| org.1 Security Policy |
Compliance, Cybersecurity assessment, Risk and Vulnerability Management, Communications plan |
| Cybersecurity in electronic devices |
Partial coverage |
| org.2 Security standard |
Compliance |
|
|
| org.3 Security procedures |
Compliance, Use control policy, Activity log policy, Backup Policy |
|
|
| org.4 Authorization process |
Account management, PKI infrastructure |
|
|
| op.pl.1 Risk analysis |
Cybersecurity assessment, Risk and Vulnerability Management |
| Cybersecurity in connected vehicles |
Partial coverage |
| Cybersecurity in electronic devices |
Partial coverage |
| op.pl.2 Security architecture |
Network communications control, Secure network design |
|
|
| op.pl.3 Acquisition of new components |
Configuration control, Equipment use control, Device control |
|
|
| op.pl.4 Sizing / Capacity Management |
Hardware and software inventory, Redundancy system |
|
|
| op.pl.5 Certified components |
Certification of the main ICS providers |
|
|
| op.acc.1 Identification |
Hardware and software inventory, Access control policy |
|
|
| op.acc.2 Access requirements |
Basic user access control, Multi-factor user access control, Access control policy |
|
|
| op.acc.3 Segregation of functions and tasks |
Account management |
|
|
| op.acc.4 Access rights management process |
Device control, Account management |
|
|
| op.acc.5 op.acc.5 Authentication methods (external users) |
Hardware Security Keys, Basic user access control, Multi-factor user access control |
| Cybersecurity in electronic devices |
Partial coverage |
| op.acc.6 op.acc.6 Authentication methods (organization\'s users) |
Hardware Security Keys, Basic user access control, Multi-factor user access control |
| Cybersecurity in electronic devices |
Partial coverage |
| op.exp.1 Asset inventory |
Hardware and software inventory |
|
|
| op.exp.2 Security configuration |
Configuration control |
|
|
| op.exp.3 Security Configuration Management |
Configuration control |
|
|
| op.exp.4 Maintenance and security updates |
Reliable updates, Upgrade testing support |
|
|
| op.exp.5 Change Management |
Configuration control |
|
|
| op.exp.6 Protection against malicious code |
Advanced antimalware |
|
|
| op.exp.7 Incident Management |
Incident response support |
|
|
| op.exp.8 Activity log |
Inspect endpoint logs, Activity log policy |
|
|
| op.exp.9 Incident management log |
Inspect endpoint logs, Activity log policy |
|
|
| op.exp.10 Protection of cryptographic keys |
PKI infrastructure |
|
|
| op.ext.1 Contracting and service level agreements |
Certification of the main ICS providers |
|
|
| op.ext.2 Day-to-day management |
Account management |
|
|
| op.ext.3 Supply Chain Protection |
Awareness and Training |
|
|
| op.ext.4 Systems interconnection |
Network communication visualization |
|
|
| op.nub.1 Cloud services protection |
Data Protection |
|
|
| op.cont.1 Impact analysis |
Risk and Vulnerability Management |
|
|
| op.cont.2 Continuity plan |
Redundancy system, Backup system |
|
|
| op.cont.3 Periodic tests |
Upgrade testing support |
|
|
| op.cont.4 Alternative means |
Redundancy system |
|
|
| op.mon.1 Intrusion detection |
Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer |
| Distributed security systems |
Partial coverage |
| op.mon.2 Metrics system |
SIEM integration |
|
|
| op.mon.3 Monitoring |
Network communication visualization |
|
|
| mp.if.1 Separate and access controlled areas |
Physical security in the installation of devices, Separation of environments |
|
|
| mp.if.2 Identification of persons |
Hardware Security Keys |
| Cybersecurity in electronic devices |
Full coverage |
| mp.if.3 Fitting out of the premises |
Physical security in the installation of devices |
|
|
| mp.if.4 Electrical energy |
Redundancy system |
|
|
| mp.if.5 Fire protection |
Physical security in the installation of devices |
|
|
| mp.if.6 Flood protection |
Physical security in the installation of devices |
|
|
| mp.if.7 Entry and exit registration of equipment log |
Equipment protection diagnostics |
| Cybersecurity in electronic devices |
Full coverage |
| mp.per.1 Job description |
Awareness and Training |
|
|
| mp.per.2 Duties and obligations |
Awareness and Training |
|
|
| mp.per.3 Awareness |
Awareness and Training |
|
|
| mp.per.4 Training |
Awareness and Training |
|
|
| mp.eq.1 Clear workstation |
Equipment use control |
|
|
| mp.eq.2 Workstation locking |
Equipment use control |
|
|
| mp.eq.3 Protection of portable equipment |
Equipment use control |
|
|
| mp.eq.4 Other network-connected devices |
Device control |
|
|
| mp.com.1 perimeter security |
Host-based firewall |
|
|
| mp.com.2 Confidentiality protection |
Data Protection |
|
|
| mp.com.3 Integrity and authenticity protection |
Verification of integrity of software and hardware code |
|
|
| mp.com.4 Separation of information flows in the network |
Secure network design |
|
|
| mp.si.1 Support marking |
Industrial network event log (forensic analysis) |
|
|
| mp.si.2 Cryptography |
PKI infrastructure |
|
|
| mp.si.3 Custody |
Equipment protection diagnostics |
| Cybersecurity in electronic devices |
Full coverage |
| mp.si.4 Transport |
WI-FI control, Network communications control, Network integrity control, Data Protection |
|
|
| mp.si.5 Erased and destruction |
Backup Policy |
|
|
| mp.sw.1 Application development |
Software usage control, Verify PLC integrity |
|
|
| mp.sw.2 Acceptance and commissioning |
Cybersecurity assessment |
| Cybersecurity in connected vehicles |
Full coverage |
| Cybersecurity in electronic devices |
Full coverage |
| mp.info.1 Personal information |
Data Protection |
|
|
| mp.info.2 Information qualification |
Use control policy |
|
|
| mp.info.3 Electronic signature |
PKI infrastructure |
|
|
| mp.info.4 Timestamps |
Security log, File integrity monitoring |
|
|
| mp.info.6 Backup |
Backup system |
|
|
| mp.s.1 E-mail protection |
Network communications control, Host-based firewall |
|
|
| mp.s.2 Protection of web services and applications |
Device control |
|
|
| mp.s.3 Web browsing protection |
Network communications control, Host-based firewall |
|
|
| mp.s.4 Denial of service protection |
Network communications control, Device control, Host-based firewall |
|
|
| mp.info.5 Document cleaning |
Backup Policy |
|
|
