align with IEEE802.11n: Next generation Wireless LAN Technology at minimum, with the ability to transition to alignment with IEEE 802.11ac within a reasonable period.

Public WiFi networks must align with the requirements of the IEEE 802.11u Protocol, or must have the capability of transitioning to alignment with IEEE 802.11u within a reasonable period. Ideally, public wireless service providers will be certified through the Wi-Fi Alliance’s Wi-Fi Certified PassPoint.

Mobile and flexible

The wireless network must support the modern business environment, including flexible work practices such as activity based working and hot desking. The service must support guest, public and private access, including access for BYOD devices.

Vendor / operating environment agnostic

The WiFi network should be accessible via a wide range of device and operating environment types. Devices such as laptops, mobile devices (including agency supplied and BYODs), printers, protectors, lighting systems, security cameras and IP telephony should be able to connect to, and access the network. The network should also be fully compatible with widely used operating environments.

Performance

The WiFi service should be fast and should have the capability of maintaining fast speeds for a large number of users and be capable of speeds aligning with IEEE802.11n at minimum.

The solution will provide appropriate built-in redundancy to achieve agency required levels of service. Typically this should be not less than 98% during agreed business hours (agreed at time of implementation and/or at regular service review points). During other times availability should not be less than 95%. Appropriate maintenance is to be carried out in accordance with SLAs. Agencies should agree standard and critical maintenance windows.

Reliable, scalable and dynamic

The wireless network must be reliable, scalable, and able to adapt to dynamic changes in traffic type and volume without causing disruptions to the user or server experience. Handover between access points should be seamless. Ideally, the service should incorporate the beamforming signal processing technique to improve performance, reliability and range.

Supports applications and advanced functionality

The WiFi network should be able to support traditional data and multimedia applications such as Voice over IP (VoIP), videoconferencing and instant messaging. The WiFi network must also support advanced WiFi functionality such as specialist handling of voice, video, presence and printing from providers such as Apple, Cisco, Microsoft and IPFX.

9

Wireless Service (WiFi) Standard

Authentication and access operation

The WiFi service should grant access to the network based on user and device identity, with reference to multiple MDM, LDAP and network management systems.

Information capture and recording

The WiFi service must provide sufficient live information to enable diagnosis and to resolution of location, connection and performance issues. The WiFi service must also capture sufficient information for accurate, complete and fully auditable logs suitable for financial management and information security purposes.

Voice and data enabled

Voice and data services including agreed Quality of Service (QoS) levels are enabled and usable on these services at agreed service levels.

Voice capable, data enabled

Voice services are capable of being added if and when required included agreed QoS levels but are not currently available for use. Data services are enabled and usable on these services including agreed QoS levels at agreed service levels.

3.2.2 Service Management Requirements

Self-service administration

The ability to automatically provision and de-provision for all agency resources within the system, together with other appropriate administration and management tasks that can be delegated from the service provider that do not impinge on the solution being provided to other customers.

Full-service administration

All provisioning, de-provisioning, together with all other administration and management tasks required to operate the environment, are provided as part of the service offering. The only exception will be service management of the provider which remains the sole responsibility of the initiating agency.

Cloud compliant hosting facility

All relevant cloud services for the solution may be provisioned from a compliant hosting facility. Compliant hosting is defined as having the following attributes and/or capabilities:

The location of the hosting facility must be identified either by name and/or location (city and country) in any response.

The hosting location cannot be changed without first informing the agency concerned.

The service provider undertakes, maintains and provides access to SSAE 16 Service Organization Control (SOC) Type II reports (or equivalent) for the services and facilities in scope for the engagement.

The hosting facility must comply with minimum Tier 3, as defined by the Uptime Institute, ANSI TIA-942, or an equivalent industry standard.

The hosting facility must be certified against ISO 27001; compliance with the following international standards is desirable:

o ISO 9001

o ISO 27002

o ISO 20000-1:2011

o ISO 14001

10

Wireless Service (WiFi) Standard

Other desirable certifications may include, but are not limited to:

o PCI-DSS v3.0 or later

o Australian Signals Directorate

o ASIO-T4

o Uptime Institute

o CSA

Also consider contractual obligations relating to the service provider allowing security assessments and treatment of outcomes as agreed with the client.

If the hosting facilities changes to a location that is deemed unacceptable either to NSW Government or to the agency and/or loses attributes and/or capabilities identified above, the agency may need to consider termination of services.

NSW Government Data Centre

All relevant services for the solution may be provisioned from one or both NSW Government Data Centre (GovDC). Depending on the service offering and agency requirements, it may be possible to ‘burst’ some elements of services to other location(s) subject to agreement with the commissioning agency.

Burst data centres must be deemed ‘compliant’. If the ‘burst’ data centre facilities change to a location that is deemed unacceptable either to NSW Government or to the agency, the agency may need to re-examine the ‘burst’ service or the full service.

Onshore/offshore management

All solution providers must be able to articulate where their services will be provided from, including any remote support services. For example, with a ‘follow the sun’ support model, the locations of each of their support sites around the globe need to be identified. Any changes to these need to be communicated to the customer agency promptly and if this causes issues, the agency has the right to cancel the service with appropriate notification.

Service level management

Agencies will retain ultimate responsibility for service level management in any solutions engagement, which would ordinarily be covered by a SLA. Agencies, service-brokers and solution providers need to agree all SLA reporting and other related activities as part of any transition-in process.

Multi-service broker provision

Any solution provider must work within the confines of a multi-service provider environment where either the agency or nominated provider will perform broker service provision. This will be defined as one provider being made accountable for the provision of all associated services, whether these are provided by the provider itself, or other third-party providers.

Disaster recovery

The solution is to have appropriate levels of disaster recovery built in to minimise downtime or disruption to the service. This element could include anything from a duplicated solution that is available immediately if the primary site fails, to a fully documented process for restoring services within Service Level Agreement (SLA) defined times.

11

Wireless Service (WiFi) Standard

DOCUMENT CONTROL

Document historyStatus: Released

Version: 2.0

Approved by: Executive Director, Strategic Policy

Approved on: 18 December 2015

Issued by: ICT Services, Service & Digital Innovation Division, Department of Finance, Services & Innovation (DFSI)

Contact: ICT Services, Service & Digital Innovation Division, Department of Finance, Services & Innovation (DFSI)

Email: standards@finance.nsw.gov.au

Telephone: (02) 9372 7445

Review This standard will be reviewed as required.

12

Wireless Service (WiFi) Standard

APPENDIX A – IMPLEMENTING A WiFi SERVICEAgencies should align their WiFi service implementations with known best practice. Generally, implementation should incorporate the following processes:

Service initiation

Prepare the site survey and plan infrastructure, including connecting the relevant service provider and tenant carriage service to primary and secondary data centres.

Review projected tenant requirements and prepare an initial and projected capacity plan setting out the expected traffic types, volumes, peak and off peak periods.

Install and commission infrastructure and build documentation, including the connections between the service and existing tenant infrastructure.

Service operation

Apply ITIL Service Management practices and processes. These include: a 24 hour a day service desk facility; incident and problem management processes; capacity monitoring and management; and regular hardware and software maintenance.

Authentication and access management

o Apply the appropriate access policies to connections based on user and device identity.

o Depending on the agency’s requirements, public customers may be provided with guest access for public customers, while BYOD devices may be provided with restricted access and QoS.

o Access to the network should be based on user and device identity, by reference to multiple MDM, LDAP and network management principles.

Shared WiFi Service Operation

o Enable shared WiFi service operation through the provision of data services in line with the relevant service level agreement and capacity plan.

o Where the agency has local infrastructure, provide access to local network resources, where the agency has local infrastructure.

o Where the agency has no local infrastructure, provide a tunnelled service back to the primary or secondary data centre.

Real time operational data

o Share real time operational data with the tenant’s service desk to enable the tenant to identity users, connection times and types, authentication and the application of access policy. The data shared should include:

user location information from a single list of users/devices

traffic volume and throughput data by user and/or device

user troubleshooting information (for example, log data).

Reporting

o Maintain, monitor and validate access log history for security reporting and remedial action.

o Deliver reports that support accounting and chargeback by tenant, device type and user.

o Support data accounting per application flow and/or user and device.

13

Wireless Service (WiFi) Standard

APPENDIX B – EXPECTED TECHNICAL FEATURES

NSW Government relies on the best practice specifications contained in the IEEE 802.11 suite of standards. The table below sets out, at a high level, the expected technical features in a baseline (Silver) and an ideal (Gold) WiFi service:

Silver Gold

Alignment with relevant IEEE 802.11 standard

QoS Layer 1 – Internet Layer 2 – Data Layer 3 – Real time

VoIP and video

Layer 1 – Internet Layer 2 – Email Layer 3 – Data Layer 4 – Voice Layer 5 – Video

Access typesGuest

Private

Public

Mobile device supportIOS

Android

Blackberry

Window

Verification (User)Local

Back to home

VoIP

Video

Broadcast

Streaming

Seamless handover between access points

Encryption

Beamforming

14

Wireless Service (WiFi) Standard

APPENDIX C – DEFINITIONS

Access point type – An entity that contains one station (STA) and provides access to the distribution services, via the wireless medium for associated STAs.

Access point path – Path between two tunnelled direct-link setup (TDLS) peer stations (STAs) via the AP with which the STAs are currently associated.

Application – Software designed to assist end users to carry out useful tasks. Examples of applications may include the Microsoft Office suite of products or smartphone applications such as Google Maps.

Beamforming – An advanced signal processing technique that controls the direction of WiFi transmissions as well as the reception of radio signals.

Bring Your Own Device (BYOD) – Any electronic device owned, leased or operated by an employee or contractor of and agency which is capable of storing data and connecting to a network, including but not limited to mobile phones, smartphones, tablets, laptops, personal computers and netbooks.

Data – Any and all information stored or processed via a WiFi network.

Encryption – The conversion of data into an encrypted format so that it cannot be understood by unauthorised users.

Mobile Device Management (MDM) – Solution which manages, supports, secures and monitors mobile devices. Note: Agencies will conduct risk assessments to determine whether their environment requires the implementation or not of such a solution. Implementation should ideally be done as a service in accordance with NSW Government policy.

Quality of Service (QoS) – The performance of a computer or telephony network, measured by bandwidth, service disruptions, and error rates.

Verification – A means of checking that data is accurate, consistent and has not been corrupted.

15

Wireless Service (WiFi) Standard

APPENDIX D – ABBREVIATIONS

AIIA Australian Information Industry Association

ASCII American Standard Code for Information Interchange

ASD Australian Security Directorate

ASIO Australian Secret Intelligence Organisation

BCM Business Continuity Management

BYOD Bring Your Own Device

CMIS Content Management Interoperability Services

CSA Canadian Standards Association

GovDC Government Data Centre

ICT Information & Communication Technology

IEEE Institute of Electrical and Electronic Engineers

IP Internet Protocol

ISO/TC International Organization for Standardization / Technical Committee

IT Information Technology

ITIL IT Infrastructure Library

LDAP Lightweight Directory Access Protocol

MDM Mobile Device Management

OCR Optical Character Recognition

OS Operating System

PCI-DSS Payment Card Industry – Data Security Standard

PTS Procurement & Technical Standards

QoS Quality of Service

RTCE Real Time Collaborative Editing

SLA Service Level Agreement

SOC Service Organisation Control

TDLS Tunnelled Direct-Link Setup

VoIP Voice over IP

16

Wireless Service (WiFi) Standard

APPENDIX E – REFERENCES Agencies should have regard to the following standards, statutes, NSW Government policies and standards:

AS/NZS ISO 31000 Risk management – Principles and guidelines Electronic Transactions Act 2000 Government Information (Public Access) Act 2009 Health Records and Information Privacy Act 2002 IEEE 802.11 Standards IEEE 802.11ac Very High Throughput Amendment (802.11ac is fully backwards compatible with

802.11n and 802.11g) IEEE 801.11n Amendment IEEE 802.11u Protocol ISO 27031-2011 Information technology – Security techniques – Guidelines for information and

communication technology readiness for business continuity ISO 27001 Information technology – Security techniques – Information security management systems

– Requirements NSW Government Digital Information Security Policy NSW Government Open Data Policy NSW Government Cloud Policy NSW Government Standard for Data Quality Reporting NSW Government ICT Strategy NSW Government Digital + 2016 Final Update NSW Government Information Classification, Labelling and Handling Guidelines NSW Government Investment Policy and Guidelines NSW Procurement: Small and Medium Enterprises Policy Framework Privacy and Personal Information Protection Act 1998 Public Finance and Audit Act 1983 Public Interest Disclosures Act 1994 State Records Act 1998 TPP 09-05 - Internal Audit and Risk Management Policy for the NSW Public Sector

17

Wireless Service (WiFi) Standard

APPENDIX F – STANDARDS

Developing technical standardsDevelopment of a standard begins with identifying the need for a new standard, which is followed by the development of the standard in consultation with the industry and experts groups, including the Australian Information Industry Association (AIIA).

The following diagram outlines the process.

The ICT Procurement and Technical Standards Working Group (PTS Working Group) is chaired by the Department of Finance, Services & Innovation and includes senior representation from across NSW Government.

Agencies engage with the PTS Working Group concerning services for inclusion in the ICT Services Catalogue. This drives the development of technical standards, where none exist. The PTS Working Group has the leading role in reviewing and endorsing the technical standards developed in response to agencies’ requirements.

The PTS Working Group is supported by two sub-groups responsible for the areas of Telecommunications and Services and Solutions. The sub-groups are responsible for initial development and review of standards relating to their areas of responsibility.

Management and implementationThere is scope to modify standards through the NSW Government ICT governance arrangements as necessary. Standards are designed to add value, augment and be complementary to, other guidance, and they are continually improved and updated.

This standard does not affect or override the responsibilities of an agency or any employee regarding the management and disposal of information, data, and assets. Standards in ICT procurement must also address business requirements for service delivery.

NSW Procurement facilitates the implementation of the standards by applying them to the goods and services made available through the ICT Services Catalogue.

18

Need for new or amended standard

identified

Standard developed (Industry/agencies

consulted)

Standard approved and released by PTS

Working Group

Market engagement for services which meet the standard

Services added to Catalogue

Business requirements change