forked from intuitem/ciso-assistant-community
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaircyber-v1.5.2.yaml
2459 lines (2303 loc) · 91.1 KB
/
aircyber-v1.5.2.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
urn: urn:intuitem:risk:library:aircyber-v1.5.2
locale: en
ref_id: AirCyber-v1.5.2
name: Public AirCyber Maturity Level Matrix
description: 'AirCyber is the AeroSpace and Defense official standard for Cybersecurity
maturity evaluation and increase built by Airbus, Dassault Aviation, Safran and
Thales to help the AeroSpace SupplyChain to be more resilient.
Their joint venture BoostAeroSpace is offering this extract of the AirCyber maturity
level matrix to provide further details on this standard, the questions and the
AirCyber maturity levels they are associated to.
AirCyber program uses this maturity level matrix as the base of the cyber maturity
evaluation as is the evaluation activity is the very starting point for any cyber
maturity progression. Being aware of the problems is the mandatory very first knowledge
a company shall know to decide to launch a cybersecurity company program.
Source: https://boostaerospace.com/aircyber/
'
copyright: "\xA9 Boost Aerospace\nThis work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike\
\ 4.0 International License. Any commercial use of this work must be contracted\
\ with BoostAeroSpace.\nPermission given to include AirCyber in CISO Assistant.\n"
version: 3
provider: Boost Aerospace
packager: intuitem
objects:
framework:
urn: urn:intuitem:risk:framework:aircyber-v1.5.2
ref_id: AirCyber-v1.5.2
name: Public AirCyber Maturity Level Matrix
description: 'AirCyber is the AeroSpace and Defense official standard for Cybersecurity
maturity evaluation and increase built by Airbus, Dassault Aviation, Safran
and Thales to help the AeroSpace SupplyChain to be more resilient.
Their joint venture BoostAeroSpace is offering this extract of the AirCyber
maturity level matrix to provide further details on this standard, the questions
and the AirCyber maturity levels they are associated to.
AirCyber program uses this maturity level matrix as the base of the cyber maturity
evaluation as is the evaluation activity is the very starting point for any
cyber maturity progression. Being aware of the problems is the mandatory very
first knowledge a company shall know to decide to launch a cybersecurity company
program.
Source: https://boostaerospace.com/aircyber/
'
implementation_groups_definition:
- ref_id: Bronze
name: Bronze
description: null
- ref_id: Silver
name: Silver
description: null
- ref_id: Gold
name: Gold
description: null
requirement_nodes:
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.1
assessable: true
depth: 1
ref_id: '1.1'
name: 'Secure access to building '
description: Are access to your buildings, offices and IT facilities controlled
and limited (e. g. through the use of locked doors, magnetic card readers,
prevention, detection and intervention devices in the event of theft, etc.)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.2
assessable: true
depth: 1
ref_id: '1.2'
name: Secure access to servers & technical room
description: Is the enclosure of buildings hosting your server rooms and technical
rooms secured by a fence, an entrance barrier, video surveillance, and an
alarm?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.3
assessable: true
depth: 1
ref_id: '1.3'
name: Secure access to building (servers & technical room)
description: Is the enclosure of your premises secured by guards with night
surveillance, an entrance barrier, video surveillance and an alarm?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.4
assessable: true
depth: 1
ref_id: '1.4'
name: 'Visitor escorting '
description: Are visitors permanently accompanied on your premises?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.5
assessable: true
depth: 1
ref_id: '1.5'
name: Redundancy of the power supply
description: Do you use inverters or back-up batteries (to ensure the power
supply in case of loss of power)?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.6
assessable: true
depth: 1
ref_id: '1.6'
name: Clean office policy
description: Do you have a clean desktop policy (physical and screen lock) for
sensitive papers and removable storage media?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:1.7
assessable: true
depth: 1
ref_id: '1.7'
name: Verify compliance of entities, subsites
description: If you have several geographical IT sites, do you visit them to
check physical and IT security regularly (min. once every 2 years) ?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.1
assessable: true
depth: 1
ref_id: '2.1'
name: 'Automatic HW inventory tool centralized '
description: 'Do you have an up-to-date inventory of your IT system? (servers,
desktop PCs, laptops, printers, network devices, smartphones, etc.)
Do you have an accurate and up-to-date inventory of the assets (workstation,
servers, ...) used for your customers production?'
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.1.1
assessable: true
depth: 1
ref_id: 2.1.1
name: Map of the company network
description: Do you have a complete network diagram of your company?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.1.2
assessable: true
depth: 1
ref_id: 2.1.2
name: Live / automatic update of the company network map
description: Is your network diagram automatically updated with network information
and service protocols?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.1.3
assessable: true
depth: 1
ref_id: 2.1.3
name: Automatic HW inventory tool centralized and new device detection.
description: "Have you implemented a detection and monitoring solution (NAC,\
\ DHCP moni-toring) for the connection of new devices (PC, server, printer,\
\ routers, Internet modems\u2026) on your internal network?"
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.2
assessable: true
depth: 1
ref_id: '2.2'
name: Inventory of HW devices updated frequently
description: 'Is the list of your computer devices regularly updated?
(servers, desktop PCs, laptops, printers, network device, smartphones, etc.)'
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.3
assessable: true
depth: 1
ref_id: '2.3'
name: "Sufficient ICT security resources to manage ICT security of the company\
\ with respect to the number of IT users / devices / employees\_"
description: Is there a person or department assigned to the management the
computer systems?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.4
assessable: true
depth: 1
ref_id: '2.4'
name: Specify governance with clear roles and responsibilities
description: Do you have an information systems security focal point (RSSI or
equivalent)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.4.1
assessable: true
depth: 1
ref_id: 2.4.1
name: Communicate to all employees' company security policy and directives
description: Has your organization implemented an Information Security Policy
and associated controls? Do you communicate them to all users and project
managers?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.5
assessable: true
depth: 1
ref_id: '2.5'
name: 'Policy management for all PCs/Laptops. Standardized client setup. '
description: Do you use a tool to ensure that all your workstations (servers,
laptops, desk-top PCs) are secure in a consistent way (identical security
policies between workstations, gap management, etc.)
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.5.1
assessable: true
depth: 1
ref_id: 2.5.1
name: Centralized smartphone management [MDM]
description: Do you use a tool to ensure that all your smartphones are secure
in a con-sistent way (identical security policies between them, gap management,
etc.)
implementation_groups:
- SIlver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.6
assessable: true
depth: 1
ref_id: '2.6'
name: Malware protection based on signature list detection
description: Do you implement an automatic malware detection tool across the
entire IT infrastructure (workstations, servers)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.7
assessable: true
depth: 1
ref_id: '2.7'
name: Malware protection detecting abnormal behaviour based on system events
description: Have you implemented an automatic malware removal or quarantine
tool (anti-malware) on the entire IT device?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.8
assessable: true
depth: 1
ref_id: '2.8'
name: 'Light smartphones management : configuration of passwords, anti-virus
on open systems like Android'
description: 'Are enterprise smartphones managed by your IT team (for example:
password and anti-virus policy configuration)?'
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.8.1
assessable: true
depth: 1
ref_id: 2.8.1
name: 'Light smartphones security policy '
description: Do enterprise smartphones have a dedicated security policy?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.8.2
assessable: true
depth: 1
ref_id: 2.8.2
name: Central mobile device applications management and control list of application
deployed by users.
description: Are enterprise smartphones managed centrally with a tool to control
their configuration, security status?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.9
assessable: true
depth: 1
ref_id: '2.9'
name: 'Centralized secure log collection system from the different ICT sensitive
sources '
description: Do you use a centralized solution to activate, keep for at least
a year and configure the logs of the most important components like firewalls
or internet access?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.9.1
assessable: true
depth: 1
ref_id: 2.9.1
name: Log analysis tool allowing forensics
description: Do you perform log analysis (e.g. real time analysis, SOC, etc.)
of the most important components (servers, workstations, laptops, printers,
network equipment, smartphones, etc.)?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.9.2
assessable: true
depth: 1
ref_id: 2.9.2
name: logs check for admin accounts usage
description: Do you activate, keep for at least a year and configure the administrator
au-thentication logs on network, the server and computer device?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.9.3
assessable: true
depth: 1
ref_id: 2.9.3
name: inventory log sources on ICT sensitive systems
description: Do you use a procedure to implement log backup of the most important
com-ponents such as firewalls, internet access?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.9.4
assessable: true
depth: 1
ref_id: 2.9.4
name: AD hardening and logging
description: Do you secure the default configuration of your Active Directory
(AD) server and do you keep at least for a year the logs with the authentication
information on the AD? (hardening of the operating system (restrict the authorized
com-munication protocols and launched services, prohibit direct Internet access
from the server, disable default accounts) and the configuration of the Active
Directory service (read-only AD, validation of policies, security rules of
work-stations managed via the AD, restriction and security of passwords of
privileged accounts...)
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.9.5
assessable: true
depth: 1
ref_id: 2.9.5
name: Active Directory complete hardening and associated security alerts
description: "Have you finished the security hardening of your active directory\
\ server (by applying all best practices or having accepted the residual risks\
\ of undeployed measures) and have you configured the generation of detailed\
\ alerts in the event of a security incident (configuration of detailed logs,\
\ active \u2013 with alerts \u2013 monitoring of the logs)?"
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.10
assessable: true
depth: 1
ref_id: '2.10'
name: Automatic and managed back-up / restore process & test
description: Do you define and apply an automatic backup policy for critical
components with a tested recovery procedure?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:2.11
assessable: true
depth: 1
ref_id: '2.11'
name: Best practice for removable media.
description: Have you defined rules concerning the behaviour of users regarding
the de-vices they could connect to their computers (prohibit to connect a
USB flash drive found by chance, do an antivirus scan of the partners' usb
keys, do not connect any strange device on their computers...)
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.1
assessable: true
depth: 1
ref_id: '3.1'
name: 'Individual identification to all users '
description: Does each employee have a nominative identifier on IT production
environments?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.1.1
assessable: true
depth: 1
ref_id: 3.1.1
name: When required, perform background check before employment.
description: When security constraints have been identified, such as national
clearance requirements, do you check the background and profile suitability
of new hired (e.g. criminal record/nationality) depending on the role they
apply to (e.g. senior, IT staff, etc.)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.1.2
assessable: true
depth: 1
ref_id: 3.1.2
name: Secure hires and transfers of employees where security constraints have
been identified (habilitation required)
description: When security constraints have been identified, such as national
clearance requirements, do you check the background and profile suitability
of new hires (criminal record/nationality)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.2
assessable: true
depth: 1
ref_id: '3.2'
name: No admin rights on computers, servers, etc. with day to day user account
description: 'Do you confirm that accounts delivered to users for day to day
access to the information system (computer, server, cloud) do not have administrative
rights (administrators can change security settings, install software and
devices and access all files on the computer)?
'
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.3
assessable: true
depth: 1
ref_id: '3.3'
name: Up to date inventory of admin accounts
description: Do you have a complete inventory of privileged (administrative)
accounts and do you keep it up to date?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.31
assessable: true
depth: 1
ref_id: '3.31'
name: Secure admin accounts management solution
description: If you use administrator accounts on machines, do you have a solution
in place to control their security (password security, account blocking, remote
change, etc.)?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.4
assessable: true
depth: 1
ref_id: '3.4'
name: Have an awareness process / track awareness deployment to operational
security team
description: Do you train operational teams (network administrators, security
and systems administrators, project managers, developers, CISOs) in information
systems security?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.5
assessable: true
depth: 1
ref_id: '3.5'
name: "Propose user awareness (e-mails, information system GTC, documentations\u2026\
)"
description: 'Do you make users aware of the rules, good behavior and information
security instructions governing daily activity?
Is this confirmed by the signing of an information systems charter specifying
the rules and cybersecurity instructions that they must respect, or a legally
enforceable equivalent (such as an annex to the internal company regulations,
employment contract)?'
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.5.1
assessable: true
depth: 1
ref_id: 3.5.1
name: Link awareness to HR and offer awareness sessions to new entrants (including
trainees) as soon as they are hired / Link yearly objectives to Cyber Awareness.
description: Do you set up systematic cybersecurity training for all employees
and contractors, adapted or customized according to their role in the company,
and do you follow up attendance to this training?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:3.6
assessable: true
depth: 1
ref_id: '3.6'
name: Secure laptops against data spying
description: Do users have access to IT security resources related to travel
on their laptops? (Screen filter, security cable, VPN, encryption, monitoring,...)
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.1
assessable: true
depth: 1
ref_id: '4.1'
name: "Management of entry/exit of\_IT\_of all users"
description: "Is there an entry and exit procedure for users and administrators?\
\ \n(Creation of a specific identifier, signature of a user charter, account\
\ deactivation)?\n"
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.2
assessable: true
depth: 1
ref_id: '4.2'
name: Administrative rights needed to install software
description: Do users need administrative rights that require different authentication
with an admin account or computer support to install software on their computers?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.21
assessable: true
depth: 1
ref_id: '4.21'
name: Centralized, monitored active management of users (Active Directory)
with security alerts
description: 'Do you have a centralized and secure management of user accounts
capable of detecting abnormal behavior (theft of identifiers, use on non-standard
servers, attempt to discover the password...)? '
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.3
assessable: true
depth: 1
ref_id: '4.3'
name: Encrypt passwords
description: Do you protect passwords stored on systems (encryption)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.4
assessable: true
depth: 1
ref_id: '4.4'
name: Password security rules
description: Is there a password management policy (regular change, minimum
security constraints, special characters, number of characters, adapted policy
for administrators, etc.)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.4.1
assessable: true
depth: 1
ref_id: 4.4.1
name: Change default ID and password for devices and services
description: Do you change the default passwords and identifiers of the devices
of your in-formation system?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.5
assessable: true
depth: 1
ref_id: '4.5'
name: 'Rules to update frequently SW and systems. '
description: Do you regularly update components (servers, desktop PCs, laptops,
printers, network device, smartphones, etc.)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.6
assessable: true
depth: 1
ref_id: '4.6'
name: Track frequently system not up to date
description: Do you anticipate the end of software and system maintenance?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.6.1
assessable: true
depth: 1
ref_id: 4.6.1
name: Third party softwares versions control
description: In order to avoid potential vulnerabilities (unknown software,
not updated...) do you verify the versions of the software installed on your
computer park?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.6.2
assessable: true
depth: 1
ref_id: 4.6.2
name: inventory of allowed and forbidden software
description: Do you have a list of authorized and prohibited software?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.7
assessable: true
depth: 1
ref_id: '4.7'
name: 'CERT : Stay aware of cyberenvironment [CERT alert by ANSSI] / follow
news from SW editors'
description: 'Do you follow at least every week a procedure of management of
security alerts and advisories of CERTs (Computer Emergency Response Teams)
and software editors?
'
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8
assessable: true
depth: 1
ref_id: '4.8'
name: attacks or malicious activities detection (e.g. SOC)
description: Is there a Security Operation Center (SOC) for detecting issues
and monitoring the cybersecurity of the information system?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8.1
assessable: true
depth: 1
ref_id: 4.8.1
name: centralize logs interpretation in SIEM
description: Do you centralize security incidents and events through events
collection tools (SIEM (Security Information Event Management))?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8.2
assessable: true
depth: 1
ref_id: 4.8.2
name: Monitor and alert on user device activity
description: Do you monitor users' devices such as fixed PC, laptop, smartphone,
USB key, etc...?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8.3
assessable: true
depth: 1
ref_id: 4.8.3
name: tool to alert and perform semi-automatic isolation or shut down of systems
description: Is there an alert tool to automatically shut down or isolate some
elements of the computer system in the event of a major incident?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8.4
assessable: true
depth: 1
ref_id: 4.8.4
name: Central Network cyber incidents monitoring
description: Is there a Network Operations Center (NOC) or similar solution
for detecting network security incidents?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8.5
assessable: true
depth: 1
ref_id: 4.8.5
name: Detect / block unauthorized connection to network
description: Do you block unauthorized connections to your network?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.8.6
assessable: true
depth: 1
ref_id: 4.8.6
name: Network traffic abnormal behaviour monitoring
description: Have you deployed and monitor network probes to detect malicious
or abnormal activities?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.9
assessable: true
depth: 1
ref_id: '4.9'
name: Process for cyber incidents management & escalation
description: Are there escalation and alert processes for security incidents?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.9.1
assessable: true
depth: 1
ref_id: 4.9.1
name: Implement hosts IDS/IPS probes on servers and clients to monitors network
or system activities for malicious activities or policy violation.
description: Have you implemented solutions on PCs and Servers to detect, block
or alert abnormal behaviors (IDS/IPS)?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.10
assessable: true
depth: 1
ref_id: '4.10'
name: Register to CERT S/W vulnerability and linked to patch follow up
description: Have you subscribed to a news feed informing you of new cyber security
vulner-abilities and cyber security alerts such as those proposed by government
CERTs (ANSSI FR, NIST US), international security monitoring sites?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:4.11
assessable: true
depth: 1
ref_id: '4.11'
name: 'Automatic vulnerability detection plus threat intelligence regarding
cyber threat, attacks and vulnerabilities from all sources '
description: Have you set up or contracted professional and customized security
alert services for your company, its sector of activity, the IT devices you
have deployed, etc. (professional or sectoral "CERT")?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.1
assessable: true
depth: 1
ref_id: '5.1'
name: "Identify the company's most sensitive servers\_"
description: Do you know the most sensitive servers in your information system?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.2
assessable: true
depth: 1
ref_id: '5.2'
name: internal firewalls, physical network segmentation to segregate network
description: Do you use security device to protect and partition your internal
network? (Firewall, proxy, etc.)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.2.1
assessable: true
depth: 1
ref_id: 5.2.1
name: Firewall on laptop and desktop
description: Do you use a firewall on client workstations? (laptop, desktop
PC)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.2.2
assessable: true
depth: 1
ref_id: 5.2.2
name: Yearly Firewall Control
description: Do you check the configuration of the firewalls at least once a
year?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.3
assessable: true
depth: 1
ref_id: '5.3'
name: Secure Network architecture hardened
description: 'Do you have a network architecture that prioritize secure communications
and allows non-secured protocols if mandatory under specific control and isolation
from the rest of the network. For example, encouraging encrypted protocols
only and forbidding non-secure protocols (e.g.: configure network and desktop/server
firewall to forbid telnet-23 protocols in the local network, forbidding usage
of Windows Samba v1 file-sharing protocol or NTLMv1 authentication, etc.)?'
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.4
assessable: true
depth: 1
ref_id: '5.4'
name: Strong authentication to webmail
description: Do you use secure authentication for connecting to your company
emails from the Internet (double authentication with phone and/or blocking
accounts against password attempts, regular password change, complex password)?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.5
assessable: true
depth: 1
ref_id: '5.5'
name: ' Strong identification on critical services with alerts'
description: 'Do you use strong authentication and monitor (alerts in case of
failure) the connection to sensitive devices such as: IT device administration,
cloud ser-vices administration and websites? '
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.5.1
assessable: true
depth: 1
ref_id: 5.5.1
name: 'Offer SSO for netw application or E-SSO password manager '
description: Do you use SSO (single sign on) features for http or applications
with an auto-mated password manager and auto fill?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.6
assessable: true
depth: 1
ref_id: '5.6'
name: Dedicated and compartmentalized network for information system administration
description: 'Do you use a dedicated, segregated network (internet, user workstation)
secured by protocol break (bouncing machine, bastion host, reverse proxy,
etc.) for the administration of the information system?
'
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.6.1
assessable: true
depth: 1
ref_id: 5.6.1
name: Control internet/network sharing/merging in devices (usb modem, etc)
description: Do you have protection on the workstations to prevent users from
opening unsecured Internet networks by connecting for example a modem / 3G
USB flash drive, smartphone and at the same time having these same computers
connected to the company network?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.7
assessable: true
depth: 1
ref_id: '5.7'
name: Limit code execution or propagation of malware / virus, automatic scan
of removable devices
description: Do you protect yourselves from threats related to the use of removable
media (specific security tool, antivirus configuration for USB, hardening
computer)?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.7.1
assessable: true
depth: 1
ref_id: 5.7.1
name: Encrypt data on mobile devices (USB drives, smartphones)
description: Do you encrypt sensitive data on removable media without any user
interac-tion (transparent automatic encryption)?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.8
assessable: true
depth: 1
ref_id: '5.8'
name: Forbid or securely manage "BYOD"
description: Have all devices (computer, tablet pc, smartphone) connected to
the compa-ny's information system been subject to a formal and prior approval
proce-dure?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.8.1
assessable: true
depth: 1
ref_id: 5.8.1
name: Set container solutions for corporate application / data on mobile device
used for both personal and professional and not encrypted
description: "Do you have complete control over the professional usage of enterprise\
\ appli-cations / data on mobile devices? \n(good separation of personal\
\ and professional environments)\n"
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.9
assessable: true
depth: 1
ref_id: '5.9'
name: Internet access filtered (blacklist / categorized)
description: 'Are Internet accesses filtered by a proxy server? '
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.9.1
assessable: true
depth: 1
ref_id: 5.9.1
name: Web-application firewall for internally internet facing application
description: Do you protect your web servers accessible from outside the company's
net-work with WAF (web access filtering) device?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.10
assessable: true
depth: 1
ref_id: '5.10'
name: 'Internet traffic level NW monitoring with alerting '
description: Is there Internet traffic monitoring with alerts but also indicators
(KPIs) on the use of company data on the Internet?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.10.1
assessable: true
depth: 1
ref_id: 5.10.1
name: 'Encryption for internet links between different sites '
description: Do you encrypt your connections between your various sites of your
company and your partners?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.10.2
assessable: true
depth: 1
ref_id: 5.10.2
name: 'secure internet access to non- categorized websites or personal '
description: If you have allowed browsing to non-professional websites, have
you deployed a secure browsing solution for these sites that isolates it from
the standard computer network?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.11
assessable: true
depth: 1
ref_id: '5.11'
name: 'Manage WI-Fi Guest access segregated '
description: Do you have a "visitor" Wifi isolated from the rest of the Company's
network? (Specific connection, dedicated Wifi?)
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.12
assessable: true
depth: 1
ref_id: '5.12'
name: '
Manage Wi-Fi access segregated'
description: Do you have a secure Wifi access with a separation of uses? (staff,
industrial, professional, visitor, etc.)
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.13
assessable: true
depth: 1
ref_id: '5.13'
name: 'Set an email filtering when associated attachments have dangerous extension
(.exe for example) or content '
description: Is there a system for filtering valid e-mails against malicious
ones? (Anti-spam, removal of suspicious attached files, etc...)
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.13.1
assessable: true
depth: 1
ref_id: 5.13.1
name: 'Encrypt email content easily '
description: Do you offer users the possibility to easily encrypt the content
of e-mails?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.14
assessable: true
depth: 1
ref_id: '5.14'
name: Security access to supplier and subcontractor to information system
description: Do you secure network interconnections with your subcontractors
and suppli-ers?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.14.1
assessable: true
depth: 1
ref_id: 5.14.1
name: ' Secure exchange platform access with suppliers and subcontractors to
exchange sensitive data'
description: Do you offer a secure exchange platform for your subcontractors
and suppli-ers?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.14.2
assessable: true
depth: 1
ref_id: 5.14.2
name: Segregate Website and internet accessible services from the rest of the
company network.
description: If your website is hosted within the company, do you separate your
website and Internet-accessible services from the rest of the company's network
(via a segregated network zone, e.g. "DMZ")?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.15
assessable: true
depth: 1
ref_id: '5.15'
name: ' Detect any new device connected to the network.'
description: Do you allow connection to the network only to devices identified
and man-aged by the information system?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:5.17
assessable: true
depth: 1
ref_id: '5.17'
name: Policy for external connection to information system
description: For remote access to your information system (mobile or on-call
users, remote sites) do you systematically implement a security solution that
ensures strong identification and authentication of the user (MFA, login
/ password, certificates, ...) ?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.1
assessable: true
depth: 1
ref_id: '6.1'
name: Define and apply a backup policy for sensitive data
description: Is the important data saved regularly?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.2
assessable: true
depth: 1
ref_id: '6.2'
name: 'Setup secure and distinct physical sites for backup storage
'
description: Are your backups protected in a secure room?
implementation_groups:
- Silver
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.3
assessable: true
depth: 1
ref_id: '6.3'
name: "Setup secure backup storage on cloud system \n"
description: Do you use a centrally managed data storage and backup system,
such as a cloud (AWS, O365 Sharepoint, OneDrive, google drive,...)?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.4
assessable: true
depth: 1
ref_id: '6.4'
name: 'Hard Disk encryption on desktops '
description: Do you encrypt computer, smartphones hard disks without any user
interaction (transparent automatic encryption)?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.5
assessable: true
depth: 1
ref_id: '6.5'
name: 'data lost prevention solutions with central management of data confidentiality
solutions '
description: Do you implement enterprise data protection management solutions
(leak de-tection of confidential data, roles and responsibilities, etc.)?
implementation_groups:
- Gold
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.6
assessable: true
depth: 1
ref_id: '6.6'
name: 'Proceed to regular controls of the SI and set corrective solution '
description: Do you carry out regular security audits (application, network,
process), then apply the associated corrective actions?
implementation_groups:
- Bronze
- urn: urn:intuitem:risk:req_node:aircyber-v1.5.2:6.6.1
assessable: true