Coverage

Requirements coverage SGCI Supplier Appsamedia

Requeriments Capacities Services/Solutions Coverage
D1.1.1 Detail the Benefits of the SGCI for the Business Cybersecurity assessment, Risk and Vulnerability Management, Communications plan
D1.1.2 Establishment of potential consequences and assumable risk Risk and Vulnerability Management
D1.1.3 Understand the vision, mission, goals, values and strategies of the organization Cybersecurity assessment
D1.1.4 Analysis of the external environment Risk and Vulnerability Management
D1.1.5 Analysis of the internal environment Risk and Vulnerability Management
D1.1.6 Identify key processes and resources Risk and Vulnerability Management
D1.1.7 Identification and analysis of interested parties Risk and Vulnerability Management
D1.1.8 Identification and analysis of business requirements Risk and Vulnerability Management
D1.1.9 Determination of risk assessment and acceptance criteria Risk and Vulnerability Management
D1.2.1 Definition of scope Cybersecurity assessment, Risk and Vulnerability Management
D1.2.2 Planning of resources for the implementation of the SGCI Risk and Vulnerability Management, Communications plan, Incident response support
D1.2.3 Identification of internal and external resources Risk and Vulnerability Management, Communications plan, Incident response support
D1.3.1 Establishment of responsibilities of the Directorate Compliance, Risk and Vulnerability Management
D1.3.2 Establishment of responsibilities of the SGCI Committee Compliance, Communications plan
D1.3.3 Establishment of responsibilities of the SGCI Program Director Compliance
D1.3.4 Establishment of user responsibilities Awareness and Training, Compliance, Risk and Vulnerability Management, Communications plan
D1.4.1 Establishment of Industrial Cybersecurity Policy Compliance, Risk and Vulnerability Management
D2.1.1 Establishment of the risk analysis approach and methodology Risk and Vulnerability Management
D2.2.1 Identification and characterization of assets Hardware and software inventory
D2.2.2 Identification of threats, controls and vulnerabilities Risk and Vulnerability Management
D2.2.3 Calculation and treatment of risk Risk and Vulnerability Management
D3.1.1 Establishment of security regulations linked to human resources Awareness and Training, Compliance, Communications plan, Access control policy, Use control policy
Ascent Look Out Partial coverage
D3.1.2 ComprobaciĆ³n de antecedentes Compliance
D3.1.3 Description of jobs Compliance
D3.1.4 Establishment of security responsibilities Compliance, Communications plan
D3.1.5 Periodic review of permits Account management
Ascent Look Out Full coverage
D3.1.6 Segregation of duties Role-based access
D3.1.7 Supervision of the use of the systems Equipment use control
D3.1.8 Establishing the Acceptable Use of Resources Software usage control
D3.2.1 Awareness actions Awareness and Training, Communications plan, Access control policy
D3.2.2 Training actions Awareness and Training, Communications plan, Access control policy
D4.1.1 Classification guidelines, impact and sensitivity categories Use control policy, Data Protection
Ascent Look Out Partial coverage
D4.1.2 Identification of owners and custodians Compliance, Communications plan
D4.2.1 Account management Account management, Access control policy, Use control policy
Ascent Look Out Partial coverage
D4.2.2 Authentication Basic user access control, User access control with hidden display, Multi-factor user access control
D4.2.3 Authorization Role-based access, Use control policy
Ascent Look Out Partial coverage
D4.3.1 Organization of Physical Security Physical security in the installation of devices, Redundancy system
D4.3.2 Protection of physical areas and access control Hardware Security Keys, Basic user access control, Equipment use control, Physical security in the installation of devices, Redundancy system, Backup system
D4.3.3 Physical intrusion detection Activity log policy, Security log
Ascent Look Out Partial coverage
Testing service Partial coverage
test1apps Partial coverage
D4.4.1 Protection of communications networks in an industrial context Network event correlation analysis, Network communications control, Network integrity control, Detect attacks on industrial networks (signature-based) , SIEM integration, Network communication visualization
Ascent Look Out Partial coverage
D4.4.2 Network segmentation Secure network design, Separation of environments
test1apps Partial coverage
D4.4.3 Addressing plan Network event correlation analysis, Detect attacks on industrial networks (signature-based) , Secure network design, Network communication visualization
Ascent Look Out Partial coverage
D4.4.4 Protection of wireless networks WI-FI control, Network communications control, Network integrity control, Detect attacks on industrial networks (signature-based) , Network communication visualization
Ascent Look Out Partial coverage
D4.5.1 Identify applications and software providers Reliable updates, Certification of the main ICS providers, Software usage control, Use control policy
Ascent Look Out Partial coverage
D4.5.2 Establishment of strategy and update plan to protect software Reliable updates, Advanced antimalware, Software usage control, Host-based firewall
D4.5.3 Establishment of security tests and code analysis Upgrade testing support
D4.5.4 Establishment of non-upgradeable software compensatory measures White list in discovery mode, Whitelist in prevention mode
D4.5.5 Establishment of Software Change Management Reliable updates, Configuration control, Software usage control, Upgrade testing support
D4.5.6 Establishment of SLAs on software evolution Certification of the main ICS providers, Equipment use control, Software usage control
D4.6.1 Establishment of third party responsibilities Certification of the main ICS providers, Compliance
D4.6.2 Definition of cybersecurity requirements in outsourcing tasks Certification of the main ICS providers, Compliance
D5.1.1 Establishment of scope and policy of resilience and continuity Cybersecurity assessment, Risk and Vulnerability Management, Communications plan
D5.1.2 Defining resilience goals and metrics Cybersecurity assessment, Risk and Vulnerability Management
D.5.1.3 Establishment of resilience responsibilities Compliance
D5.1.4 Definition of the expert committee on resilience Compliance
D5.2.1 Establishment of risk scenarios Cybersecurity assessment, Risk and Vulnerability Management
D5.2.2 Impact analysis Cybersecurity assessment, Risk and Vulnerability Management
D5.2.3 Definition of the resilience and continuity strategy Awareness and Training, Communications plan, Backup Policy
Testing service Partial coverage
D5.3.1 Incident response process Incident response support
D5.3.2 Definition of the communication plan Communications plan
D5.3.3 Definition of the training and awareness plan Awareness and Training
D5.3.4 Definition of the recovery plan Backup Policy, Backup system
Testing service Partial coverage
D5.3.5 Definition of the continuity plan Redundancy system, Backup system
D5.3.6 Definition of the test plan Incident response support
D6.1.1 Establishment of competency requirements for human resources Compliance
D6.1.2 Establishment of documentary requirements Compliance
D6.1.3 Establish communication requirements Communications plan
D6.2.1 Existence of adequate and controlled system documentation Compliance, Data Protection
D6.2.2 Existence of protection mechanisms for system documentation Data Protection
D6.3.1 Performance evaluation in risk management Risk and Vulnerability Management
D6.3.2 Establishment of indicators Compliance
D6.3.3 Review of entry and exit records Activity log policy
Ascent Look Out Full coverage
D6.4.1 Establishing the scope of the audit Activity log policy
Ascent Look Out Full coverage
D6.4.2 Audit planning and implementation Activity log policy
Ascent Look Out Full coverage
D6.4.3 Existence of documentation of responsibilities and requirements Compliance
D6.4.4 Communication of results Communications plan
D6.5.1 Analysis of monitored events Network event correlation analysis, Industrial DPI for anomaly detection, SIEM integration, Security log
test1apps Partial coverage
D6.5.2 Establishment of corrective or preventive actions Risk and Vulnerability Management
D6.5.3 Management of the review by the Directorate Risk and Vulnerability Management
D6.6.1 Definition of content to be communicated Communications plan
D6.6.2 Communication planning Communications plan
D6.6.3 Establishment of communication processes Communications plan
D6.7.1 Definition of integration of responsibilities and functions Compliance
D6.7.2 Integration of policies, documentation and activities Activity log policy
Ascent Look Out Full coverage