Date: Apr 24, 2024, 11:30:13 PM
Date: Nov 28, 2019, 2:04:11 PM
Editor: Juan
Name:
Name: NIS security measures for OES
Description:
Description: Network and Information Security (NIS) security measures for Operators of Essential Services (OES)
t | 1 | {} | t | 1 | { |
2 | "label": "NIS security measures for OES", | ||||
3 | "language": "EN", | ||||
4 | "refs": [ | ||||
5 | "https://www.enisa.europa.eu/publications/mapping-of-oes-security-requirements-to-specific-sectors" | ||||
6 | ], | ||||
7 | "uuid": "3f4a2a67-a1f9-46e1-8d71-7f6486217bb7", | ||||
8 | "values": [ | ||||
9 | { | ||||
10 | "category": "Information System Security Governance & Risk Management", | ||||
11 | "code": "1.1.1", | ||||
12 | "label": "Information system security risk analysis", | ||||
13 | "uuid": "030ef936-d0fe-4d6b-9238-e3004f58f7b6" | ||||
14 | }, | ||||
15 | { | ||||
16 | "category": "Information System Security Governance & Risk Management", | ||||
17 | "code": "1.1.2", | ||||
18 | "label": "Information system security policy", | ||||
19 | "uuid": "02527779-a76f-42fc-b420-6726099d4241" | ||||
20 | }, | ||||
21 | { | ||||
22 | "category": "Information System Security Governance & Risk Management", | ||||
23 | "code": "1.1.3", | ||||
24 | "label": "Information system security accreditation", | ||||
25 | "uuid": "8ead422e-2d73-48e8-82f9-b82fe363d072" | ||||
26 | }, | ||||
27 | { | ||||
28 | "category": "Information System Security Governance & Risk Management", | ||||
29 | "code": "1.1.4", | ||||
30 | "label": "Information system security indicators", | ||||
31 | "uuid": "7d1e4532-ddb1-408c-8a9d-ffed0cef3821" | ||||
32 | }, | ||||
33 | { | ||||
34 | "category": "Information System Security Governance & Risk Management", | ||||
35 | "code": "1.1.5", | ||||
36 | "label": "Information system security audit", | ||||
37 | "uuid": "d646a78e-68d8-4d60-a01f-455b1a0df4f1" | ||||
38 | }, | ||||
39 | { | ||||
40 | "category": "Information System Security Governance & Risk Management", | ||||
41 | "code": "1.1.6", | ||||
42 | "label": "Human resource security", | ||||
43 | "uuid": "cfda8669-f42c-4917-833e-b873110b4380" | ||||
44 | }, | ||||
45 | { | ||||
46 | "category": "Information System Security Governance & Risk Management", | ||||
47 | "code": "1.1.7", | ||||
48 | "label": "Asset Management", | ||||
49 | "uuid": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9" | ||||
50 | }, | ||||
51 | { | ||||
52 | "category": "Ecosystem management", | ||||
53 | "code": "1.2.1", | ||||
54 | "label": "Ecosystem mapping", | ||||
55 | "uuid": "66b045d6-77a5-426f-afe5-55cac81ac5c8" | ||||
56 | }, | ||||
57 | { | ||||
58 | "category": "Ecosystem management", | ||||
59 | "code": "1.2.2", | ||||
60 | "label": "Ecosystem relations", | ||||
61 | "uuid": "26b54bed-01d5-4614-b0ed-907af072b8a9" | ||||
62 | }, | ||||
63 | { | ||||
64 | "category": "IT Security Architecture", | ||||
65 | "code": "2.1.1", | ||||
66 | "label": "Systems configuration", | ||||
67 | "uuid": "8e6bf606-42cf-4f85-bedd-5e633d241183" | ||||
68 | }, | ||||
69 | { | ||||
70 | "category": "IT Security Architecture", | ||||
71 | "code": "2.1.2", | ||||
72 | "label": "System segregation", | ||||
73 | "uuid": "a3f6ee47-de81-400a-a7dc-79e79fb73729" | ||||
74 | }, | ||||
75 | { | ||||
76 | "category": "IT Security Architecture", | ||||
77 | "code": "2.1.3", | ||||
78 | "label": "Traffic filtering", | ||||
79 | "uuid": "7374508b-6114-4219-8834-7b87117fcbf9" | ||||
80 | }, | ||||
81 | { | ||||
82 | "category": "IT Security Architecture", | ||||
83 | "code": "2.1.4", | ||||
84 | "label": "Cryptography", | ||||
85 | "uuid": "fd44edba-005b-447c-8612-c0a92cbb0ec6" | ||||
86 | }, | ||||
87 | { | ||||
88 | "category": "IT Security Administration", | ||||
89 | "code": "2.2.1", | ||||
90 | "label": "Administration accounts", | ||||
91 | "uuid": "9fa537a3-efc0-4624-aeae-ab975076e1c0" | ||||
92 | }, | ||||
93 | { | ||||
94 | "category": "IT Security Administration", | ||||
95 | "code": "2.2.2", | ||||
96 | "label": "Administration information systems", | ||||
97 | "uuid": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79" | ||||
98 | }, | ||||
99 | { | ||||
100 | "category": "Identity and access management", | ||||
101 | "code": "2.3.1", | ||||
102 | "label": "Authentication and identification", | ||||
103 | "uuid": "f5f8ef4a-25f2-4169-b279-424081fc6125" | ||||
104 | }, | ||||
105 | { | ||||
106 | "category": "Identity and access management", | ||||
107 | "code": "2.3.2", | ||||
108 | "label": "Access rights", | ||||
109 | "uuid": "6b327343-7f81-4a40-bc46-194cf5aa54df" | ||||
110 | }, | ||||
111 | { | ||||
112 | "category": "IT Security Maintenance", | ||||
113 | "code": "2.4.1", | ||||
114 | "label": "IT security maintenance procedure", | ||||
115 | "uuid": "752f00ca-196b-4055-b660-4a09185ce3a7" | ||||
116 | }, | ||||
117 | { | ||||
118 | "category": "IT Security Maintenance", | ||||
119 | "code": "2.4.2", | ||||
120 | "label": "Remote access", | ||||
121 | "uuid": "efcb645f-ca20-484d-a3b7-6ef98db907ff" | ||||
122 | }, | ||||
123 | { | ||||
124 | "category": "Physical and environmental security", | ||||
125 | "code": "2.5.1", | ||||
126 | "label": "Physical and environmental security", | ||||
127 | "uuid": "157d5514-b3cd-4d31-9bff-560a1a436d96" | ||||
128 | }, | ||||
129 | { | ||||
130 | "category": "Detection", | ||||
131 | "code": "3.1.1", | ||||
132 | "label": "Detection", | ||||
133 | "uuid": "725706a3-fa1d-48e1-8458-21974439b34b" | ||||
134 | }, | ||||
135 | { | ||||
136 | "category": "Detection", | ||||
137 | "code": "3.1.2", | ||||
138 | "label": "Logging", | ||||
139 | "uuid": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91" | ||||
140 | }, | ||||
141 | { | ||||
142 | "category": "Detection", | ||||
143 | "code": "3.1.3", | ||||
144 | "label": "Logs correlation and analysis", | ||||
145 | "uuid": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd" | ||||
146 | }, | ||||
147 | { | ||||
148 | "category": "Computer Security Incident Management", | ||||
149 | "code": "3.2.1", | ||||
150 | "label": "Information system security incident response", | ||||
151 | "uuid": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8" | ||||
152 | }, | ||||
153 | { | ||||
154 | "category": "Computer Security Incident Management", | ||||
155 | "code": "3.2.2", | ||||
156 | "label": "Incident Report", | ||||
157 | "uuid": "ea405481-cbe2-4e15-b2a3-f45563e160cc" | ||||
158 | }, | ||||
159 | { | ||||
160 | "category": "Computer Security Incident Management", | ||||
161 | "code": "3.2.3", | ||||
162 | "label": "Communication with competent authorities and CSIRTs", | ||||
163 | "uuid": "fbfa7c30-f131-4e9b-9e8a-53ad4b90b164" | ||||
164 | }, | ||||
165 | { | ||||
166 | "category": "Continuity of operations", | ||||
167 | "code": "4.1.1", | ||||
168 | "label": "Business continuity management", | ||||
169 | "uuid": "b24b90b0-eeea-4a56-b5ef-2c484467c97a" | ||||
170 | }, | ||||
171 | { | ||||
172 | "category": "Continuity of operations", | ||||
173 | "code": "4.1.2", | ||||
174 | "label": "Disaster recovery management", | ||||
175 | "uuid": "f87f15fe-0170-4164-90de-091d9519d140" | ||||
176 | }, | ||||
177 | { | ||||
178 | "category": "Crisis management", | ||||
179 | "code": "4.2.1", | ||||
180 | "label": "Crisis management organization", | ||||
181 | "uuid": "0ca52ad9-4570-46be-88ce-d22efd4a145b" | ||||
182 | }, | ||||
183 | { | ||||
184 | "category": "Crisis management", | ||||
185 | "code": "4.2.2", | ||||
186 | "label": "Crisis management process", | ||||
187 | "uuid": "e1a91f54-34e4-45c7-8eae-dfc6dee15854" | ||||
188 | } | ||||
189 | ], | ||||
190 | "version": 1 | ||||
191 | } |