Coverage

Requirements coverage ENS Supplier TELEFĂ“NICA TECH

Requeriments Capacities Services/Solutions Coverage
org.1 Security Policy Compliance, Cybersecurity assessment, Risk and Vulnerability Management, Communications plan
Cybersecurity awareness and training plan Partial coverage
OT&IoT Security Monitoring - Security monitoring in OT&IoT Partial coverage
OT Security Master Plan Partial coverage
Pentesting and Security Assessment Partial coverage
org.2 Security standard Compliance
Cybersecurity awareness and training plan Full coverage
OT Security Master Plan Full coverage
org.3 Security procedures Compliance, Use control policy, Activity log policy, Backup Policy
Cybersecurity awareness and training plan Full coverage
OT Security Master Plan Full coverage
org.4 Authorization process Account management, PKI infrastructure
op.pl.1 Risk analysis Cybersecurity assessment, Risk and Vulnerability Management
OT&IoT Security Monitoring - Security monitoring in OT&IoT Partial coverage
Pentesting and Security Assessment Partial coverage
op.pl.2 Security architecture Network communications control, Secure network design
Pentesting and Security Assessment Partial coverage
op.pl.3 Acquisition of new components Configuration control, Equipment use control, Device control
op.pl.4 Sizing / Capacity Management Hardware and software inventory, Redundancy system
OT&IoT Security Monitoring - Security monitoring in OT&IoT Partial coverage
Pentesting and Security Assessment Partial coverage
op.pl.5 Certified components Certification of the main ICS providers
op.acc.1 Identification Hardware and software inventory, Access control policy
OT Security Master Plan Partial coverage
OT&IoT Security Monitoring - Security monitoring in OT&IoT Partial coverage
Pentesting and Security Assessment Partial coverage
op.acc.2 Access requirements Basic user access control, Multi-factor user access control, Access control policy
OT Security Master Plan Partial coverage
op.acc.3 Segregation of functions and tasks Account management
op.acc.4 Access rights management process Device control, Account management
op.acc.5 op.acc.5 Authentication methods (external users) Hardware Security Keys, Basic user access control, Multi-factor user access control
op.acc.6 op.acc.6 Authentication methods (organization\'s users) Hardware Security Keys, Basic user access control, Multi-factor user access control
op.exp.1 Asset inventory Hardware and software inventory
OT&IoT Security Monitoring - Security monitoring in OT&IoT Full coverage
Pentesting and Security Assessment Full coverage
op.exp.2 Security configuration Configuration control
op.exp.3 Security Configuration Management Configuration control
op.exp.4 Maintenance and security updates Reliable updates, Upgrade testing support
op.exp.5 Change Management Configuration control
op.exp.6 Protection against malicious code Advanced antimalware
op.exp.7 Incident Management Incident response support
Security Incident Response Service Full coverage
op.exp.8 Activity log Inspect endpoint logs, Activity log policy
Cybersecurity awareness and training plan Partial coverage
OT Security Master Plan Partial coverage
Pentesting and Security Assessment Partial coverage
op.exp.9 Incident management log Inspect endpoint logs, Activity log policy
Cybersecurity awareness and training plan Partial coverage
OT Security Master Plan Partial coverage
Pentesting and Security Assessment Partial coverage
op.exp.10 Protection of cryptographic keys PKI infrastructure
op.ext.1 Contracting and service level agreements Certification of the main ICS providers
op.ext.2 Day-to-day management Account management
op.ext.3 Supply Chain Protection Awareness and Training
Cybersecurity awareness and training plan Full coverage
Training - Virtual Academy Full coverage
OT Security Master Plan Full coverage
op.ext.4 Systems interconnection Network communication visualization
OT&IoT Security Monitoring - Security monitoring in OT&IoT Full coverage
op.nub.1 Cloud services protection Data Protection
Cybersecurity awareness and training plan Full coverage
op.cont.1 Impact analysis Risk and Vulnerability Management
op.cont.2 Continuity plan Redundancy system, Backup system
op.cont.3 Periodic tests Upgrade testing support
op.cont.4 Alternative means Redundancy system
op.mon.1 Intrusion detection Industrial DPI for anomaly detection, Advanced detection of anomalies in the IP layer
OT&IoT Security Monitoring - Security monitoring in OT&IoT Full coverage
op.mon.2 Metrics system SIEM integration
op.mon.3 Monitoring Network communication visualization
OT&IoT Security Monitoring - Security monitoring in OT&IoT Full coverage
mp.if.1 Separate and access controlled areas Physical security in the installation of devices, Separation of environments
mp.if.2 Identification of persons Hardware Security Keys
mp.if.3 Fitting out of the premises Physical security in the installation of devices
mp.if.4 Electrical energy Redundancy system
mp.if.5 Fire protection Physical security in the installation of devices
mp.if.6 Flood protection Physical security in the installation of devices
mp.if.7 Entry and exit registration of equipment log Equipment protection diagnostics
mp.per.1 Job description Awareness and Training
Cybersecurity awareness and training plan Full coverage
Training - Virtual Academy Full coverage
OT Security Master Plan Full coverage
mp.per.2 Duties and obligations Awareness and Training
Cybersecurity awareness and training plan Full coverage
Training - Virtual Academy Full coverage
OT Security Master Plan Full coverage
mp.per.3 Awareness Awareness and Training
Cybersecurity awareness and training plan Full coverage
Training - Virtual Academy Full coverage
OT Security Master Plan Full coverage
mp.per.4 Training Awareness and Training
Cybersecurity awareness and training plan Full coverage
Training - Virtual Academy Full coverage
OT Security Master Plan Full coverage
mp.eq.1 Clear workstation Equipment use control
mp.eq.2 Workstation locking Equipment use control
mp.eq.3 Protection of portable equipment Equipment use control
mp.eq.4 Other network-connected devices Device control
mp.com.1 perimeter security Host-based firewall
mp.com.2 Confidentiality protection Data Protection
Cybersecurity awareness and training plan Full coverage
mp.com.3 Integrity and authenticity protection Verification of integrity of software and hardware code
mp.com.4 Separation of information flows in the network Secure network design
Pentesting and Security Assessment Full coverage
mp.si.1 Support marking Industrial network event log (forensic analysis)
mp.si.2 Cryptography PKI infrastructure
mp.si.3 Custody Equipment protection diagnostics
mp.si.4 Transport WI-FI control, Network communications control, Network integrity control, Data Protection
Cybersecurity awareness and training plan Partial coverage
mp.si.5 Erased and destruction Backup Policy
Cybersecurity awareness and training plan Full coverage
OT Security Master Plan Full coverage
mp.sw.1 Application development Software usage control, Verify PLC integrity
mp.sw.2 Acceptance and commissioning Cybersecurity assessment
OT&IoT Security Monitoring - Security monitoring in OT&IoT Full coverage
Pentesting and Security Assessment Full coverage
mp.info.1 Personal information Data Protection
Cybersecurity awareness and training plan Full coverage
mp.info.2 Information qualification Use control policy
Cybersecurity awareness and training plan Full coverage
OT Security Master Plan Full coverage
mp.info.3 Electronic signature PKI infrastructure
mp.info.4 Timestamps Security log, File integrity monitoring
mp.info.6 Backup Backup system
mp.s.1 E-mail protection Network communications control, Host-based firewall
mp.s.2 Protection of web services and applications Device control
mp.s.3 Web browsing protection Network communications control, Host-based firewall
mp.s.4 Denial of service protection Network communications control, Device control, Host-based firewall
mp.info.5 Document cleaning Backup Policy
Cybersecurity awareness and training plan Full coverage
OT Security Master Plan Full coverage