Date: Apr 24, 2024, 11:30:13 PM
Date: Nov 28, 2019, 2:04:11 PM
Editor: Juan
Name:
Name: NIS security measures for OES
Description:
Description: Network and Information Security (NIS) security measures for Operators of Essential Services (OES)
| t | 1 | {} | t | 1 | { |
| 2 | "label": "NIS security measures for OES", | ||||
| 3 | "language": "EN", | ||||
| 4 | "refs": [ | ||||
| 5 | "https://www.enisa.europa.eu/publications/mapping-of-oes-security-requirements-to-specific-sectors" | ||||
| 6 | ], | ||||
| 7 | "uuid": "3f4a2a67-a1f9-46e1-8d71-7f6486217bb7", | ||||
| 8 | "values": [ | ||||
| 9 | { | ||||
| 10 | "category": "Information System Security Governance & Risk Management", | ||||
| 11 | "code": "1.1.1", | ||||
| 12 | "label": "Information system security risk analysis", | ||||
| 13 | "uuid": "030ef936-d0fe-4d6b-9238-e3004f58f7b6" | ||||
| 14 | }, | ||||
| 15 | { | ||||
| 16 | "category": "Information System Security Governance & Risk Management", | ||||
| 17 | "code": "1.1.2", | ||||
| 18 | "label": "Information system security policy", | ||||
| 19 | "uuid": "02527779-a76f-42fc-b420-6726099d4241" | ||||
| 20 | }, | ||||
| 21 | { | ||||
| 22 | "category": "Information System Security Governance & Risk Management", | ||||
| 23 | "code": "1.1.3", | ||||
| 24 | "label": "Information system security accreditation", | ||||
| 25 | "uuid": "8ead422e-2d73-48e8-82f9-b82fe363d072" | ||||
| 26 | }, | ||||
| 27 | { | ||||
| 28 | "category": "Information System Security Governance & Risk Management", | ||||
| 29 | "code": "1.1.4", | ||||
| 30 | "label": "Information system security indicators", | ||||
| 31 | "uuid": "7d1e4532-ddb1-408c-8a9d-ffed0cef3821" | ||||
| 32 | }, | ||||
| 33 | { | ||||
| 34 | "category": "Information System Security Governance & Risk Management", | ||||
| 35 | "code": "1.1.5", | ||||
| 36 | "label": "Information system security audit", | ||||
| 37 | "uuid": "d646a78e-68d8-4d60-a01f-455b1a0df4f1" | ||||
| 38 | }, | ||||
| 39 | { | ||||
| 40 | "category": "Information System Security Governance & Risk Management", | ||||
| 41 | "code": "1.1.6", | ||||
| 42 | "label": "Human resource security", | ||||
| 43 | "uuid": "cfda8669-f42c-4917-833e-b873110b4380" | ||||
| 44 | }, | ||||
| 45 | { | ||||
| 46 | "category": "Information System Security Governance & Risk Management", | ||||
| 47 | "code": "1.1.7", | ||||
| 48 | "label": "Asset Management", | ||||
| 49 | "uuid": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9" | ||||
| 50 | }, | ||||
| 51 | { | ||||
| 52 | "category": "Ecosystem management", | ||||
| 53 | "code": "1.2.1", | ||||
| 54 | "label": "Ecosystem mapping", | ||||
| 55 | "uuid": "66b045d6-77a5-426f-afe5-55cac81ac5c8" | ||||
| 56 | }, | ||||
| 57 | { | ||||
| 58 | "category": "Ecosystem management", | ||||
| 59 | "code": "1.2.2", | ||||
| 60 | "label": "Ecosystem relations", | ||||
| 61 | "uuid": "26b54bed-01d5-4614-b0ed-907af072b8a9" | ||||
| 62 | }, | ||||
| 63 | { | ||||
| 64 | "category": "IT Security Architecture", | ||||
| 65 | "code": "2.1.1", | ||||
| 66 | "label": "Systems configuration", | ||||
| 67 | "uuid": "8e6bf606-42cf-4f85-bedd-5e633d241183" | ||||
| 68 | }, | ||||
| 69 | { | ||||
| 70 | "category": "IT Security Architecture", | ||||
| 71 | "code": "2.1.2", | ||||
| 72 | "label": "System segregation", | ||||
| 73 | "uuid": "a3f6ee47-de81-400a-a7dc-79e79fb73729" | ||||
| 74 | }, | ||||
| 75 | { | ||||
| 76 | "category": "IT Security Architecture", | ||||
| 77 | "code": "2.1.3", | ||||
| 78 | "label": "Traffic filtering", | ||||
| 79 | "uuid": "7374508b-6114-4219-8834-7b87117fcbf9" | ||||
| 80 | }, | ||||
| 81 | { | ||||
| 82 | "category": "IT Security Architecture", | ||||
| 83 | "code": "2.1.4", | ||||
| 84 | "label": "Cryptography", | ||||
| 85 | "uuid": "fd44edba-005b-447c-8612-c0a92cbb0ec6" | ||||
| 86 | }, | ||||
| 87 | { | ||||
| 88 | "category": "IT Security Administration", | ||||
| 89 | "code": "2.2.1", | ||||
| 90 | "label": "Administration accounts", | ||||
| 91 | "uuid": "9fa537a3-efc0-4624-aeae-ab975076e1c0" | ||||
| 92 | }, | ||||
| 93 | { | ||||
| 94 | "category": "IT Security Administration", | ||||
| 95 | "code": "2.2.2", | ||||
| 96 | "label": "Administration information systems", | ||||
| 97 | "uuid": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79" | ||||
| 98 | }, | ||||
| 99 | { | ||||
| 100 | "category": "Identity and access management", | ||||
| 101 | "code": "2.3.1", | ||||
| 102 | "label": "Authentication and identification", | ||||
| 103 | "uuid": "f5f8ef4a-25f2-4169-b279-424081fc6125" | ||||
| 104 | }, | ||||
| 105 | { | ||||
| 106 | "category": "Identity and access management", | ||||
| 107 | "code": "2.3.2", | ||||
| 108 | "label": "Access rights", | ||||
| 109 | "uuid": "6b327343-7f81-4a40-bc46-194cf5aa54df" | ||||
| 110 | }, | ||||
| 111 | { | ||||
| 112 | "category": "IT Security Maintenance", | ||||
| 113 | "code": "2.4.1", | ||||
| 114 | "label": "IT security maintenance procedure", | ||||
| 115 | "uuid": "752f00ca-196b-4055-b660-4a09185ce3a7" | ||||
| 116 | }, | ||||
| 117 | { | ||||
| 118 | "category": "IT Security Maintenance", | ||||
| 119 | "code": "2.4.2", | ||||
| 120 | "label": "Remote access", | ||||
| 121 | "uuid": "efcb645f-ca20-484d-a3b7-6ef98db907ff" | ||||
| 122 | }, | ||||
| 123 | { | ||||
| 124 | "category": "Physical and environmental security", | ||||
| 125 | "code": "2.5.1", | ||||
| 126 | "label": "Physical and environmental security", | ||||
| 127 | "uuid": "157d5514-b3cd-4d31-9bff-560a1a436d96" | ||||
| 128 | }, | ||||
| 129 | { | ||||
| 130 | "category": "Detection", | ||||
| 131 | "code": "3.1.1", | ||||
| 132 | "label": "Detection", | ||||
| 133 | "uuid": "725706a3-fa1d-48e1-8458-21974439b34b" | ||||
| 134 | }, | ||||
| 135 | { | ||||
| 136 | "category": "Detection", | ||||
| 137 | "code": "3.1.2", | ||||
| 138 | "label": "Logging", | ||||
| 139 | "uuid": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91" | ||||
| 140 | }, | ||||
| 141 | { | ||||
| 142 | "category": "Detection", | ||||
| 143 | "code": "3.1.3", | ||||
| 144 | "label": "Logs correlation and analysis", | ||||
| 145 | "uuid": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd" | ||||
| 146 | }, | ||||
| 147 | { | ||||
| 148 | "category": "Computer Security Incident Management", | ||||
| 149 | "code": "3.2.1", | ||||
| 150 | "label": "Information system security incident response", | ||||
| 151 | "uuid": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8" | ||||
| 152 | }, | ||||
| 153 | { | ||||
| 154 | "category": "Computer Security Incident Management", | ||||
| 155 | "code": "3.2.2", | ||||
| 156 | "label": "Incident Report", | ||||
| 157 | "uuid": "ea405481-cbe2-4e15-b2a3-f45563e160cc" | ||||
| 158 | }, | ||||
| 159 | { | ||||
| 160 | "category": "Computer Security Incident Management", | ||||
| 161 | "code": "3.2.3", | ||||
| 162 | "label": "Communication with competent authorities and CSIRTs", | ||||
| 163 | "uuid": "fbfa7c30-f131-4e9b-9e8a-53ad4b90b164" | ||||
| 164 | }, | ||||
| 165 | { | ||||
| 166 | "category": "Continuity of operations", | ||||
| 167 | "code": "4.1.1", | ||||
| 168 | "label": "Business continuity management", | ||||
| 169 | "uuid": "b24b90b0-eeea-4a56-b5ef-2c484467c97a" | ||||
| 170 | }, | ||||
| 171 | { | ||||
| 172 | "category": "Continuity of operations", | ||||
| 173 | "code": "4.1.2", | ||||
| 174 | "label": "Disaster recovery management", | ||||
| 175 | "uuid": "f87f15fe-0170-4164-90de-091d9519d140" | ||||
| 176 | }, | ||||
| 177 | { | ||||
| 178 | "category": "Crisis management", | ||||
| 179 | "code": "4.2.1", | ||||
| 180 | "label": "Crisis management organization", | ||||
| 181 | "uuid": "0ca52ad9-4570-46be-88ce-d22efd4a145b" | ||||
| 182 | }, | ||||
| 183 | { | ||||
| 184 | "category": "Crisis management", | ||||
| 185 | "code": "4.2.2", | ||||
| 186 | "label": "Crisis management process", | ||||
| 187 | "uuid": "e1a91f54-34e4-45c7-8eae-dfc6dee15854" | ||||
| 188 | } | ||||
| 189 | ], | ||||
| 190 | "version": 1 | ||||
| 191 | } |