Date: May 19, 2024, 4:43:05 PM
Date: Jul 9, 2021, 6:49:39 AM
Editor: louds
Name:
Name: ANSSI - Guideline for a healthy information system
Description:
Description: Set of recommendations based on the Guideline for a healthy information system created by the ANSSI.
t | 1 | {} | t | 1 | { |
2 | "authors": [ | ||||
3 | "louds" | ||||
4 | ], | ||||
5 | "label": "ANSSI - Guideline for a healthy information system", | ||||
6 | "language": "EN", | ||||
7 | "refs": [ | ||||
8 | "https://www.ssi.gouv.fr/en/guide/40-essential-measures-for-a-healthy-network/" | ||||
9 | ], | ||||
10 | "uuid": "70ea1b7f-169d-481f-9d97-67e9a50f6719", | ||||
11 | "values": [ | ||||
12 | { | ||||
13 | "code": "ANSSI - R1", | ||||
14 | "description": "Train the operational teams in information system security", | ||||
15 | "importance": 0, | ||||
16 | "uuid": "223e6c30-b964-4998-81a6-9afa4072cb42" | ||||
17 | }, | ||||
18 | { | ||||
19 | "code": "ANSSI - R2", | ||||
20 | "description": "Raise users’ awareness about basic information security", | ||||
21 | "importance": 0, | ||||
22 | "uuid": "a789bdb6-4865-452b-bd62-cc8ed2d13a1c" | ||||
23 | }, | ||||
24 | { | ||||
25 | "code": "ANSSI - R2+", | ||||
26 | "description": "Raise users’ awareness about basic information security (+ strengthened actions)", | ||||
27 | "importance": 0, | ||||
28 | "uuid": "02064c50-de13-4ea9-9e17-319bc2ac7d94" | ||||
29 | }, | ||||
30 | { | ||||
31 | "code": "ANSSI - R3", | ||||
32 | "description": "Control outsourced services", | ||||
33 | "importance": 0, | ||||
34 | "uuid": "e75eb64f-7835-4204-a308-cf6dc9baf3f8" | ||||
35 | }, | ||||
36 | { | ||||
37 | "code": "ANSSI - R4", | ||||
38 | "description": "Identify the most sensitive information and servers and keep a network diagram", | ||||
39 | "importance": 0, | ||||
40 | "uuid": "888be2b9-dc80-4603-abc7-e8ae6f52fb9b" | ||||
41 | }, | ||||
42 | { | ||||
43 | "code": "ANSSI - R5", | ||||
44 | "description": "Have an exhaustive inventory of privileged accounts and keep it updated", | ||||
45 | "importance": 0, | ||||
46 | "uuid": "d8b48af9-7996-4b4f-9ae2-8636ff3ec9c2" | ||||
47 | }, | ||||
48 | { | ||||
49 | "code": "ANSSI - R6", | ||||
50 | "description": "Organise the procedures relating to users joining, departing and changing positions", | ||||
51 | "importance": 0, | ||||
52 | "uuid": "fe9286d8-9a6c-42f9-97f1-9d1093ceef50" | ||||
53 | }, | ||||
54 | { | ||||
55 | "code": "ANSSI - R6+", | ||||
56 | "description": "Organise the procedures relating to users joining, departing and changing positions (+ strengthened actions)", | ||||
57 | "importance": 0, | ||||
58 | "uuid": "07064ab4-9dc7-4175-9d15-4d2fef8b710b" | ||||
59 | }, | ||||
60 | { | ||||
61 | "code": "ANSSI - R7", | ||||
62 | "description": "Only allow controlled devices to connect to the network of the organization", | ||||
63 | "importance": 0, | ||||
64 | "uuid": "145aba5b-93c9-44b6-b9f5-f622f7b830e1" | ||||
65 | }, | ||||
66 | { | ||||
67 | "code": "ANSSI - R7+", | ||||
68 | "description": "Only allow controlled devices to connect to the network of the organization (+ strengthened actions)", | ||||
69 | "importance": 0, | ||||
70 | "uuid": "48f01622-0fed-4736-93ea-19f4876c95f1" | ||||
71 | }, | ||||
72 | { | ||||
73 | "code": "ANSSI - R8", | ||||
74 | "description": "Identify each individual accessing the system by name and distinguish the user/administrator roles", | ||||
75 | "importance": 0, | ||||
76 | "uuid": "e68eaaef-6693-4c5c-8f08-364e67e13571" | ||||
77 | }, | ||||
78 | { | ||||
79 | "code": "ANSSI - R8+", | ||||
80 | "description": "Identify each individual accessing the system by name and distinguish the user/administrator roles (+ strengthened actions)", | ||||
81 | "importance": 0, | ||||
82 | "uuid": "50c68221-dbd1-4632-9fcd-c5718753b8b7" | ||||
83 | }, | ||||
84 | { | ||||
85 | "code": "ANSSI - R9", | ||||
86 | "description": "Allocate the correct rights to the information system’s sensitive resources", | ||||
87 | "importance": 0, | ||||
88 | "uuid": "c2f504b1-58b0-4d37-8d30-3a536ec7f310" | ||||
89 | }, | ||||
90 | { | ||||
91 | "code": "ANSSI - R10", | ||||
92 | "description": "Set and verify rules for the choice and size of passwords", | ||||
93 | "importance": 0, | ||||
94 | "uuid": "31d20164-2e71-4fc5-8b74-1b20cec62135" | ||||
95 | }, | ||||
96 | { | ||||
97 | "code": "ANSSI - R11", | ||||
98 | "description": "Protect passwords stored on systems", | ||||
99 | "importance": 0, | ||||
100 | "uuid": "afc1c8d0-029a-4ab2-a0c1-95b02d00afe9" | ||||
101 | }, | ||||
102 | { | ||||
103 | "code": "ANSSI - R12", | ||||
104 | "description": "Change the default authentication settings on devices and services", | ||||
105 | "importance": 0, | ||||
106 | "uuid": "8b177341-edfb-437c-bf9d-e80bac2564da" | ||||
107 | }, | ||||
108 | { | ||||
109 | "code": "ANSSI - R12+", | ||||
110 | "description": "Change the default authentication settings on devices and services (+ strengthened actions)", | ||||
111 | "importance": 0, | ||||
112 | "uuid": "263d0733-4ebb-4464-9971-2ada65b70bdb" | ||||
113 | }, | ||||
114 | { | ||||
115 | "code": "ANSSI - R13", | ||||
116 | "description": "Prefer a two-factor authentication when possible", | ||||
117 | "importance": 0, | ||||
118 | "uuid": "d549a5f3-06e3-4aaf-8f76-df672a8be633" | ||||
119 | }, | ||||
120 | { | ||||
121 | "code": "ANSSI - R13+", | ||||
122 | "description": "Prefer a two-factor authentication when possible (+ strengthened actions)", | ||||
123 | "importance": 0, | ||||
124 | "uuid": "929c00f4-5f9c-40e1-86cc-de901981aebf" | ||||
125 | }, | ||||
126 | { | ||||
127 | "code": "ANSSI - R14", | ||||
128 | "description": "Implement a minimum level of security across the whole IT stock", | ||||
129 | "importance": 0, | ||||
130 | "uuid": "c97f287f-73c7-4040-bf58-14cc203bb701" | ||||
131 | }, | ||||
132 | { | ||||
133 | "code": "ANSSI - R14+", | ||||
134 | "description": "Implement a minimum level of security across the whole IT stock (+ strengthened actions)", | ||||
135 | "importance": 0, | ||||
136 | "uuid": "04b41edb-fb77-4072-a76d-956a40716515" | ||||
137 | }, | ||||
138 | { | ||||
139 | "code": "ANSSI - R15", | ||||
140 | "description": "Protect against threats relating to the use of removable media", | ||||
141 | "importance": 0, | ||||
142 | "uuid": "8b12b208-e294-4ece-a42c-6f6a21f47c72" | ||||
143 | }, | ||||
144 | { | ||||
145 | "code": "ANSSI - R15+", | ||||
146 | "description": "Protect against threats relating to the use of removable media (+ strengthened actions)", | ||||
147 | "importance": 0, | ||||
148 | "uuid": "0ad578e6-a437-4633-b65a-1e7ee3e8be30" | ||||
149 | }, | ||||
150 | { | ||||
151 | "code": "ANSSI - R16", | ||||
152 | "description": "Use a centralised management tool to standardise security policies", | ||||
153 | "importance": 0, | ||||
154 | "uuid": "85e2d429-6c19-47d1-94d5-73d0ce70a7fe" | ||||
155 | }, | ||||
156 | { | ||||
157 | "code": "ANSSI - R17", | ||||
158 | "description": "Activate and configure the firewall on workstations", | ||||
159 | "importance": 0, | ||||
160 | "uuid": "699cad6f-85b5-44a4-bd2d-a2eee6acacac" | ||||
161 | }, | ||||
162 | { | ||||
163 | "code": "ANSSI - R17+", | ||||
164 | "description": "Activate and configure the firewall on workstations (+ strengthened actions)", | ||||
165 | "importance": 0, | ||||
166 | "uuid": "7df4ae40-45fd-4b03-82b4-d92e0c2069bc" | ||||
167 | }, | ||||
168 | { | ||||
169 | "code": "ANSSI - R18", | ||||
170 | "description": "Encrypt sensitive data sent through the Internet", | ||||
171 | "importance": 0, | ||||
172 | "uuid": "08b28355-6bc7-49d0-b34c-72c0a0aa690f" | ||||
173 | }, | ||||
174 | { | ||||
175 | "code": "ANSSI - R19", | ||||
176 | "description": "Segment the network and implement a partitioning between these areas", | ||||
177 | "importance": 0, | ||||
178 | "uuid": "c70a2f46-1907-41e5-9d66-c62bb290428f" | ||||
179 | }, | ||||
180 | { | ||||
181 | "code": "ANSSI - R20", | ||||
182 | "description": "Ensure the security of Wi-Fi access networks and that uses are separated", | ||||
183 | "importance": 0, | ||||
184 | "uuid": "fa99ac96-1418-4347-88f3-4c2061e0a37d" | ||||
185 | }, | ||||
186 | { | ||||
187 | "code": "ANSSI - R21", | ||||
188 | "description": "Use secure network protocols when they exist", | ||||
189 | "importance": 0, | ||||
190 | "uuid": "5569e6c1-88af-4b50-961d-8e6e90b9cc85" | ||||
191 | }, | ||||
192 | { | ||||
193 | "code": "ANSSI - R22", | ||||
194 | "description": "Implement a secure access gateway to the Internet", | ||||
195 | "importance": 0, | ||||
196 | "uuid": "9823ff67-8899-428c-94d3-06ce13735624" | ||||
197 | }, | ||||
198 | { | ||||
199 | "code": "ANSSI - R22+", | ||||
200 | "description": "Implement a secure access gateway to the Internet (+ strengthened actions)", | ||||
201 | "importance": 0, | ||||
202 | "uuid": "221b51f5-ffeb-4f8a-9d5c-6924cdb632b7" | ||||
203 | }, | ||||
204 | { | ||||
205 | "code": "ANSSI - R23", | ||||
206 | "description": "Segregate the services visible from the Internet from the rest of the information system", | ||||
207 | "importance": 0, | ||||
208 | "uuid": "c1a2a2c6-2823-40f5-a35c-94e3c3244c25" | ||||
209 | }, | ||||
210 | { | ||||
211 | "code": "ANSSI - R24", | ||||
212 | "description": "Protect your professional email", | ||||
213 | "importance": 0, | ||||
214 | "uuid": "87175056-58f9-4d0b-b072-fb07bafd4dc6" | ||||
215 | }, | ||||
216 | { | ||||
217 | "code": "ANSSI - R24+", | ||||
218 | "description": "Protect your professional email (+ strengthened actions)", | ||||
219 | "importance": 0, | ||||
220 | "uuid": "8b1a199d-fbdf-42e3-94e4-8edf0af3aee5" | ||||
221 | }, | ||||
222 | { | ||||
223 | "code": "ANSSI - R25", | ||||
224 | "description": "Secure the dedicated network interconnections with partners", | ||||
225 | "importance": 0, | ||||
226 | "uuid": "2d4fb180-e92c-4d6f-aff2-895a0f386171" | ||||
227 | }, | ||||
228 | { | ||||
229 | "code": "ANSSI - R25+", | ||||
230 | "description": "Secure the dedicated network interconnections with partners (+ strengthened actions)", | ||||
231 | "importance": 0, | ||||
232 | "uuid": "a6d5763d-ef7c-4303-942b-ad8359182c31" | ||||
233 | }, | ||||
234 | { | ||||
235 | "code": "ANSSI - R26", | ||||
236 | "description": "Control and protect access to the server rooms and technical areas", | ||||
237 | "importance": 0, | ||||
238 | "uuid": "d050bb64-1057-4d1f-88ab-d51ba74d25c9" | ||||
239 | }, | ||||
240 | { | ||||
241 | "code": "ANSSI - R27", | ||||
242 | "description": "Prohibit Internet access from devices or servers used by the information system administration", | ||||
243 | "importance": 0, | ||||
244 | "uuid": "da32da25-83d0-4b37-9e59-40e6938e4e47" | ||||
245 | }, | ||||
246 | { | ||||
247 | "code": "ANSSI - R27+", | ||||
248 | "description": "Prohibit Internet access from devices or servers used by the information system administration (+ strengthened actions)", | ||||
249 | "importance": 0, | ||||
250 | "uuid": "db888654-1102-4ad2-abcd-6bc40c0aa053" | ||||
251 | }, | ||||
252 | { | ||||
253 | "code": "ANSSI - R28", | ||||
254 | "description": "Use a dedicated and separated network for information system administration", | ||||
255 | "importance": 0, | ||||
256 | "uuid": "039f1371-3adf-4433-880e-6891e75b598e" | ||||
257 | }, | ||||
258 | { | ||||
259 | "code": "ANSSI - R28+", | ||||
260 | "description": "Use a dedicated and separated network for information system administration (+ strengthened actions)", | ||||
261 | "importance": 0, | ||||
262 | "uuid": "9452a67a-dd41-4ed7-b973-df197d722282" | ||||
263 | }, | ||||
264 | { | ||||
265 | "code": "ANSSI - R29", | ||||
266 | "description": "Reduce administration rights on workstations to strictly operational needs", | ||||
267 | "importance": 0, | ||||
268 | "uuid": "33da8384-f91a-40c2-81e8-3cae0da754ac" | ||||
269 | }, | ||||
270 | { | ||||
271 | "code": "ANSSI - R30", | ||||
272 | "description": "Take measures to physically secure mobile devices", | ||||
273 | "importance": 0, | ||||
274 | "uuid": "78f0174f-3036-44be-83ee-e9074092345b" | ||||
275 | }, | ||||
276 | { | ||||
277 | "code": "ANSSI - R30+", | ||||
278 | "description": "Take measures to physically secure mobile devices (+ strengthened actions)", | ||||
279 | "importance": 0, | ||||
280 | "uuid": "4a46bdc6-9c94-4552-a747-777cd35f3551" | ||||
281 | }, | ||||
282 | { | ||||
283 | "code": "ANSSI - R31", | ||||
284 | "description": "Encrypt sensitive data , in particular on hardware that can potentially be lost", | ||||
285 | "importance": 0, | ||||
286 | "uuid": "00ab5b42-edeb-4e5f-91a4-ee1f5ca544fc" | ||||
287 | }, | ||||
288 | { | ||||
289 | "code": "ANSSI - R32", | ||||
290 | "description": "Secure the network connection of devices used in a mobile working situation", | ||||
291 | "importance": 0, | ||||
292 | "uuid": "e34f7dea-07d0-4457-9ad8-35dc8b57d566" | ||||
293 | }, | ||||
294 | { | ||||
295 | "code": "ANSSI - R32+", | ||||
296 | "description": "Secure the network connection of devices used in a mobile working situation (+ strengthened actions)", | ||||
297 | "importance": 0, | ||||
298 | "uuid": "e7ac108a-4ff8-4ca7-8ec2-7674e871b16e" | ||||
299 | }, | ||||
300 | { | ||||
301 | "code": "ANSSI - R33", | ||||
302 | "description": "Adopt security policies dedicated to mobile devices", | ||||
303 | "importance": 0, | ||||
304 | "uuid": "c63fd77c-edb2-4ade-96d3-c89db095a69a" | ||||
305 | }, | ||||
306 | { | ||||
307 | "code": "ANSSI - R33+", | ||||
308 | "description": "Adopt security policies dedicated to mobile devices (+ strengthened actions)", | ||||
309 | "importance": 0, | ||||
310 | "uuid": "9b70ff0f-cf60-41bd-a405-51a68df25bec" | ||||
311 | }, | ||||
312 | { | ||||
313 | "code": "ANSSI - R34", | ||||
314 | "description": "Define an update policy for the components of the information system", | ||||
315 | "importance": 0, | ||||
316 | "uuid": "8cac85b0-7553-440f-a439-dd4d00d1d49c" | ||||
317 | }, | ||||
318 | { | ||||
319 | "code": "ANSSI - R35", | ||||
320 | "description": "Anticipate the software and system end of life/maintenance and limit software reliance", | ||||
321 | "importance": 0, | ||||
322 | "uuid": "8e1118bc-667b-4598-ace1-deed3945368c" | ||||
323 | }, | ||||
324 | { | ||||
325 | "code": "ANSSI - R36", | ||||
326 | "description": "Activate and configure the most important component logs", | ||||
327 | "importance": 0, | ||||
328 | "uuid": "c1d6de0a-0d7a-4632-a7a9-680b34d9218f" | ||||
329 | }, | ||||
330 | { | ||||
331 | "code": "ANSSI - R36+", | ||||
332 | "description": "Activate and configure the most important component logs (+ strengthened actions)", | ||||
333 | "importance": 0, | ||||
334 | "uuid": "946ebe15-6f21-4342-ac43-3f4ea6607a80" | ||||
335 | }, | ||||
336 | { | ||||
337 | "code": "ANSSI - R37", | ||||
338 | "description": "Define and apply a backup policy for critical components", | ||||
339 | "importance": 0, | ||||
340 | "uuid": "e759976b-9b83-4f81-a35b-c69da63edd06" | ||||
341 | }, | ||||
342 | { | ||||
343 | "code": "ANSSI - R37+", | ||||
344 | "description": "Define and apply a backup policy for critical components (+ strengthened actions)", | ||||
345 | "importance": 0, | ||||
346 | "uuid": "8c21d548-812f-4249-8c74-5bedb2f1a9cf" | ||||
347 | }, | ||||
348 | { | ||||
349 | "code": "ANSSI - R38+", | ||||
350 | "description": "Undertake regular controls and security audits then apply the associated corrective actions", | ||||
351 | "importance": 0, | ||||
352 | "uuid": "0a736d33-55ac-4711-b1e0-ce2ebe761e75" | ||||
353 | }, | ||||
354 | { | ||||
355 | "code": "ANSSI - R39", | ||||
356 | "description": "Designate a point of contact in information system security and make sure staff are aware of him or her", | ||||
357 | "importance": 0, | ||||
358 | "uuid": "140e1184-8547-4429-a881-9ff3f043d7e2" | ||||
359 | }, | ||||
360 | { | ||||
361 | "code": "ANSSI - R40", | ||||
362 | "description": "Define a security incident management procedure", | ||||
363 | "importance": 0, | ||||
364 | "uuid": "38d26ad0-2ccf-429f-b046-ddb03e533bb6" | ||||
365 | }, | ||||
366 | { | ||||
367 | "code": "ANSSI - R41+", | ||||
368 | "description": "Carry out a formal risk assessment", | ||||
369 | "importance": 0, | ||||
370 | "uuid": "d4498025-0240-4033-8a7f-e90c69134c8e" | ||||
371 | }, | ||||
372 | { | ||||
373 | "code": "ANSSI - R42+", | ||||
374 | "description": "Favour the use of products and services qualified by ANSSI", | ||||
375 | "importance": 0, | ||||
376 | "uuid": "a526b314-d2db-44f3-a9c8-7af2320e7d1a" | ||||
377 | } | ||||
378 | ], | ||||
379 | "version": 0 | ||||
380 | } |