https://objects.monarc.lu/objects.atom 2023-03-31T19:15:39.969014+00:00 https://opensource.nc3.lu/ opensource@nc3.lu python-feedgen https://objects.monarc.lu/object/get/144 2023-03-31T19:15:40.044558+00:00 MONARC { "code": "1118", "description": "", "label": "Use of an obsolete version of the messaging server", "language": "EN", "uuid": "69fc03a0-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:35.046659+00:00 https://objects.monarc.lu/object/get/5201 2023-03-31T19:15:40.043858+00:00 MONARC { "authors": [ "Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information [ANSSI France] " ], "label": "ANSSI France - Directive NIS", "language": "FR", "refs": [ "https://www.ssi.gouv.fr/uploads/2020/12/guide_protection_des_systemes_essentiels.pdf" ], "uuid": "edff67be-6d5f-442a-8bc8-c351cae8d31a", "values": [ { "code": "R1 [Modification de la configuration par d\u00e9faut]", "description": "Modifier les \u00e9l\u00e9ments de configuration par d\u00e9faut", "importance": 0, "uuid": "e0276fb1-d39f-45d8-81ab-32adf7be57b8" }, { "code": "R1- [Modification de la configuration par d\u00e9faut]", "description": "Pallier l\u2019impossibilit\u00e9 de changer un \u00e9l\u00e9ment par d\u00e9faut", "importance": 0, "uuid": "78f8ed48-39de-4429-a8f5-05a36a3e36eb" }, { "code": "R2 [Restriction des fonctionnalit\u00e9s accessibles]", "description": "Installer uniquement les services ou fonctionnalit\u00e9s indispensables", "importance": 0, "uuid": "ad9fcb16-2d35-440c-a0b3-7383acf262be" }, { "code": "R2- [Restriction des fonctionnalit\u00e9s accessibles]", "description": "Pallier l\u2019impossibilit\u00e9 de d\u00e9sinstaller un service non indispensable", "importance": 0, "uuid": "ae96c982-2f00-41c1-b697-1e7cf521f1c3" }, { "code": "R3 [Restriction des fonctionnalit\u00e9s accessibles]", "description": "D\u00e9finir et utiliser des configurations de r\u00e9f\u00e9rence", "importance": 0, "uuid": "acb9ac12-48af-4eff-9270-5829c67e4345" }, { "code": "R4 [Inventaire des \u00e9l\u00e9ments connect\u00e9s au SIE]", "description": "\u00c9tablir un inventaire technique des \u00e9l\u00e9ments et des acc\u00e8s au SIE", "importance": 0, "uuid": "f1483fea-3c0d-4034-9a22-e79d0a3c82a8" }, { "code": "R5 [Utilisation d'\u00e9l\u00e9ments ma\u00eetris\u00e9s dans le SI]", "description": "Utiliser uniquement des \u00e9quipements ma\u00eetris\u00e9s", "importance": 0, "uuid": "883e4bfe-df85-4770-b8eb-ec36cd625be8" }, { "code": "R6 [D\u00e9dier des supports amovibles au SIE]", "description": "D\u00e9dier aux SIE des supports amovibles identifi\u00e9s", "importance": 0, "uuid": "84237a51-3f4d-4d42-a72b-9105580d72a6" }, { "code": "R7 [Innocuit\u00e9 des supports amovibles \u00e0 usage mixte]", "description": "D\u00e9contaminer les supports amovibles avant leur utilisation", "importance": 0, "uuid": "66b29f1e-2651-49c1-98da-1b07e9802272" }, { "code": "R7+ [Innocuit\u00e9 des supports amovibles \u00e0 usage mixte]", "description": "Utiliser un \u00e9quipement d\u00e9di\u00e9 \u00e0 l\u2019analyse des supports amovibles", "importance": 0, "uuid": "6b6d3cfe-ee9b-4ca0-99e0-1d335edc0ca5" }, { "code": "R8 [Tra\u00e7abilit\u00e9 de l'utilisation des supports amovibles sur le SIE]", "description": "Mettre en \u0153uvre une tra\u00e7abilit\u00e9 de l\u2019utilisation des supports amovibles", "importance": 0, "uuid": "e7938d2f-039a-49d0-8f11-40bf573eb49e" }, { "code": "R8+ [Tra\u00e7abilit\u00e9 de l'utilisation des supports amovibles sur le SIE]", "description": "Mettre en \u0153uvre un outil de protection contre l\u2019exfiltration de donn\u00e9es", "importance": 0, "uuid": "21c8dddf-dca4-4ada-adfe-04c2fd2b9b5a" }, { "code": "R9 [Cloisonnement du SI en zones]", "description": "Segmenter le SI en syst\u00e8mes et sous-syst\u00e8mes", "importance": 0, "uuid": "0c36355d-6998-49f3-8f55-5eb7345aee66" }, { "code": "R10 [Cloisonnement du SI en zones]", "description": "Autoriser les interconnexions suivant le besoin de fonctionnement", "importance": 0, "uuid": "64e1e9a6-fe72-4c46-a0a1-b0b1b51402a7" }, { "code": "R11 [Cloisonnement physique]", "description": "Mettre en place un cloisonnement physique", "importance": 0, "uuid": "85afafe1-fd7a-4619-b38c-e695186fb5a0" }, { "code": "R11- [Cloisonnement logique par le chiffre]", "description": "Mettre en place un cloisonnement logique par le chiffre", "importance": 0, "uuid": "7ad99d6b-bebd-4928-8831-b3f2ab85b973" }, { "code": "R11- - [Cloisonnement logique simple]", "description": "Mettre en place un cloisonnement logique", "importance": 0, "uuid": "608a1888-2492-4fcf-a523-b0efb7528b74" }, { "code": "R12 [Mise en \u0153uvre technique du cloisonnement]", "description": "Chiffrer les donn\u00e9es en amont du stockage avec des secrets distincts", "importance": 0, "uuid": "b2c41503-c28f-49d6-a79d-7bc6b17e2476" }, { "code": "R13 [Cas des SIE dont l'h\u00e9bergement est externalis\u00e9]", "description": "Contr\u00f4ler le cloisonnement mis en place en cas d\u2019externalisation", "importance": 0, "uuid": "1a092d40-75da-45a3-b5ab-a02d5b6487bf" }, { "code": "R14 [Cas des SIE des infrastructures num\u00e9riques]", "description": "Infrastructures num\u00e9riques : cloisonner les services internes", "importance": 0, "uuid": "a8c53062-0cc7-4ae6-be29-e8a90aba516e" }, { "code": "R15 [Cas des SIE ouverts au public]", "description": "Segmenter les SIE publics en au moins deux sous-syst\u00e8mes", "importance": 0, "uuid": "258c3927-ed45-4ce9-994d-90a67037057b" }, { "code": "R16 [Acc\u00e8s publics \u00e0 un SIE]", "description": "Acc\u00e8s public : chiffrer et authentifier les flux au niveau applicatif", "importance": 0, "uuid": "6ee7ba91-c75d-4c62-80b2-79dcd2ec90a6" }, { "code": "R17 [Acc\u00e8s publics \u00e0 un SIE]", "description": "Acc\u00e8s public : authentifier les utilisateurs", "importance": 0, "uuid": "e58064e7-b20c-49fe-88dc-90d426a3dce0" }, { "code": "R17+ [Acc\u00e8s publics \u00e0 un SIE]", "description": "Acc\u00e8s public : authentifier les utilisateurs avec deux facteurs", "importance": 0, "uuid": "e62bf9e5-5832-4003-a1ef-17678843e405" }, { "code": "R18 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : mettre en place un tunnel chiffr\u00e9 et authentifi\u00e9", "importance": 0, "uuid": "b3ac8b8e-0b73-4729-aeb6-a72c3e774062" }, { "code": "R19 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : authentifier les utilisateurs avec deux facteurs", "importance": 0, "uuid": "6cc7b484-d83d-45fe-a5b0-9461b61f41e4" }, { "code": "R20 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : chiffrer int\u00e9gralement le disque du poste", "importance": 0, "uuid": "625907ca-41ad-491d-9699-852a2048faed" }, { "code": "R21 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : utiliser des filtres de confidentialit\u00e9", "importance": 0, "uuid": "6444a2b5-30d8-4575-b73f-f87bef919948" }, { "code": "R22 [Acc\u00e8s internes \u00e0 un SIE]", "description": "Acc\u00e8s interne : mettre en place un tunnel chiffr\u00e9 et authentifi\u00e9", "importance": 0, "uuid": "07b46e24-1862-404d-8e1c-940b110bd272" }, { "code": "R23 [Points de filtrage]", "description": "Filtrer les flux aux interconnexions entre les syst\u00e8mes et entre les sous-syst\u00e8mes", "importance": 0, "uuid": "03c21681-f083-4a4a-8575-eeba7547ccdf" }, { "code": "R23+ [Points de filtrage]", "description": "Filtrer les flux aux extr\u00e9mit\u00e9s des communications", "importance": 0, "uuid": "fe326817-c25f-4c91-b6b5-389e11f21be9" }, { "code": "R24 [Besoins de filtrage]", "description": "D\u00e9finir les besoins de filtrage sur le SIE", "importance": 0, "uuid": "23dd1a3a-3c70-4ad9-a321-0708757cc5af" }, { "code": "R25 [R\u00e8gles de filtrage]", "description": "Formaliser les r\u00e8gles de filtrage", "importance": 0, "uuid": "fd7f3bc2-7699-4f70-9eca-c8e71cf81bae" }, { "code": "R26 [R\u00e8gles de filtrage]", "description": "Passer r\u00e9guli\u00e8rement en revue les r\u00e8gles de filtrage", "importance": 0, "uuid": "ced779a2-3cf1-4141-b861-2f6b81decf57" }, { "code": "R27 [Choix et mutualisation des dispositifs de filtrage]", "description": "Mettre en \u0153uvre le filtrage gr\u00e2ce \u00e0 des \u00e9quipements sp\u00e9cialis\u00e9s", "importance": 0, "uuid": "80ff0fb8-2edf-437b-b51c-ad17393de815" }, { "code": "R28 [Listes d'autorisation et d'interdiction]", "description": "Bloquer tous les flux non explicitement autoris\u00e9s", "importance": 0, "uuid": "91b484fb-cea7-4ec1-9d52-4e41f0d4ab74" }, { "code": "R29 [Usage des comptes d'administration]", "description": "Utiliser des comptes d\u2019administration d\u00e9di\u00e9s", "importance": 0, "uuid": "d5be4401-d6ff-4b7b-b534-8c285029e35d" }, { "code": "R29- [Usage des comptes d'administration]", "description": "Pallier l\u2019absence de comptes d\u00e9di\u00e9s \u00e0 l\u2019administration", "importance": 0, "uuid": "60910bc5-e7c7-4d88-8cab-04fd56c5fdeb" }, { "code": "R30 [Usage des comptes d'administration]", "description": "Utiliser par d\u00e9faut des comptes d\u2019administration individuels", "importance": 0, "uuid": "5e5deb7e-4db1-469f-b381-ea9023ad6355" }, { "code": "R31 [Usage des comptes d'administration]", "description": "Attribuer les droits d\u2019administration \u00e0 des groupes", "importance": 0, "uuid": "a9ae7cd0-9002-49cc-b140-666f01328821" }, { "code": "R32 [Protection des comptes d'administration]", "description": "Prot\u00e9ger l\u2019acc\u00e8s aux annuaires des comptes d\u2019administration", "importance": 0, "uuid": "7e35ab96-40fa-4a36-b11d-c77b836a0dd0" }, { "code": "R33 [Protection des comptes d'administration]", "description": "Renforcer l\u2019authentification pour les comptes d\u2019administration", "importance": 0, "uuid": "8b646bf7-245b-475d-a5d5-0707c7871916" }, { "code": "R34 [Protection des comptes d'administration]", "description": "Emp\u00eacher le stockage des secrets d\u2019authentification dans les journaux", "importance": 0, "uuid": "8246e775-aea8-4d03-b245-db5d16b52163" }, { "code": "R35 [Protection des comptes d'administration]", "description": "Respecter le principe du moindre privil\u00e8ge dans l\u2019attribution des droits d\u2019administration", "importance": 0, "uuid": "b2e8ec4b-c80b-4563-9ead-4754d30b1723" }, { "code": "R36 [Ma\u00eetrise des ressources d'administration]", "description": "N\u2019utiliser que des \u00e9quipements ma\u00eetris\u00e9s pour l\u2019administration", "importance": 0, "uuid": "ffb799fe-bba5-4906-b9cc-094e10191215" }, { "code": "R37 [Poste d'administration]", "description": "Utiliser un poste d\u2019administration d\u00e9di\u00e9", "importance": 0, "uuid": "464b5919-26d9-44e2-af0a-4d1db9473a01" }, { "code": "R37- [Poste d'administration]", "description": "Acc\u00e9der aux autres environnements de travail depuis le poste d\u2019administration", "importance": 0, "uuid": "67129fd3-0579-4126-a1cb-4748dd42946d" }, { "code": "R38 [Poste d'administration]", "description": "Renforcer la s\u00e9curit\u00e9 du poste d\u2019administration", "importance": 0, "uuid": "e30af12e-b883-41c7-9ac6-662707b32fbd" }, { "code": "R39 [R\u00e9seau d'administration]", "description": "Connecter les ressources d\u2019administration sur un r\u00e9seau physique d\u00e9di\u00e9", "importance": 0, "uuid": "a61b75c8-c616-46d1-a353-89a653678e9a" }, { "code": "R39- [R\u00e9seau d'administration]", "description": "Connecter les ressources d\u2019administration sur un r\u00e9seau VPN IPsec d\u00e9di\u00e9", "importance": 0, "uuid": "1ca12b44-1262-4f46-a655-58514d1dc233" }, { "code": "R39- - [R\u00e9seau d'administration]", "description": "Pallier l\u2019absence de chiffrement des flux d\u2019administration", "importance": 0, "uuid": "68cd794b-7eae-4d48-81e9-bc2a5a357a06" }, { "code": "R40 [R\u00e9seau d'administration]", "description": "D\u00e9dier une interface r\u00e9seau physique d\u2019administration", "importance": 0, "uuid": "80043152-84c2-4c66-a914-d9a589f50d8f" }, { "code": "R40- [R\u00e9seau d'administration]", "description": "D\u00e9dier une interface r\u00e9seau virtuelle d\u2019administration", "importance": 0, "uuid": "011b5dd7-95fb-4be3-8d9b-37c998494ce9" }, { "code": "R41 [R\u00e9seau d'administration]", "description": "Cloisonner et filtrer le r\u00e9seau d\u2019administration", "importance": 0, "uuid": "acac371f-f4bc-400a-9b23-355d49b797a7" }, { "code": "R42 [Protocoles d'adminsitration]", "description": "Utiliser des protocoles s\u00e9curis\u00e9s pour l\u2019administration", "importance": 0, "uuid": "6fea5fca-2663-4c97-b9d4-349f18220723" }, { "code": "R43 [Administration de plusieurs SI]", "description": "Administrer des SI diff\u00e9rents avec des serveurs outils diff\u00e9rents", "importance": 0, "uuid": "fe0db2f7-a227-474e-a36c-826e2c2d084d" }, { "code": "R44 [Utilisation de comptes individuels]", "description": "Utiliser des comptes individuels", "importance": 0, "uuid": "69830471-5465-4db5-9504-898f50349860" }, { "code": "R44- [Utilisation de comptes individuels]", "description": "Pallier l\u2019absence de comptes individuels", "importance": 0, "uuid": "00113844-1fd3-4ad9-a94a-7a5a07756932" }, { "code": "R45 [Comptes inutilis\u00e9s]", "description": "D\u00e9sactiver les comptes inutilis\u00e9s", "importance": 0, "uuid": "6691f594-a6be-4a51-af96-251a95cdfcbb" }, { "code": "R46 [S\u00e9curit\u00e9 du m\u00e9canisme d'authentification]", "description": "Mettre en \u0153uvre un m\u00e9canisme d\u2019authentification pour chaque compte", "importance": 0, "uuid": "ffc4a621-79eb-4945-b634-d212e8a23c81" }, { "code": "R47 [S\u00e9curit\u00e9 du m\u00e9canisme d'authentification]", "description": "\u00c9tablir une politique de gestion des secrets d\u2019authentification", "importance": 0, "uuid": "2c260d25-e41e-4437-936a-fa5cc5e107ee" }, { "code": "R48 [Partage de secrets]", "description": "Interdire le partage de secrets d\u2019authentification", "importance": 0, "uuid": "a54a09e0-9b85-48c5-a10a-1fec4fcba6d1" }, { "code": "R48- [Partage de secrets]", "description": "Prot\u00e9ger les secrets d\u2019authentification des comptes partag\u00e9s", "importance": 0, "uuid": "2e8ce6a6-b2ac-43d0-958c-0a693bb29ec0" }, { "code": "R49 [Cas des comptes privil\u00e9gi\u00e9s]", "description": "D\u00e9dier un mot de passe \u00e0 chaque compte privil\u00e9gi\u00e9", "importance": 0, "uuid": "1a420a98-7c81-4c9c-87eb-546417ee3d8c" }, { "code": "R50 [Cas des comptes privil\u00e9gi\u00e9s]", "description": "Stocker les mots de passe dans un coffre-fort de mots de passe", "importance": 0, "uuid": "adc8df51-114f-435e-9a33-b63135158c3f" }, { "code": "R51 [Renouvellement r\u00e9gulier des secrets]", "description": "Renouveler r\u00e9guli\u00e8rement les secrets d\u2019authentification", "importance": 0, "uuid": "c8df75f1-c2be-424a-b93a-80e64852bd48" }, { "code": "R51- [Renouvellement r\u00e9gulier des secrets]", "description": "Pallier l\u2019impossibilit\u00e9 de modifier un secret d\u2019authentification", "importance": 0, "uuid": "57699a82-d109-40ff-b9f5-a1523025b987" }, { "code": "R52 [Renouvellement r\u00e9gulier des secrets]", "description": "Contr\u00f4ler le renouvellement et l\u2019acc\u00e8s aux secrets d\u2019authentification", "importance": 0, "uuid": "7c174c4e-bd75-4adc-8b27-68add751ebe4" }, { "code": "R53 [Renouvellement ponctuel des secrets]", "description": "Renouveler imm\u00e9diatement des secrets d\u2019authentification", "importance": 0, "uuid": "2c92383e-c404-47dd-89f7-4c8691aee0dd" }, { "code": "R54 [Attribution des droits d'acc\u00e8s]", "description": "D\u00e9finir une politique de gestion des droits d\u2019acc\u00e8s", "importance": 0, "uuid": "a4acc36e-5901-4641-95ba-427d3a4f6d63" }, { "code": "R55 [Attribution des droits d'acc\u00e8s]", "description": "Attribuer les droits d\u2019acc\u00e8s suivant le principe du moindre privil\u00e8ge", "importance": 0, "uuid": "94ef4b4b-8de5-42ad-be3e-4a3195ffa153" }, { "code": "R56 [Attribution des droits d'acc\u00e8s]", "description": "D\u00e9finir une tra\u00e7abilit\u00e9 des comptes privil\u00e9gi\u00e9s", "importance": 0, "uuid": "674efdbe-4276-4ed9-a966-f8940a150035" }, { "code": "R57 [Revue des droits d'acc\u00e8s]", "description": "Faire une revue r\u00e9guli\u00e8re des droits d\u2019acc\u00e8s", "importance": 0, "uuid": "61d07010-7570-42ce-b3e7-4375514a5ee0" }, { "code": "R58 [Proc\u00e9dure de maintien en conditions de s\u00e9curit\u00e9]", "description": "Documenter une politique de MCS", "importance": 0, "uuid": "2ecb9f20-8f5b-439f-8013-140544a14da2" }, { "code": "R59 [Proc\u00e9dure de maintien en conditions de s\u00e9curit\u00e9]", "description": "Mettre en place une veille de s\u00e9curit\u00e9", "importance": 0, "uuid": "8f3d3f38-3b3c-4522-8fe4-f78f1e9b08a7" }, { "code": "R60 [T\u00e9l\u00e9chargement de mises \u00e0 jour fiables]", "description": "Obtenir des mises \u00e0 jour de s\u00e9curit\u00e9 officielles", "importance": 0, "uuid": "66711a35-3fd5-47b0-b12d-4dd2e717650f" }, { "code": "R61 [Application des mises \u00e0 jour]", "description": "Appliquer les mises \u00e0 jour de s\u00e9curit\u00e9", "importance": 0, "uuid": "21089293-3792-45a3-8c82-caec58e11ac3" }, { "code": "R62 [Gestion des syst\u00e8mes obsol\u00e8tes]", "description": "Utiliser des logiciels et des mat\u00e9riels support\u00e9s", "importance": 0, "uuid": "9b7f5a3e-f58b-4885-89f2-238bc1ae053e" }, { "code": "R62- [Gestion des syst\u00e8mes obsol\u00e8tes]", "description": "Pallier l\u2019utilisation de versions obsol\u00e8tes de logiciels et de mat\u00e9riels", "importance": 0, "uuid": "aa858252-f4fa-48be-b80f-c6dfb425d8c6" } ], "version": 1 } 2021-04-09T09:27:51.540977+00:00 https://objects.monarc.lu/object/get/5202 2023-03-31T19:15:40.040190+00:00 MONARC { "label": "CNIL", "language": "FR", "refs": [ "https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-fr-basesdeconnaissances.pdf" ], "uuid": "8d24c5ef-0748-4689-b189-3a4e505e3065", "values": [ { "code": "Acc\u00e8s logique_01", "description": "G\u00e9rer les profils d'utilisateurs en s\u00e9parant les t\u00e2ches et les domaines de responsabilit\u00e9, de pr\u00e9f\u00e9rence de mani\u00e8re centralis\u00e9e, afin de limiter l'acc\u00e8s aux donn\u00e9es aux seuls utilisateurs habilit\u00e9s, en appliquant les principes du besoin d'en conna\u00eetre et du moindre privil\u00e8ge.", "importance": 0, "uuid": "e118a3c6-7482-4211-b7ec-299efd46138f" }, { "code": "Acc\u00e8s logique_02", "description": "Identifier toute personne ayant un acc\u00e8s l\u00e9gitime aux donn\u00e9es (employ\u00e9s, contractants et autres tiers) par un identifiant unique.", "importance": 0, "uuid": "26276cb1-c4e4-467d-b408-54c2d319880e" }, { "code": "Acc\u00e8s logique_03", "description": "Dans le cas o\u00f9 l'utilisation d'identifiants g\u00e9n\u00e9riques ou partag\u00e9s est incontournable, obtenir une validation de la hi\u00e9rarchie et mettre en oeuvre des moyens de tra\u00e7abilit\u00e9 de l'utilisation de ce type d'identifiant.", "importance": 0, "uuid": "ceaf2533-f871-401b-9152-22176215a30c" }, { "code": "Acc\u00e8s logique_04", "description": "Limiter l'acc\u00e8s aux outils et interfaces d'administration aux personnes habilit\u00e9es.", "importance": 0, "uuid": "e6ebe368-9a36-4fe6-b5d5-868debdf6111" }, { "code": "Acc\u00e8s logique_05", "description": "Limiter l'utilisation des comptes permettant de disposer de privil\u00e8ges \u00e9lev\u00e9s aux op\u00e9rations qui le n\u00e9cessitent.", "importance": 0, "uuid": "93a2aa2a-c3e8-4e30-8bb3-ee2d361397f5" }, { "code": "Acc\u00e8s logique_06", "description": "Limiter l'utilisation des comptes \u00ab administrateurs \u00bb au service en charge de l'informatique, et ce, uniquement pour les actions d'administration qui le n\u00e9cessitent.", "importance": 0, "uuid": "0b18bac6-9fb1-4192-975e-21b0e72e1bf4" }, { "code": "Acc\u00e8s logique_07", "description": "Chaque compte, et d'autant plus s'il a des privil\u00e8ges \u00e9lev\u00e9s (ex : compte administrateur), doit avoir un mot de passe propre.", "importance": 0, "uuid": "bf0202ac-622c-42fc-9ea0-3110e0bb43b6" }, { "code": "Acc\u00e8s logique_08", "description": "Journaliser les informations li\u00e9es \u00e0 l'utilisation des privil\u00e8ges.", "importance": 0, "uuid": "44d19a09-c60f-418c-8f5b-4ebd68313bb2" }, { "code": "Acc\u00e8s logique_09", "description": "R\u00e9aliser une revue annuelle des privil\u00e8ges afin d'identifier et de supprimer les comptes non utilis\u00e9s, et de r\u00e9aligner les privil\u00e8ges sur les fonctions de chaque utilisateur.", "importance": 0, "uuid": "fea2a14d-15c4-4336-887b-952b2e53a659" }, { "code": "Acc\u00e8s logique_10", "description": "Retirer les droits des employ\u00e9s, contractants et autres tiers d\u00e8s lors qu'ils ne sont plus habilit\u00e9s \u00e0 acc\u00e9der \u00e0 un local ou \u00e0 une ressource ou \u00e0 la fin de leur contrat, et les ajuster en cas de changement de poste. Pour les personnes ayant un compte temporaire (stagiaire, prestataire...), configurer une date d'expiration \u00e0 la cr\u00e9ation du compte.", "importance": 0, "uuid": "3567ae95-f967-4d83-b8a5-2e128eb8a4bb" }, { "code": "Acc\u00e8s logique_11", "description": "Choisir un moyen d'authentification pour les ouvertures de session, adapt\u00e9 au contexte, au niveau des risques et \u00e0 la robustesse attendue.", "importance": 0, "uuid": "f5fa7cf6-962a-4479-b4dd-b4055940c4c3" }, { "code": "Acc\u00e8s logique_12", "description": "Interdire que les mots de passe utilis\u00e9s apparaissent en clair dans les programmes, fichiers, scripts, traces ou fichiers journaux, ou \u00e0 l'\u00e9cran lors de leur saisie.", "importance": 0, "uuid": "109dcedb-1be9-450e-b27f-7e51ee709bac" }, { "code": "Acc\u00e8s logique_13", "description": "D\u00e9terminer les actions \u00e0 entreprendre en cas d'\u00e9chec de l'authentification.", "importance": 0, "uuid": "9faa0ed5-8a85-40d1-93a0-ed2e7d0fcf4e" }, { "code": "Acc\u00e8s logique_14", "description": "Limiter l'authentification par identifiants et mots de passe au contr\u00f4le de l'acc\u00e8s au poste de travail (d\u00e9verrouillage uniquement).", "importance": 0, "uuid": "d04e18d8-0db0-4a6d-8e2b-9d8ffedd8e61" }, { "code": "Acc\u00e8s logique_15", "description": "Authentifier le poste de travail aupr\u00e8s du syst\u00e8me d'information distant (serveurs) \u00e0 l'aide de m\u00e9canismes cryptographiques.", "importance": 0, "uuid": "84390e07-d195-4fe0-8e39-84c29b418224" }, { "code": "Acc\u00e8s logique_16", "description": "Adopter une politique de mots de passe, la mettre en oeuvre et la contr\u00f4ler automatiquement dans la mesure o\u00f9 les applications et les ressources le permettent, et y sensibiliser les utilisateurs.", "importance": 0, "uuid": "679cdcd4-b5cc-449d-8570-9767ac8b9050" }, { "code": "Acc\u00e8s logique_17", "description": "Adopter une politique sp\u00e9cifique de mots de passe pour les administrateurs, la mettre en oeuvre et la contr\u00f4ler automatiquement dans la mesure o\u00f9 les applications et les ressources le permettent, et y sensibiliser les administrateurs.", "importance": 0, "uuid": "ed213665-55a1-4e17-b48d-14ed86eae184" }, { "code": "Acc\u00e8s logique_18", "description": "Modifier imm\u00e9diatement apr\u00e8s installation d'une application ou d'un syst\u00e8me les mots de passe par d\u00e9faut.", "importance": 0, "uuid": "91202b19-adc1-41fc-955d-654b03c724a8" }, { "code": "Acc\u00e8s logique_19", "description": "Cr\u00e9er chaque compte utilisateur avec un mot de passe initial al\u00e9atoire unique, le transmettre de mani\u00e8re s\u00e9curis\u00e9e \u00e0 l'utilisateur, par exemple en utilisant deux canaux s\u00e9par\u00e9s (papier et autres) ou une \u00ab case \u00e0 gratter \u00bb, et le contraindre \u00e0 le modifier lors de sa premi\u00e8re connexion et lorsqu'un nouveau mot de passe lui est fourni (par exemple en cas d'oubli).", "importance": 0, "uuid": "8f0e75d1-19d5-4e35-9517-b4c4e600a082" }, { "code": "Acc\u00e8s logique_20", "description": "Stocker les informations d'authentification (mots de passe d'acc\u00e8s aux syst\u00e8mes d'information, cl\u00e9s priv\u00e9es li\u00e9es aux certificats \u00e9lectroniques) de fa\u00e7on \u00e0 \u00eatre accessibles uniquement par des utilisateurs autoris\u00e9s.", "importance": 0, "uuid": "852a4c9c-8240-42cc-9581-038a410112cc" }, { "code": "Acc\u00e8s logique_21", "description": "Dans le cas o\u00f9 de nombreux mots de passe ou secrets (cl\u00e9s priv\u00e9es, certificats, etc.) doivent \u00eatre utilis\u00e9s, mettre en place une solution d'authentification centralis\u00e9e, de mots de passe \u00e0 usage unique ou de coffres-forts s\u00e9curis\u00e9s.", "importance": 0, "uuid": "32fc5d12-b90c-48aa-8332-006131cfb16b" }, { "code": "Acc\u00e8s physique_01", "description": "Distinguer les zones des b\u00e2timents selon les risques.", "importance": 0, "uuid": "8610c9a9-2dc5-4a26-b06c-80b00a4809a4" }, { "code": "Acc\u00e8s physique_02", "description": "Tenir \u00e0 jour une liste des personnes (visiteurs, employ\u00e9s, employ\u00e9s habilit\u00e9s, stagiaires, prestataires, etc.) autoris\u00e9es \u00e0 p\u00e9n\u00e9trer dans chaque zone.", "importance": 0, "uuid": "abdffe63-1cf7-4e8c-b2c1-f1f4a6f97aa1" }, { "code": "Acc\u00e8s physique_03", "description": "Choisir des moyens d'authentification des collaborateurs proportionnels aux risques selon chaque zone.", "importance": 0, "uuid": "5873e81e-f01e-4be4-ac19-4a1da00c6e7a" }, { "code": "Acc\u00e8s physique_04", "description": "Choisir des moyens d'authentification des visiteurs (personnes venant en r\u00e9union, prestataires externes, auditeurs, etc.) proportionnels aux risques selon chaque zone.", "importance": 0, "uuid": "c4ccc241-19ee-4e8f-8531-6cbcd88aa702" }, { "code": "Acc\u00e8s physique_05", "description": "D\u00e9terminer les actions \u00e0 entreprendre en cas d'\u00e9chec de l'authentification (impossible de v\u00e9rifier une identit\u00e9, d\u00e9faut d'habilitation \u00e0 p\u00e9n\u00e9trer dans une zone s\u00e9curis\u00e9e, etc.).", "importance": 0, "uuid": "1e71ff0f-e62b-41f6-9dfa-0adda57a4e39" }, { "code": "Acc\u00e8s physique_06", "description": "Conserver une trace des acc\u00e8s apr\u00e8s en avoir inform\u00e9 les personnes concern\u00e9es.", "importance": 0, "uuid": "707fc241-d84c-445d-b2ad-00a5b2e3d52f" }, { "code": "Acc\u00e8s physique_07", "description": "Faire accompagner les visiteurs, en dehors des zones d'accueil du public (depuis leur entr\u00e9e, pendant leur visite et jusqu'\u00e0 leur sortie des locaux) par une personne appartenant \u00e0 l'organisme.", "importance": 0, "uuid": "6e9286ef-e3e7-4dfe-b609-7ec4edda92fa" }, { "code": "Acc\u00e8s physique_08", "description": "Prot\u00e9ger les zones les plus sensibles de mani\u00e8re proportionnelle aux risques.", "importance": 0, "uuid": "cc5ceb8c-d72c-4ecf-a307-2aac21144b78" }, { "code": "Acc\u00e8s physique_09", "description": "Installer un dispositif permettant d'\u00eatre alert\u00e9 en cas d'effraction.", "importance": 0, "uuid": "0bceee9c-5fa7-4c8e-9350-ab1c55a1934f" }, { "code": "Acc\u00e8s physique_10", "description": "Pr\u00e9voir les moyens de ralentir les personnes qui auraient p\u00e9n\u00e9tr\u00e9 dans une zone dont l'acc\u00e8s leur est interdit, ainsi que les moyens d'intervention dans de telles situations, de telle sorte que le d\u00e9lai d'intervention soit inf\u00e9rieur au temps qu'il faut aux personnes non autoris\u00e9es pour sortir de la zone.", "importance": 0, "uuid": "a1679d06-d84a-4808-8d71-51fcd6f796a5" }, { "code": "Anonymisation _01", "description": "D\u00e9terminer ce qui doit \u00eatre anonymis\u00e9 selon le contexte, la forme de stockage des donn\u00e9es (champs d'une base de donn\u00e9es, extraits de textes, etc.) et les risques identifi\u00e9s.", "importance": 0, "uuid": "d1fc946c-b3cb-42f4-b9db-5b4ca070d6f9" }, { "code": "Anonymisation _02", "description": "Anonymiser de mani\u00e8re irr\u00e9versible ce qui doit l'\u00eatre, selon la forme des donn\u00e9es \u00e0 anonymiser (base de donn\u00e9es, documents textuels, etc.) et les risques identifi\u00e9s.", "importance": 0, "uuid": "19292c60-80ae-4713-8a32-ed2c7aaae607" }, { "code": "Anonymisation _03", "description": "Si ce qui doit \u00eatre anonymis\u00e9 ne peut l'\u00eatre de mani\u00e8re irr\u00e9versible, choisir les outils (suppression partielle, chiffrement, hachage, hachage \u00e0 cl\u00e9, index, etc.) qui satisfont le mieux possible les besoins fonctionnels.", "importance": 0, "uuid": "57800e17-0f6e-4480-a3d6-e44dd3998588" }, { "code": "Archivage_01", "description": "V\u00e9rifier que les processus de gestion des archives sont d\u00e9finis.", "importance": 0, "uuid": "9ef28197-0cb6-416d-afaf-7f9b24bfc431" }, { "code": "Archivage_02", "description": "V\u00e9rifier que les r\u00f4les en mati\u00e8re d'archivage sont identifi\u00e9s.", "importance": 0, "uuid": "edc6df06-9c0c-4247-9aee-f5794fadf4bd" }, { "code": "Archivage_03", "description": "V\u00e9rifier que les mesures prises permettent de garantir, si besoin, l'identification et l'authentification de l'origine des archives, l'int\u00e9grit\u00e9 des archives, l'intelligibilit\u00e9 et la lisibilit\u00e9 des archives, la dur\u00e9e de conservation des archives, la tra\u00e7abilit\u00e9 des op\u00e9rations effectu\u00e9es sur les archives (versement, consultation, migration, \u00e9limination, etc.), la disponibilit\u00e9 et l'accessibilit\u00e9 des archives, les compl\u00e9ter si ce n'est pas le cas.", "importance": 0, "uuid": "5acba894-3f1e-493a-8cb4-718d33522093" }, { "code": "Archivage_04", "description": "D\u00e9terminer les moyens de protection de la confidentialit\u00e9 des donn\u00e9es archiv\u00e9es selon les risques identifi\u00e9s.", "importance": 0, "uuid": "cebae15e-1aa4-480d-a39f-f35ff6001a6f" }, { "code": "Archivage_05", "description": "V\u00e9rifier que les autorit\u00e9s d'archivage disposent d'une politique d'archivage.", "importance": 0, "uuid": "bf78101a-0197-406f-b027-bd5f96751904" }, { "code": "Archivage_06", "description": "V\u00e9rifier qu'il existe une d\u00e9claration des pratiques d'archivage.", "importance": 0, "uuid": "28e18337-0c7a-49eb-8436-1f70b01372db" }, { "code": "Chiffrement_01", "description": "D\u00e9terminer ce qui doit \u00eatre chiffr\u00e9 (un disque dur entier, une partition, un conteneur , certains fichiers, des donn\u00e9es d'une base de donn\u00e9es, un canal de communication, etc.) selon la forme de stockage des donn\u00e9es, les risques identifi\u00e9s et les performances exig\u00e9es .", "importance": 0, "uuid": "d1491661-134b-41fc-aca3-74937d131809" }, { "code": "Chiffrement_02", "description": "Choisir le type de chiffrement (sym\u00e9trique ou asym\u00e9trique ) selon le contexte et les risques identifi\u00e9s.", "importance": 0, "uuid": "5692f3e1-db9a-4127-8ef8-4c48f1b119d1" }, { "code": "Chiffrement_03", "description": "Recourir \u00e0 des solutions de chiffrement bas\u00e9es sur des algorithmes publics r\u00e9put\u00e9s forts.", "importance": 0, "uuid": "6b541553-3b6c-4b3e-b904-33d08ba30a53" }, { "code": "Chiffrement_04", "description": "Mettre en place des mesures pour garantir la disponibilit\u00e9, l'int\u00e9grit\u00e9 et la confidentialit\u00e9 des \u00e9l\u00e9ments permettant de r\u00e9cup\u00e9rer des secrets perdus (mots de passe administrateurs, CD de recouvrement, etc.).", "importance": 0, "uuid": "c33fa90c-2f64-46ea-bebc-64adcc9312ea" }, { "code": "Chiffrement_05", "description": "N'employer une cl\u00e9 ou bicl\u00e9 de chiffrement que pour un seul usage.", "importance": 0, "uuid": "8fad8a50-3f94-4fda-a878-765bf475a13e" }, { "code": "Chiffrement_06", "description": "Formaliser la mani\u00e8re dont les cl\u00e9s de chiffrement vont \u00eatre g\u00e9r\u00e9es.", "importance": 0, "uuid": "f0d035bb-bddc-47b8-9d67-5f04fcaddbb9" }, { "code": "Chiffrement_07", "description": "Choisir un m\u00e9canisme de chiffrement reconnu par les organisations comp\u00e9tentes et qui dispose d'une preuve de s\u00e9curit\u00e9.", "importance": 0, "uuid": "0854a91c-8dda-492f-a1ec-f113146fd7fc" }, { "code": "Chiffrement_08", "description": "Mettre en place des m\u00e9canismes de v\u00e9rification des certificats \u00e9lectroniques.", "importance": 0, "uuid": "4c00cea1-76cb-4b4d-b5cd-a24e3e15a619" }, { "code": "Chiffrement_09", "description": "Prot\u00e9ger la s\u00e9curit\u00e9 de la g\u00e9n\u00e9ration et de l'utilisation des cl\u00e9s de chiffrement en coh\u00e9rence avec leur niveau dans la hi\u00e9rarchie des cl\u00e9s.", "importance": 0, "uuid": "0443fb22-930e-430f-a525-2268afbb4f35" }, { "code": "Chiffrement_10", "description": "[postes de travail] Privil\u00e9gier les dispositifs ne stockant pas les cl\u00e9s sur le mat\u00e9riel \u00e0 chiffrer sauf \u00e0 ce que celui-ci mette en oeuvre un dispositif de stockage s\u00e9curis\u00e9 (par exemple une puce TPM pour les ordinateurs portables).", "importance": 0, "uuid": "3c48c7fa-a0a7-4b9c-8c4e-94395f1e2ccf" }, { "code": "Chiffrement_11", "description": "[postes de travail] Chiffrer les donn\u00e9es au niveau du syst\u00e8me d'exploitation (chiffrement d'une partition, d'un r\u00e9pertoire ou d'un fichier) ou \u00e0 l'aide d'un logiciel sp\u00e9cialis\u00e9 (chiffrement d'un conteneur).", "importance": 0, "uuid": "cedcb402-1a1e-4796-b6ac-ad13a451731a" }, { "code": "Chiffrement_12", "description": "[bases de donn\u00e9es] Chiffrer l'espace de stockage (au niveau mat\u00e9riel, du syst\u00e8me d'exploitation ou de la base de donn\u00e9es) afin de se prot\u00e9ger d'un vol physique, de la donn\u00e9e elle-m\u00eame (chiffrement par l'application) afin de garantir la confidentialit\u00e9 de certaines donn\u00e9es vis-\u00e0-vis des administrateurs eux-m\u00eames. Le chiffrement par la base de donn\u00e9es peut dans le cas d'\u00e9quipes informatiques cloisonn\u00e9es permettre de rendre les donn\u00e9es uniquement accessibles des administrateurs de base de donn\u00e9es sans que les administrateurs syst\u00e8me y aient acc\u00e8s.", "importance": 0, "uuid": "8cc0ea9d-1af1-4311-a454-1ba757bbe022" }, { "code": "Chiffrement_13", "description": "[email] Chiffrer les fichiers stock\u00e9s ou les pi\u00e8ces \u00e0 joindre \u00e0 des courriers \u00e9lectroniques.", "importance": 0, "uuid": "22226bd6-bb16-4a2b-9c28-fe2775b71914" }, { "code": "Chiffrement_14", "description": "[email] Chiffrer les messages \u00e9lectroniques.", "importance": 0, "uuid": "9a562522-6788-46f2-89f3-5927a5954b83" }, { "code": "Chiffrement_15", "description": "[r\u00e9seaux] Chiffrer le canal de communication entre un serveur authentifi\u00e9 et un client distant.", "importance": 0, "uuid": "bd2c611c-fb9d-47c6-a2f5-5abe452dde48" }, { "code": "Cloisonnement_01", "description": "Identifier les seules donn\u00e9es utiles \u00e0 chaque processus m\u00e9tier.", "importance": 0, "uuid": "dedea729-0c56-41a9-a507-2648cf80d4c9" }, { "code": "Cloisonnement_02", "description": "S\u00e9parer logiquement les donn\u00e9es utiles \u00e0 chaque processus.", "importance": 0, "uuid": "c8a70a56-af4d-4cc0-b8de-dc73b8b36396" }, { "code": "Cloisonnement_03", "description": "V\u00e9rifier de mani\u00e8re r\u00e9guli\u00e8re que les donn\u00e9es sont bien cloisonn\u00e9es, et que des destinataires ou des interconnexions n'ont pas \u00e9t\u00e9 ajout\u00e9s.", "importance": 0, "uuid": "ffb3ad05-3d82-4d46-9bab-95e5ef88e27d" }, { "code": "Consentement_01", "description": "D\u00e9terminer et justifier les moyens pratiques qui vont \u00eatre mis en oeuvre pour obtenir le consentement des personnes concern\u00e9es ou justifier de l'impossibilit\u00e9 de les mettre en oeuvre.", "importance": 0, "uuid": "714cb101-0a63-42bf-9e95-18d0f60ac9c8" }, { "code": "Consentement_02", "description": "S'assurer que le traitement ne puisse pas \u00eatre mis en oeuvre sans consentement.", "importance": 0, "uuid": "1344a6be-8017-41ff-bcb2-7eaca1d7d7ca" }, { "code": "Consentement_03", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re libre.", "importance": 0, "uuid": "8b658ce9-e207-4fae-ba69-747f393fe8cb" }, { "code": "Consentement_04", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re \u00e9clair\u00e9e et transparente quant aux finalit\u00e9s du traitement.", "importance": 0, "uuid": "b0d8f199-46d7-4766-9c5b-ea7ccdfa1007" }, { "code": "Consentement_05", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re sp\u00e9cifique \u00e0 une finalit\u00e9.", "importance": 0, "uuid": "5275ce0f-d24e-41b8-9058-d1b4e7ca851e" }, { "code": "Consentement_06", "description": "En cas de sous-traitance, encadrer les obligations de chacun dans un document \u00e9crit, explicite et accept\u00e9 des deux parties.", "importance": 0, "uuid": "2d7ac8b6-918d-436e-b7a8-f9e26ca5024e" }, { "code": "Consentement_07", "description": "Recueillir le consentement des parents pour les mineurs de moins de 13 ans.", "importance": 0, "uuid": "cf2a0e63-2440-4339-b080-318530142a38" }, { "code": "Consentement_08", "description": "Obtenir le consentement \u00e9clair\u00e9 et expr\u00e8s des personnes concern\u00e9es pr\u00e9alablement \u00e0 la mise en oeuvre du traitement, sauf dans le cas o\u00f9 le traitement repose sur une autre base l\u00e9gale ou que la loi pr\u00e9voit qu'il est interdit de collecter ou de traiter ces donn\u00e9es.", "importance": 0, "uuid": "ce24a3e2-a85c-4715-9754-062e27da56ae" }, { "code": "Consentement_09", "description": "[collecte de donn\u00e9es via un site Internet] Pr\u00e9voir un formulaire avec des cases \u00e0 cocher et qui ne sont pas coch\u00e9es par d\u00e9faut (dit \u00ab opt-in \u00bb).", "importance": 0, "uuid": "cdf6455d-9bda-431d-bd90-0473cf53bead" }, { "code": "Consentement_10", "description": "[collecte de donn\u00e9es via des cookies] Dans le cas o\u00f9 le cookie n'est pas strictement n\u00e9cessaire \u00e0 la fourniture du service express\u00e9ment demand\u00e9 par l'utilisateur, recueillir le consentement de l'internaute (ex : via une banni\u00e8re en haut d'une page web), une zone de demande de consentement en surimpression sur la page, des cases \u00e0 cocher lors de l'inscription \u00e0 un service en ligne, etc.) apr\u00e8s information de celui-ci et avant le d\u00e9p\u00f4t du cookie.", "importance": 0, "uuid": "46cd679f-1d55-49cd-afc3-220518f128b8" }, { "code": "Consentement_11", "description": "[collecte de donn\u00e9es via une application mobile] Recueillir le consentement de l'utilisateur au premier d\u00e9marrage de l'objet ou de l'application mobile.", "importance": 0, "uuid": "75482a90-c07c-40da-988b-22614e5a8394" }, { "code": "Consentement_12", "description": "[collecte de donn\u00e9es via une application mobile] Proposer un consentement segment\u00e9 par cat\u00e9gorie de donn\u00e9es ou types de traitement, en distinguant notamment le partage de donn\u00e9es avec d'autres utilisateurs ou avec des soci\u00e9t\u00e9s tierces.", "importance": 0, "uuid": "076d2004-99f5-4987-8deb-bfd17e6c1125" }, { "code": "Consentement_13", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de refuser qu'une application puisse le g\u00e9olocaliser de mani\u00e8re syst\u00e9matique.", "importance": 0, "uuid": "43e88dac-4872-43d0-8866-24ab14ef68bb" }, { "code": "Consentement_14", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de s\u00e9lectionner quelle application peut utiliser la g\u00e9olocalisation.", "importance": 0, "uuid": "3db56638-0ac3-45f4-b423-beb7c651b1ba" }, { "code": "Consentement_15", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de choisir quelles personnes peuvent acc\u00e9der \u00e0 l'information de g\u00e9olocalisation le concernant et avec quelle pr\u00e9cision.", "importance": 0, "uuid": "13923ace-5491-414e-8397-bd41fd92ebb1" }, { "code": "Consentement_16", "description": "[publicit\u00e9 cibl\u00e9e] Mettre \u00e0 disposition des utilisateurs des moyens simples et non payants pour accepter ou refuser la diffusion \u00e0 leur \u00e9gard de contenus publicitaires adapt\u00e9s \u00e0 leur comportement de navigation, et choisir les centres d'int\u00e9r\u00eat \u00e0 propos desquels ils souhaiteraient voir s'afficher des offres publicitaires adapt\u00e9es \u00e0 leurs souhaits.", "importance": 0, "uuid": "18ea7c10-06db-4457-b137-647cebe240b5" }, { "code": "Consentement_17", "description": "[recherches sur des pr\u00e9l\u00e8vements biologiques identifiants] Si les pr\u00e9l\u00e8vements sont conserv\u00e9s pour un traitement ult\u00e9rieur diff\u00e9rent du traitement initial, s'assurer \u00e9galement du consentement \u00e9clair\u00e9 et expr\u00e8s de la personne concern\u00e9e pour cet autre traitement.", "importance": 0, "uuid": "cd22d65f-2bb3-43df-98b2-929903a6628d" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_01", "description": "Identifier les donn\u00e9es dont l'int\u00e9grit\u00e9 doit \u00eatre contr\u00f4l\u00e9e selon les risques identifi\u00e9s.", "importance": 0, "uuid": "3cec2c97-10e1-4469-b168-df05844cb77b" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_02", "description": "Choisir un moyen de contr\u00f4ler l'int\u00e9grit\u00e9 selon le contexte, les risques appr\u00e9ci\u00e9s et la robustesse attendue.", "importance": 0, "uuid": "40e44f1d-650a-4fee-a79e-3088d695f836" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_03", "description": "D\u00e9finir le moment auquel la fonction est appliqu\u00e9e et celui o\u00f9 le contr\u00f4le d'int\u00e9grit\u00e9 doit \u00eatre effectu\u00e9 selon le d\u00e9roulement du processus m\u00e9tier.", "importance": 0, "uuid": "78f01fab-a9d9-44b6-8d86-c37c9be66ca4" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_04", "description": "Lorsque les donn\u00e9es sont envoy\u00e9es dans une base de donn\u00e9es, il est n\u00e9cessaire de mettre en place des mesures d'analyse permettant de pr\u00e9venir les attaques par injection SQL ou de scripts.", "importance": 0, "uuid": "9d0be52f-a03a-4807-94ff-8b930954c112" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_05", "description": "Utiliser un m\u00e9canisme de hachage reconnu par les organisations comp\u00e9tentes et qui dispose d'une preuve de s\u00e9curit\u00e9.", "importance": 0, "uuid": "98f3804b-00c7-4211-9474-680558ead2a0" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_06", "description": "Recourir \u00e0 des solutions de signature \u00e9lectronique bas\u00e9es sur des algorithmes publics r\u00e9put\u00e9s forts.", "importance": 0, "uuid": "623b84d7-b0cd-4716-9c17-5cb027b3e5d8" }, { "code": "Documents papier_01", "description": "Porter une mention visible et explicite sur chaque page des documents contenant des donn\u00e9es sensibles.", "importance": 0, "uuid": "1512c36f-aecc-4fa6-979a-a69e31932228" }, { "code": "Documents papier_02", "description": "Porter une mention visible et explicite dans les applications m\u00e9tiers permettant d'acc\u00e9der \u00e0 des donn\u00e9es et permettant de les imprimer.", "importance": 0, "uuid": "554dedff-298a-48e9-bf63-0b04f40a6515" }, { "code": "Documents papier_03", "description": "Choisir des supports papier et des proc\u00e9d\u00e9s d'impression appropri\u00e9s aux conditions de conservation (selon la dur\u00e9e de conservation, l'humidit\u00e9 ambiante, etc.).", "importance": 0, "uuid": "2186b63f-74b8-48d5-b019-aa553747da34" }, { "code": "Documents papier_04", "description": "R\u00e9cup\u00e9rer les documents imprim\u00e9s contenant des donn\u00e9es imm\u00e9diatement apr\u00e8s leur impression ou effectuer, lorsque c'est possible, une impression s\u00e9curis\u00e9.", "importance": 0, "uuid": "6a064432-95d1-4fc9-b6c2-c351c538c0a8" }, { "code": "Documents papier_05", "description": "Limiter la diffusion des documents papier contenant des donn\u00e9es qu'aux personnes ayant le besoin d'en disposer dans le cadre de leur activit\u00e9.", "importance": 0, "uuid": "49927122-8e47-45ee-a8e3-8f0c3601e5b1" }, { "code": "Documents papier_06", "description": "Stocker les documents papier contenant des donn\u00e9es dans un meuble s\u00e9curis\u00e9.", "importance": 0, "uuid": "5ac9f935-a1d4-47f6-968c-d4fcbd783608" }, { "code": "Documents papier_07", "description": "D\u00e9truire les documents papier contenant des donn\u00e9es et qui ne sont plus utiles \u00e0 l'aide d'un broyeur appropri\u00e9.", "importance": 0, "uuid": "c343cc7c-620c-4308-b71f-8d59c7bc71f4" }, { "code": "Documents papier_08", "description": "N'envoyer que les documents papier contenant des donn\u00e9es n\u00e9cessaires au traitement.", "importance": 0, "uuid": "948ebbc4-cd89-44e6-8592-5bf5809255b8" }, { "code": "Documents papier_09", "description": "Garder une trace pr\u00e9cise de la transmission des documents papier contenant des donn\u00e9es.", "importance": 0, "uuid": "ca01e8c9-4113-444b-9493-5a62afb087eb" }, { "code": "Documents papier_10", "description": "Choisir un canal de transmission adapt\u00e9 aux risques et \u00e0 la fr\u00e9quence de transmission.", "importance": 0, "uuid": "b7c9c6fb-abbb-49f3-b5a8-f12fab7bacae" }, { "code": "Documents papier_11", "description": "Am\u00e9liorer la confiance envers le transporteur de documents papier contenant des donn\u00e9es.", "importance": 0, "uuid": "511f7037-7fbe-41e5-80b3-2acb6a34cb3b" }, { "code": "Documents papier_12", "description": "Prot\u00e9ger les documents papier contenant des donn\u00e9es.", "importance": 0, "uuid": "da589b18-e850-4576-a779-d27024dd91f0" }, { "code": "Droit \u00e0 la limitation et d'opposition_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit d'opposition. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches \u00e0 effectuer ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais.", "importance": 0, "uuid": "7bd7ed97-ee93-422a-a1f2-4703f5a7ea7c" }, { "code": "Droit \u00e0 la limitation et d'opposition_02", "description": "S'assurer que le droit d'opposition pourra toujours s'exercer et que les donn\u00e9es collect\u00e9es et trait\u00e9es permettent effectivement l'exercice du droit d'opposition.", "importance": 0, "uuid": "ed0341d5-b5e0-4989-9084-07bfa7668941" }, { "code": "Droit \u00e0 la limitation et d'opposition_03", "description": "S'assurer que \u00ab l'int\u00e9ress\u00e9 est mis en mesure d'exprimer son choix avant la validation d\u00e9finitive de ses r\u00e9ponses \u00bb.", "importance": 0, "uuid": "ed324770-7b66-4a5c-95cd-b2cc34f85cdb" }, { "code": "Droit \u00e0 la limitation et d'opposition_04", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites sur place permettent de s'assurer de l'identit\u00e9 des demandeurs et des personnes qu'ils peuvent mandater.", "importance": 0, "uuid": "9e2762fd-b530-46b1-a438-b2a40c7d4f3d" }, { "code": "Droit \u00e0 la limitation et d'opposition_05", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites par voie postale sont sign\u00e9es et accompagn\u00e9es de la photocopie d'un titre d'identit\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9e sauf en cas de besoin de conserver une preuve) et qu'elles pr\u00e9cisent l'adresse \u00e0 laquelle doit parvenir la r\u00e9ponse.", "importance": 0, "uuid": "da19be7b-85b1-4ace-85c1-95a5cfddcf01" }, { "code": "Droit \u00e0 la limitation et d'opposition_06", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites par voie \u00e9lectronique (en utilisant un canal chiffr\u00e9 si la transmission se fait via Internet) sont accompagn\u00e9es d'un titre d'identit\u00e9 num\u00e9ris\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9 sauf en cas de besoin de conservation d'une preuve, et ce, en noir et blanc, en faible d\u00e9finition et sous la forme d'un fichier chiffr\u00e9).", "importance": 0, "uuid": "80bac0dc-0f02-411f-885b-1d9be6939426" }, { "code": "Droit \u00e0 la limitation et d'opposition_07", "description": "S'assurer que le motif l\u00e9gitime des personnes exer\u00e7ant leur droit d'opposition est fourni et appr\u00e9ci\u00e9 (sauf dans le cas de la prospection et des traitements ayant pour fin la recherche dans le domaine de la sant\u00e9, pour lesquels la personne dispose d'un droit d'opposition discr\u00e9tionnaire).", "importance": 0, "uuid": "b581b87b-6219-4c82-8a2f-b1e98b7eea66" }, { "code": "Droit \u00e0 la limitation et d'opposition_08", "description": "S'assurer que tous les destinataires du traitement seront inform\u00e9s des oppositions exerc\u00e9es par des personnes concern\u00e9es.", "importance": 0, "uuid": "866d2956-dd3b-46ee-b2bc-a41d572179d2" }, { "code": "Droit \u00e0 la limitation et d'opposition_09", "description": "[traitement par t\u00e9l\u00e9phone] Pr\u00e9voir un m\u00e9canisme permettant aux personnes concern\u00e9es de signifier leur opposition \u00e0 l'aide du t\u00e9l\u00e9phone.", "importance": 0, "uuid": "8e98bc8a-ce48-415a-9568-3428a13b3616" }, { "code": "Droit \u00e0 la limitation et d'opposition_10", "description": "[traitement par formulaire \u00e9lectronique] Cr\u00e9er un formulaire, facilement accessible, avec des cases \u00e0 d\u00e9cocher (dit \u00ab opt-out \u00bb) ou pr\u00e9voir la possibilit\u00e9 de se d\u00e9sinscrire d'un service (suppression de compte).", "importance": 0, "uuid": "2d59e2ad-27de-4939-896e-30beb57ad2e3" }, { "code": "Droit \u00e0 la limitation et d'opposition_11", "description": "[traitement par courrier \u00e9lectronique] S'assurer que l'exp\u00e9diteur des messages appara\u00eet tr\u00e8s clairement.", "importance": 0, "uuid": "065ce986-8708-4c0c-9daf-5714ceec2e49" }, { "code": "Droit \u00e0 la limitation et d'opposition_12", "description": "[traitement par courrier \u00e9lectronique] S'assurer que le corps des messages est en rapport avec le sujet des messages.", "importance": 0, "uuid": "551dec70-2bb3-4113-846c-690e82881a60" }, { "code": "Droit \u00e0 la limitation et d'opposition_13", "description": "[traitement par courrier \u00e9lectronique] Pr\u00e9voir une opposition en r\u00e9pondant au message ou en cliquant sur un lien permettant de s'opposer. La personne ne doit pas avoir besoin de s'authentifier pour \u00eatre d\u00e9sinscrite.", "importance": 0, "uuid": "e13b23d5-65bc-4ebe-aa41-d98b6efaca5d" }, { "code": "Droit \u00e0 la limitation et d'opposition_14", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Proposer des param\u00e8tres \u00ab Vie priv\u00e9e \u00bb dans les applications mobiles.", "importance": 0, "uuid": "228ef7b0-3a31-484e-9840-c56e1e2903ec" }, { "code": "Droit \u00e0 la limitation et d'opposition_15", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Permettre \u00e0 l'utilisateur de l'application mobile de s'opposer \u00e0 la collecte de donn\u00e9es particuli\u00e8res.", "importance": 0, "uuid": "e8554843-c50b-496f-bbf2-b6de7a9c9efc" }, { "code": "Droit \u00e0 la limitation et d'opposition_16", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Prendre en compte les utilisateurs mineurs.", "importance": 0, "uuid": "e7b9a183-4b66-46e1-b308-4b4236e65845" }, { "code": "Droit \u00e0 la limitation et d'opposition_17", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Arr\u00eater effectivement toute collecte de donn\u00e9es si l'utilisateur retire son consentement.", "importance": 0, "uuid": "8813246d-90df-4a98-a2a5-abbfae9396c6" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit d'acc\u00e8s. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois (un mois dans le cadre du RGPD) pour des donn\u00e9es, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais exc\u00e9dant le co\u00fbt de la reproduction.", "importance": 0, "uuid": "2cb24716-0d53-4c63-858b-cf6324205306" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_02", "description": "S'assurer que le droit d'acc\u00e8s pourra toujours s'exercer.", "importance": 0, "uuid": "178520c6-b3ac-4d08-904c-b1c78b244c32" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_03", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites sur place permettent de s'assurer de l'identit\u00e9 des demandeurs et des personnes qu'ils peuvent mandater.", "importance": 0, "uuid": "95f5461d-4f4c-4371-b20f-f2f70f26f8f9" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_04", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites par voie postale sont sign\u00e9es et accompagn\u00e9es de la photocopie d'un titre d'identit\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9e sauf en cas de besoin de conserver une preuve) et qu'elles pr\u00e9cisent l'adresse \u00e0 laquelle doit parvenir la r\u00e9ponse.", "importance": 0, "uuid": "a453a528-9893-461c-ade1-e338f24ba34b" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_05", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites par voie \u00e9lectronique (en utilisant un canal chiffr\u00e9 si la transmission se fait via Internet) sont accompagn\u00e9es d'un titre d'identit\u00e9 num\u00e9ris\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9 sauf en cas de besoin de conservation d'une preuve, et ce, en noir et blanc, en faible d\u00e9finition et sous la forme d'un fichier chiffr\u00e9).", "importance": 0, "uuid": "f4841bb7-12d6-445c-affb-4414a91c1f73" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_06", "description": "S'assurer de la possibilit\u00e9 de fournir toutes les informations qui peuvent \u00eatre demand\u00e9es par les personnes concern\u00e9es, tout en prot\u00e9geant les donn\u00e9es des tiers.", "importance": 0, "uuid": "20826216-5939-47a0-8363-b11c050be8e0" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_07", "description": "[dossiers m\u00e9dicaux] Communiquer les informations au plus tard dans les huit jours suivant la demande et dans les deux mois si les informations remontent \u00e0 plus de cinq ans (\u00e0 compter de la date \u00e0 laquelle l'information m\u00e9dicale a \u00e9t\u00e9 constitu\u00e9e).", "importance": 0, "uuid": "b870e46f-3bb8-42bc-ac50-7bf66371d346" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_08", "description": "[dossiers m\u00e9dicaux] Permettre l'exercice du droit d'acc\u00e8s par les titulaires de l'autorit\u00e9 parentale, pour les mineurs, ou le repr\u00e9sentant l\u00e9gal, pour les personnes faisant l'objet d'une mesure de tutelle.", "importance": 0, "uuid": "24e51c4d-4249-4473-9e0f-1093b49360d0" }, { "code": "Droit de rectification et d'effacement_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit de rectification. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches \u00e0 effectuer ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais.", "importance": 0, "uuid": "9ee6c61b-4ef7-4e88-81ed-ae1bd08e4452" }, { "code": "Droit de rectification et d'effacement_02", "description": "S'assurer que le droit de rectification pourra toujours s'exercer.", "importance": 0, "uuid": "f8495542-f8f0-4067-ac16-a74d560ebfef" }, { "code": "Droit de rectification et d'effacement_03", "description": "S'assurer que le droit d'effacement pourra toujours s'exercer.", "importance": 0, "uuid": "4e1e8d6e-6db0-4f3b-8243-66c3368e6ed1" }, { "code": "Droit de rectification et d'effacement_04", "description": "S'assurer que l'identit\u00e9 des demandeurs va \u00eatre v\u00e9rifi\u00e9e.", "importance": 0, "uuid": "ebd8e891-cab9-45bd-9ba0-d52fc5a5ba97" }, { "code": "Droit de rectification et d'effacement_05", "description": "S'assurer que la v\u00e9racit\u00e9 des rectifications demand\u00e9es sera v\u00e9rifi\u00e9e.", "importance": 0, "uuid": "bf9dfd20-0e6a-423e-8f34-8fc14849cae4" }, { "code": "Droit de rectification et d'effacement_06", "description": "S'assurer de l'effacement effectif des donn\u00e9es \u00e0 supprimer.", "importance": 0, "uuid": "a2d7b18a-0192-48ca-baee-c2c2ad992e13" }, { "code": "Droit de rectification et d'effacement_07", "description": "S'assurer qu'une confirmation sera fournie aux demandeurs.", "importance": 0, "uuid": "a641888a-64ba-41d6-81a1-5cad2f59fba6" }, { "code": "Droit de rectification et d'effacement_08", "description": "S'assurer que les destinataires \u00e0 qui des donn\u00e9es auraient \u00e9t\u00e9 transmises seront inform\u00e9s des rectifications faites.", "importance": 0, "uuid": "7e5943e7-1779-4b96-adca-28408d3a5dc2" }, { "code": "Droit de rectification et d'effacement_09", "description": "Suite \u00e0 une demande d'effacement, pr\u00e9ciser \u00e0 l'utilisateur si des donn\u00e9es personnelles seront conserv\u00e9es malgr\u00e9 tout (contraintes techniques, obligations l\u00e9gales, etc.).", "importance": 0, "uuid": "ee24573b-5e0a-4afc-9049-4aeb14fac625" }, { "code": "Droit de rectification et d'effacement_10", "description": "Mettre en oeuvre le droit \u00e0 l'oubli pour les mineurs.", "importance": 0, "uuid": "05313636-e285-4da0-ad31-7d581a0cd21c" }, { "code": "Droit de rectification et d'effacement_11", "description": "[publicit\u00e9 cibl\u00e9e en ligne] Pr\u00e9voir un acc\u00e8s par la personne aux centres d'int\u00e9r\u00eat \u00e9tablis pour son profil et la possibilit\u00e9 de les modifier. L'authentification de la personne peut se faire sur la base des informations utilis\u00e9es pour acc\u00e9der \u00e0 son compte ou sur la base du cookie (ou \u00e9quivalent) pr\u00e9sent sur son poste.", "importance": 0, "uuid": "b3e8c9d9-f85e-4a82-b6af-a03acee7ff49" }, { "code": "Dur\u00e9es de conservation_01", "description": "D\u00e9finir, pour chaque cat\u00e9gorie de donn\u00e9es, des dur\u00e9es de conservation limit\u00e9es dans le temps et en ad\u00e9quation avec la finalit\u00e9 du traitement et/ou des contraintes l\u00e9gales.", "importance": 0, "uuid": "21b3119e-23cd-4616-ac86-ec3bfd6e1e0b" }, { "code": "Dur\u00e9es de conservation_02", "description": "V\u00e9rifier que le traitement permet de d\u00e9tecter la fin de la dur\u00e9e de conservation (mettre en place un m\u00e9canisme automatique bas\u00e9 sur la date de cr\u00e9ation des donn\u00e9es ou de leur dernier usage).", "importance": 0, "uuid": "2ea0ebdd-01da-48a5-bdba-f13fce7426ea" }, { "code": "Dur\u00e9es de conservation_03", "description": "V\u00e9rifier que le traitement permet de supprimer les donn\u00e9es en fin de dur\u00e9e de conservation et que le moyen choisi pour les supprimer est appropri\u00e9 aux risques qui p\u00e8sent sur la vie priv\u00e9e des personnes concern\u00e9es.", "importance": 0, "uuid": "c1c6c1cb-65fd-4415-9a03-2e133cc730f4" }, { "code": "Dur\u00e9es de conservation_04", "description": "Une fois la dur\u00e9e de conservation atteinte, sous r\u00e9serve de l'archivage interm\u00e9diaire pour les donn\u00e9es qui le n\u00e9cessitent, supprimer les donn\u00e9es sans d\u00e9lai.", "importance": 0, "uuid": "e43d69d6-3c04-411e-adc7-e5b4f9067694" }, { "code": "Environnemental_01", "description": "Placer les produits dangereux (inflammables, combustibles, corrosifs, explosifs, a\u00e9rosols, humides, etc.) dans des lieux de stockage appropri\u00e9s et \u00e9loign\u00e9s de ceux o\u00f9 sont trait\u00e9es des donn\u00e9es.", "importance": 0, "uuid": "3c0eeef6-e291-4877-8f5d-6059880514a9" }, { "code": "Environnemental_02", "description": "\u00c9viter les zones g\u00e9ographiques dangereuses (zones inondables, proximit\u00e9 d'a\u00e9roports, zones d'industries chimiques, zones sismiques, zones volcaniques, etc.).", "importance": 0, "uuid": "fac6dd31-c831-4665-b3e7-8ead3e3b82a5" }, { "code": "Environnemental_03", "description": "Ne pas stocker les donn\u00e9es dans un \u00e9tat \u00e9tranger sauf s'il existe des garanties permettant d'assurer un niveau de protection des donn\u00e9es suffisant.", "importance": 0, "uuid": "e64271a6-ab78-442c-851d-cfddbabd6f7c" }, { "code": "Exploitation_01", "description": "Documenter les proc\u00e9dures d'exploitation, les tenir \u00e0 jour et les communiquer \u00e0 tous les utilisateurs concern\u00e9s (toute action sur le syst\u00e8me, qu'il s'agisse d'op\u00e9rations d'administration ou de la simple utilisation d'une application, doit \u00eatre expliqu\u00e9e dans des documents auxquels les utilisateurs peuvent se r\u00e9f\u00e9rer).", "importance": 0, "uuid": "05dd9f8d-9c84-456c-9b93-17002e38cb67" }, { "code": "Exploitation_02", "description": "Tenir \u00e0 jour un inventaire des logiciels et mat\u00e9riels utilis\u00e9s en exploitation.", "importance": 0, "uuid": "dc3c264f-b898-41ea-949e-3aff913e45a7" }, { "code": "Exploitation_03", "description": "R\u00e9aliser une veille sur vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les logiciels (y compris les firmwares) utilis\u00e9s en exploitation, et les corriger d\u00e8s que possible.", "importance": 0, "uuid": "a65cce3e-6ca4-460c-975b-878ea60f1663" }, { "code": "Exploitation_04", "description": "Formaliser les proc\u00e9dures de mises \u00e0 jour mat\u00e9rielles et logicielles.", "importance": 0, "uuid": "690cc289-f2f6-4920-8056-73c61ebb7b26" }, { "code": "Exploitation_05", "description": "Interdire l'usage des serveurs de production (serveurs de base de donn\u00e9es, serveur web, serveur de messagerie, etc.) pour d'autres fins que celles pr\u00e9vues initialement.", "importance": 0, "uuid": "3202bc26-de65-40cf-a46c-286ee8dfac1b" }, { "code": "Exploitation_06", "description": "Utiliser des unit\u00e9s de stockage de donn\u00e9es utilisant des m\u00e9canismes de redondance mat\u00e9rielle (tel que le RAID), ou bien des m\u00e9canismes de duplication des donn\u00e9es entre plusieurs serveurs et/ou sites.", "importance": 0, "uuid": "86b75046-44bb-485c-aba2-1a7ee41c02c7" }, { "code": "Exploitation_07", "description": "V\u00e9rifier que le dimensionnement des capacit\u00e9s de stockage et de calcul est suffisant pour assurer le fonctionnement correct des traitements, m\u00eame en cas de pic d'activit\u00e9.", "importance": 0, "uuid": "9f0ee3ea-d5e8-43db-a10d-71de859a9720" }, { "code": "Exploitation_08", "description": "V\u00e9rifier que les conditions physiques d'h\u00e9bergement (temp\u00e9rature, humidit\u00e9, fourniture d'\u00e9nergie, etc.) sont appropri\u00e9es \u00e0 l'usage pr\u00e9vu des mat\u00e9riels, et incluent des m\u00e9canismes de secours (onduleur et/ou alimentation de secours et/ou groupe \u00e9lectrog\u00e8ne).", "importance": 0, "uuid": "860fcb9f-407b-4cdb-8bc8-e1b49f2ee7af" }, { "code": "Exploitation_09", "description": "Limiter l'acc\u00e8s physique aux mat\u00e9riels sensibles et/ou qui ont une grande valeur marchande.", "importance": 0, "uuid": "4c7a25c3-9402-4547-83d2-7711f1bb47a9" }, { "code": "Exploitation_10", "description": "Limiter les possibilit\u00e9s de modification des mat\u00e9riels.", "importance": 0, "uuid": "bf12c3b9-987b-4fe1-a2e0-3fdae3a93cb4" }, { "code": "Exploitation_11", "description": "Pr\u00e9voir un Plan de Reprise d'Activit\u00e9 (PRA) ou un Plan de Continuit\u00e9 d'Activit\u00e9 (PCA), en fonction des objectifs de disponibilit\u00e9 des traitements mis en oeuvre.", "importance": 0, "uuid": "b60140df-0bd7-428e-a348-f673449c258b" }, { "code": "Exploitation_12", "description": "Mettre en place une proc\u00e9dure de gestion des incidents de s\u00e9curit\u00e9 permettant de les d\u00e9tecter, les enregistrer, les qualifier et les traiter.", "importance": 0, "uuid": "13b05332-8b7f-40fb-bbea-164bc1e2b3f6" }, { "code": "Finalit\u00e9_01", "description": "D\u00e9tailler les finalit\u00e9s de traitement des donn\u00e9es et justifier leur l\u00e9gitimit\u00e9.", "importance": 0, "uuid": "2c9a3e94-058c-459d-90d7-a79d4f0f9db2" }, { "code": "Finalit\u00e9_02", "description": "Expliciter les finalit\u00e9s de partage avec des tiers ainsi que les finalit\u00e9s de traitement de donn\u00e9es pour l'am\u00e9lioration du service.", "importance": 0, "uuid": "60dfb6f8-6482-4b93-ad42-db9b6d7311aa" }, { "code": "Finalit\u00e9_03", "description": "Expliciter les modalit\u00e9s particuli\u00e8res du traitement, en pr\u00e9cisant notamment les croisements de donn\u00e9es s'il y a lieu.", "importance": 0, "uuid": "ada21354-1cd6-4738-831d-aa3168f7a2e3" }, { "code": "Fondement_01", "description": "D\u00e9terminer et justifier le crit\u00e8re de lic\u00e9it\u00e9 qui s'applique au traitement de donn\u00e9es.", "importance": 0, "uuid": "11c0774f-789a-4b87-a668-7723fcb5e02e" }, { "code": "Formalit\u00e9s pr\u00e9alables_01", "description": "V\u00e9rifier que le traitement de donn\u00e9es est effectivement conforme \u00e0 la finalit\u00e9 d\u00e9clar\u00e9e.", "importance": 0, "uuid": "a04441de-c785-4997-868d-d3df75d6a4df" }, { "code": "Formalit\u00e9s pr\u00e9alables_02", "description": "R\u00e9aliser une \u00e9tude d'impact sur la vie priv\u00e9e (EIVP ou PIA) et le faire valider.", "importance": 0, "uuid": "f4a0cca8-e784-44d5-b695-3e9676724678" }, { "code": "Formalit\u00e9s pr\u00e9alables_03", "description": "Consulter l'autorit\u00e9 de contr\u00f4le si les risques r\u00e9siduels, \u00e0 l'issue d' une \u00e9tude d'impact sur la vie priv\u00e9e, sont importants, selon l'article 36 du r\u00e8glement g\u00e9n\u00e9ral sur la protection des donn\u00e9es (RGPD).", "importance": 0, "uuid": "662a2926-8deb-4ebf-835e-7d0c7bc7b826" }, { "code": "Formalit\u00e9s pr\u00e9alables_04", "description": "R\u00e9aliser les autres formalit\u00e9s sectorielles et contractuelles applicables au traitement (par exemple, formalit\u00e9s li\u00e9es \u00e0 d'autres codes et r\u00e8glements, contrat avec une source externe de donn\u00e9es, etc.).", "importance": 0, "uuid": "0c96d60f-1d8e-4a67-92a9-9d24997d34a8" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_01", "description": "D\u00e9finir les r\u00f4les et responsabilit\u00e9s des parties prenantes, ainsi que les proc\u00e9dures de remont\u00e9es d'informations et de r\u00e9action, en cas de violation de donn\u00e9es.", "importance": 0, "uuid": "900e1886-88c0-4a84-9a94-0d2dec073482" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_02", "description": "\u00c9tablir un annuaire des personnes en charge de g\u00e9rer les violations de donn\u00e9es.", "importance": 0, "uuid": "9f095104-f66d-42ca-906a-2f104c937265" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_03", "description": "\u00c9laborer un plan de r\u00e9action en cas de violation de donn\u00e9es pour chaque risque \u00e9lev\u00e9, le tenir \u00e0 jour et le tester p\u00e9riodiquement.", "importance": 0, "uuid": "4feb5fb9-0316-4653-99a1-b41d47825205" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_04", "description": "Permettre de qualifier les violations de donn\u00e9es selon leur impact sur la vie priv\u00e9e des personnes concern\u00e9es.", "importance": 0, "uuid": "0c84b441-a79b-4747-a9e1-358cc21ffb2f" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_05", "description": "Traiter les \u00e9v\u00e8nements selon leur qualification (\u00e9v\u00e8nement, incident, sinistre, crise, etc.).", "importance": 0, "uuid": "6f9d9a9a-600e-40fb-862f-4e6d3f6e7f45" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_06", "description": "Tenir \u00e0 jour une documentation des violations de donn\u00e9es.", "importance": 0, "uuid": "113e65f1-51b1-481d-89c4-0d2167db3d35" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_07", "description": "\u00c9tudier la possibilit\u00e9 d'am\u00e9liorer les mesures de s\u00e9curit\u00e9 en fonction des violations de donn\u00e9es qui ont eu lieu.", "importance": 0, "uuid": "b01b9ad8-c2ef-42f4-b4ac-be1bc06203d4" }, { "code": "Gestion des personnels_01", "description": "V\u00e9rifier que les personnes ayant acc\u00e8s aux donn\u00e9es et au traitement sont aptes \u00e0 exercer leur fonction.", "importance": 0, "uuid": "37bb5c77-1212-462b-9c7d-f6e84290c2ea" }, { "code": "Gestion des personnels_02", "description": "S'assurer que les conditions de travail des personnes ayant acc\u00e8s aux donn\u00e9es et au traitement sont satisfaisantes.", "importance": 0, "uuid": "ab831b8f-d2a2-4c16-99d6-3510c1c6923b" }, { "code": "Gestion des personnels_03", "description": "Sensibiliser les personnes ayant acc\u00e8s aux donn\u00e9es et au traitement aux risques li\u00e9s \u00e0 l'exploitation de leurs vuln\u00e9rabilit\u00e9s.", "importance": 0, "uuid": "1b67a440-471e-450e-a90d-799670a16333" }, { "code": "Gestion des projets_01", "description": "Utiliser une d\u00e9marche de gestion des risques d\u00e8s l'\u00e9laboration d'un service ou la conception d'une application.", "importance": 0, "uuid": "656dbbb9-a017-4a8c-b92c-2755f8bb303b" }, { "code": "Gestion des projets_02", "description": "Privil\u00e9gier le recours \u00e0 des labels de confiance dans les domaines de la SSI et la protection des donn\u00e9es personnelles (proc\u00e9dures, produits, syst\u00e8mes de management, organismes, personnes, etc.).", "importance": 0, "uuid": "9ea3fc0a-f56b-4e33-a78a-2be467a6ea29" }, { "code": "Gestion des projets_03", "description": "Privil\u00e9gier le recours \u00e0 des r\u00e9f\u00e9rentiels \u00e9prouv\u00e9s et reconnus.", "importance": 0, "uuid": "14d0e0b8-2313-4401-9111-60e3301cacf2" }, { "code": "Gestion des projets_04", "description": "Effectuer les formalit\u00e9s aupr\u00e8s de l'autorit\u00e9 de contr\u00f4le avant le lancement d'un nouveau traitement.", "importance": 0, "uuid": "43f8343d-5c13-41fc-aa1e-047ede81f29d" }, { "code": "Gestion des projets_05", "description": "[acquisitions de logiciels] V\u00e9rifier que les d\u00e9veloppeurs et les mainteneurs disposent des ressources suffisantes pour ma\u00eetriser leurs actions.", "importance": 0, "uuid": "80759e48-4710-45f8-b416-afe17878b7a2" }, { "code": "Gestion des projets_06", "description": "[acquisitions de logiciels] Privil\u00e9gier les applications interop\u00e9rables et ergonomiques.", "importance": 0, "uuid": "934e5306-bd2e-4f8b-bdb4-33e26bd9ef67" }, { "code": "Gestion des projets_07", "description": "[acquisitions de logiciels] Effectuer les d\u00e9veloppements informatiques dans un environnement informatique distinct de celui de la production.", "importance": 0, "uuid": "e6502e29-d199-40d9-8a51-b343fca3b0cb" }, { "code": "Gestion des projets_08", "description": "[acquisitions de logiciels] Prot\u00e9ger la disponibilit\u00e9, l'int\u00e9grit\u00e9 et si besoin la confidentialit\u00e9 des codes sources.", "importance": 0, "uuid": "1a4fc4a7-5c98-4081-8c8f-3488ff593960" }, { "code": "Gestion des projets_09", "description": "[acquisitions de logiciels] Imposer des formats de saisie et d'enregistrement des donn\u00e9es qui minimisent les donn\u00e9es collect\u00e9es.", "importance": 0, "uuid": "4e40b7a9-b487-47e0-acf5-f45f71f38f44" }, { "code": "Gestion des projets_10", "description": "[acquisitions de logiciels] S'assurer que les formats de donn\u00e9es sont compatibles avec la mise en oeuvre d'une dur\u00e9e de conservation.", "importance": 0, "uuid": "a8923625-8999-44a0-a3b7-9bcead357b55" }, { "code": "Gestion des projets_11", "description": "[acquisitions de logiciels] Int\u00e9grer le contr\u00f4le d'acc\u00e8s aux donn\u00e9es par des cat\u00e9gories d'utilisateurs au moment du d\u00e9veloppement.", "importance": 0, "uuid": "5eb06b3b-9b41-4090-8ce1-b3874699f862" }, { "code": "Gestion des projets_12", "description": "[acquisitions de logiciels] \u00c9viter le recours \u00e0 des zones de texte libre, et si de telles zones sont requises, faire appara\u00eetre soit en filigrane, soit comme texte pr\u00e9rempli s'effa\u00e7ant sit\u00f4t que l'utilisateur d\u00e9cide d'\u00e9crire dans la zone, les mentions suivantes : \u00ab Les personnes disposent d'un droit d'acc\u00e8s aux informations contenues dans cette zone de texte. Les informations que vous y inscrivez doivent \u00eatre PERTINENTES au regard du contexte. Elles ne doivent pas comporter d'appr\u00e9ciation subjective ni faire appara\u00eetre, \"directement ou indirectement les origines raciales ou ethniques, les opinions politiques, philosophiques ou religieuses ou l'appartenance syndicale des personnes, ou qui sont relatives \u00e0 la sant\u00e9 ou \u00e0 la vie sexuelles de celles-ci\" \u00bb.", "importance": 0, "uuid": "a03ca1c2-c087-44b5-81e4-751c296ff051" }, { "code": "Gestion des projets_13", "description": "[acquisitions de logiciels] Interdire l'utilisation de donn\u00e9es r\u00e9elles avant la mise en op\u00e9ration, et les anonymiser si n\u00e9cessaire.", "importance": 0, "uuid": "922ab9c2-d9d1-486e-bc68-14636b70544c" }, { "code": "Gestion des projets_14", "description": "[acquisitions de logiciels] V\u00e9rifier que les logiciels fonctionnent correctement et conform\u00e9ment lors de la recette.", "importance": 0, "uuid": "5dd3704d-5f27-43dd-945c-94a42b69bf2a" }, { "code": "Gestion des risques_01", "description": "Recenser les traitements de donn\u00e9es \u00e0 caract\u00e8re personnel, automatis\u00e9s ou non, les donn\u00e9es trait\u00e9es (ex : fichiers client, contrats) et les supports sur lesquels ils reposent.", "importance": 0, "uuid": "31b39fb1-84e9-407c-ade5-c59aac597e8a" }, { "code": "Gestion des risques_02", "description": "\u00c9valuer la mani\u00e8re dont les principes fondamentaux (information, consentement, droit d'acc\u00e8s...) sont respect\u00e9s.", "importance": 0, "uuid": "a6e56295-2436-4a4c-823d-eaf42b481a36" }, { "code": "Gestion des risques_03", "description": "Appr\u00e9cier les risques de chaque traitement.", "importance": 0, "uuid": "f73a7ecb-79f4-4319-8041-7c60cd642cce" }, { "code": "Gestion des risques_04", "description": "Mettre en oeuvre et v\u00e9rifier les mesures pr\u00e9vues. Si les mesures existantes et pr\u00e9vues sont jug\u00e9es comme appropri\u00e9es afin de garantir un niveau de s\u00e9curit\u00e9 adapt\u00e9 aux risques, il convient de s'assurer qu'elles soient appliqu\u00e9es et contr\u00f4l\u00e9es.", "importance": 0, "uuid": "ba370be8-68f2-41f3-b39c-a2d4fa56ed3c" }, { "code": "Gestion des risques_05", "description": "Faire r\u00e9aliser des audits de s\u00e9curit\u00e9 p\u00e9riodiques, si possible annuels. Chaque audit devrait donner lieu \u00e0 un plan d'action dont la mise en oeuvre devrait \u00eatre suivie au plus haut niveau de l'organisme.", "importance": 0, "uuid": "01d93bc9-1176-41f4-b8d2-0fba0e6721fc" }, { "code": "Gestion des risques_06", "description": "Ajuster la cartographie \u00e0 chaque \u00e9volution majeure et de mani\u00e8re p\u00e9riodique.", "importance": 0, "uuid": "f4ed6a9b-3efa-464c-a7e5-ac416537614c" }, { "code": "Information des personnes concern\u00e9es_01", "description": "D\u00e9terminer et justifier les moyens pratiques qui vont \u00eatre mis en oeuvre pour informer les personnes concern\u00e9es, ou justifier de l'impossibilit\u00e9 de leur mise en oeuvre.", "importance": 0, "uuid": "56e9a1bb-3ed4-4b74-92a3-63da11d9d12e" }, { "code": "Information des personnes concern\u00e9es_02", "description": "S'assurer que l'information sera r\u00e9alis\u00e9e de mani\u00e8re compl\u00e8te, claire et adapt\u00e9e au public vis\u00e9, en fonction de la nature des donn\u00e9es et des moyens pratiques choisis.", "importance": 0, "uuid": "78255ed3-a07e-4082-84b8-255c3e7218a3" }, { "code": "Information des personnes concern\u00e9es_03", "description": "S'assurer que l'information sera r\u00e9alis\u00e9e au plus tard au moment o\u00f9 seront collect\u00e9es les donn\u00e9es.", "importance": 0, "uuid": "4cf842f7-8d29-46eb-9f69-58b9f451cb4c" }, { "code": "Information des personnes concern\u00e9es_04", "description": "S'assurer que la collecte ne puisse pas \u00eatre effectu\u00e9e sans information.", "importance": 0, "uuid": "81719522-7886-4bbb-9a64-7f180f33e3f6" }, { "code": "Information des personnes concern\u00e9es_05", "description": "Si possible, pr\u00e9voir un moyen de prouver que l'information a \u00e9t\u00e9 faite.", "importance": 0, "uuid": "c306c451-ef33-4501-99e6-0e1d1ebc5c56" }, { "code": "Information des personnes concern\u00e9es_06", "description": "[salari\u00e9s d'un organisme] Obtenir l'avis pr\u00e9alable des institutions repr\u00e9sentatives du personnel dans les cas pr\u00e9vus par le Code du travail.", "importance": 0, "uuid": "f074b4ef-e83d-46b8-af79-404ed8f686e7" }, { "code": "Information des personnes concern\u00e9es_07", "description": "[salari\u00e9s d'un organisme] Utiliser le moyen le plus appropri\u00e9 \u00e0 la culture de l'organisme.", "importance": 0, "uuid": "104f9747-e8f2-4c66-bbed-a213c285a37d" }, { "code": "Information des personnes concern\u00e9es_08", "description": "[collecte de donn\u00e9es via un site Internet] Faire figurer une information \u00e0 destination des internautes directement ou facilement accessible.", "importance": 0, "uuid": "3c5f2ea5-e242-4118-8ac9-7a07f4dc8694" }, { "code": "Information des personnes concern\u00e9es_09", "description": "[collecte de donn\u00e9es via une application mobile] Faire figurer une information \u00e0 destination des utilisateurs directement ou facilement accessible.", "importance": 0, "uuid": "21af75d8-d761-4a91-8952-c9134dc0cb31" }, { "code": "Information des personnes concern\u00e9es_10", "description": "[collecte de donn\u00e9es via une application mobile] Informer l'utilisateur si l'application est susceptible d'acc\u00e9der \u00e0 des identifiants de l'appareil, en pr\u00e9cisant s'ils sont communiqu\u00e9s \u00e0 des tiers.", "importance": 0, "uuid": "4a24c05f-1761-4b37-a636-3774d5e228b2" }, { "code": "Information des personnes concern\u00e9es_11", "description": "[collecte de donn\u00e9es via une application mobile] Informer l'utilisateur si l'application est susceptible de fonctionner en arri\u00e8re-plan.", "importance": 0, "uuid": "52c55030-ddac-4ded-b9ae-b17f1bcb463e" }, { "code": "Information des personnes concern\u00e9es_12", "description": "[collecte de donn\u00e9es via une application mobile] Pr\u00e9senter \u00e0 l'utilisateur les protections d'acc\u00e8s \u00e0 l'appareil.", "importance": 0, "uuid": "df20a7a8-8c25-45e4-80e6-b704fcc3606f" }, { "code": "Information des personnes concern\u00e9es_13", "description": "[collecte de donn\u00e9es par t\u00e9l\u00e9phone] D\u00e9livrer un message automatique avant que la conversation soit engag\u00e9e, pr\u00e9cisant notamment les droits des personnes, et le cas \u00e9ch\u00e9ant, les finalit\u00e9s de l'enregistrement de la conversation (formation, enqu\u00eate sur la qualit\u00e9 du service rendu, etc.), en leur offrant la possibilit\u00e9 de s'opposer \u00e0 l'enregistrement (pour motif l\u00e9gitime).", "importance": 0, "uuid": "ff0e48bd-b80a-4de5-8c43-224157753353" }, { "code": "Information des personnes concern\u00e9es_14", "description": "[collecte de donn\u00e9es par t\u00e9l\u00e9phone] Mettre en place des moyens permettant l'authentification de l'appelant (ex : par une information connue seulement de l'organisme et de la personne concern\u00e9e).", "importance": 0, "uuid": "ddfd140c-b23e-4cc8-829e-f06867a5a8ec" }, { "code": "Information des personnes concern\u00e9es_15", "description": "[collecte de donn\u00e9es via un formulaire] Placer la mention appropri\u00e9e sur le formulaire avec une typographie identique au reste du document.", "importance": 0, "uuid": "06726271-3ddf-4af6-a5ac-327e477d8e36" }, { "code": "Information des personnes concern\u00e9es_16", "description": "[publicit\u00e9 cibl\u00e9e] Rendre accessible l'information des internautes de mani\u00e8re \u00e0 ce qu'elle soit parfaitement visible et lisible.", "importance": 0, "uuid": "1eb94b5b-fc79-4327-ac91-bb6919d89020" }, { "code": "Information des personnes concern\u00e9es_17", "description": "[publicit\u00e9 cibl\u00e9e] Informer les internautes sur les diff\u00e9rentes formes de publicit\u00e9 cibl\u00e9e auxquelles ils sont susceptibles d'\u00eatre expos\u00e9s via le service qu'ils consultent et les divers proc\u00e9d\u00e9s utilis\u00e9s, les cat\u00e9gories d'informations trait\u00e9es aux fins d'adapter le contenu publicitaire et, en tant que de besoin, les informations non recueillies, leurs possibilit\u00e9s pour consentir \u00e0 l'affichage de publicit\u00e9s comportementales ou personnalis\u00e9es. L'information et le recueil du consentement doivent \u00eatre effectu\u00e9s avant tout stockage d'information ou obtention de l'acc\u00e8s \u00e0 des informations d\u00e9j\u00e0 stock\u00e9es dans l'\u00e9quipement terminal.", "importance": 0, "uuid": "d294b307-f06c-45ac-9717-46c0a22c8c85" }, { "code": "Information des personnes concern\u00e9es_18", "description": "[mise \u00e0 jour d'un traitement existant] Informer plus particuli\u00e8rement sur les nouveaut\u00e9s du traitement (nouvelles finalit\u00e9s, nouveaux destinataires).", "importance": 0, "uuid": "601f4aa9-9726-446d-9524-780ffaa31935" }, { "code": "Logiciels malveillants_01", "description": "Installer un antivirus sur les serveurs et postes de travail et le configurer.", "importance": 0, "uuid": "df4f723b-d159-445d-aa91-d1898edfc86e" }, { "code": "Logiciels malveillants_02", "description": "Tenir les logiciels antivirus \u00e0 jour.", "importance": 0, "uuid": "952e2fdb-a649-49bb-8d96-328045daddd0" }, { "code": "Logiciels malveillants_03", "description": "Mettre en oeuvre des mesures de filtrage permettant de filtrer les flux entrants/sortants du r\u00e9seau (firewall, proxy, etc.).", "importance": 0, "uuid": "fb5a202a-3234-4d74-a811-31527881ab43" }, { "code": "Logiciels malveillants_04", "description": "Faire remonter les \u00e9v\u00e8nements de s\u00e9curit\u00e9 de l'antivirus sur un serveur centralis\u00e9 pour analyse statistique et gestion des probl\u00e8mes \u00e0 post\u00e9riori (dans le but de d\u00e9tecter un serveur infect\u00e9, un virus d\u00e9tect\u00e9 et non \u00e9radiqu\u00e9 par l'antivirus, etc.).", "importance": 0, "uuid": "8cf43928-2c23-4794-89dd-364eb704c8f1" }, { "code": "Logiciels malveillants_05", "description": "Installer un programme de lutte contre les logiciels espions (anti-spyware) sur les postes de travail, le configurer et le tenir \u00e0 jour.", "importance": 0, "uuid": "7ab822fa-8a63-45a0-952d-5e8fa4dbcfe9" }, { "code": "Maintenance_01", "description": "Encadrer par un contrat de sous-traitance la r\u00e9alisation des op\u00e9rations de maintenance lorsqu'elles sont effectu\u00e9es par des prestataires.", "importance": 0, "uuid": "8600d1ea-a92d-40c2-9384-85c140c3dc3a" }, { "code": "Maintenance_02", "description": "Enregistrer toutes les op\u00e9rations de maintenance dans une main courante.", "importance": 0, "uuid": "96a6e72d-02b7-4a7f-a8e8-9426dd5f75e3" }, { "code": "Maintenance_03", "description": "Encadrer les op\u00e9rations de t\u00e9l\u00e9maintenance.", "importance": 0, "uuid": "3ed3d127-4a05-48d9-b000-e113d0857393" }, { "code": "Maintenance_04", "description": "Chiffrer ou effacer les donn\u00e9es pr\u00e9sentes sur les mat\u00e9riels (poste de travail fixe ou nomade, serveurs, etc.) envoy\u00e9s en maintenance externe. En cas d'impossibilit\u00e9 d\u00e9poser les supports de stockage de l'\u00e9quipement avant l'envoi en maintenance ou g\u00e9rer la maintenance en interne.", "importance": 0, "uuid": "0afcfa8a-cb1d-4465-ba6f-301e549631d0" }, { "code": "Maintenance_05", "description": "[postes de travail] Lors des op\u00e9rations de maintenance n\u00e9cessitant une prise en main \u00e0 distance sur un poste de travail, ne r\u00e9aliser l'op\u00e9ration qu'apr\u00e8s avoir obtenu l'accord de l'utilisateur, et lui indiquer \u00e0 l'\u00e9cran si la prise en main est effective.", "importance": 0, "uuid": "50e15e94-a4d6-4f70-9087-9e8451be42f2" }, { "code": "Maintenance_06", "description": "[postes de travail] Lorsqu'une op\u00e9ration de maintenance n\u00e9cessite une intervention physique sur un poste de travail contenant des donn\u00e9es sensibles, supprimer les donn\u00e9es pendant la maintenance.", "importance": 0, "uuid": "ff149a3e-8f3e-43ae-821c-2b6a3a6b4b26" }, { "code": "Maintenance_07", "description": "[t\u00e9l\u00e9phone mobile] Configurer les t\u00e9l\u00e9phones avant de les remettre aux utilisateurs.", "importance": 0, "uuid": "a7bb0169-11b2-4aee-a3f8-78b955431351" }, { "code": "Maintenance_08", "description": "[t\u00e9l\u00e9phone mobile] Informer les utilisateurs, par exemple sous la forme d'une note accompagnant la livraison, sur l'usage du t\u00e9l\u00e9phone, des applications (ex : business mail, Exchange) et des services fournis, ainsi que sur les r\u00e8gles de s\u00e9curit\u00e9 \u00e0 respecter.", "importance": 0, "uuid": "c79a6fe4-3f57-43b3-918b-b1adee8c0d1c" }, { "code": "Maintenance_09", "description": "[supports de stockage] Effacer de fa\u00e7on s\u00e9curis\u00e9e ou bien d\u00e9truire physiquement les supports de stockage mis au rebut.", "importance": 0, "uuid": "3c49be1d-afcd-40f5-8184-3968026d95be" }, { "code": "Maintenance_10", "description": "[supports de stockage] Lors des op\u00e9rations de maintenance n\u00e9cessitant une prise en main \u00e0 distance sur un poste de travail, ne r\u00e9aliser l'op\u00e9ration qu'apr\u00e8s avoir obtenu l'accord de l'utilisateur.", "importance": 0, "uuid": "ad17dd47-cb36-4cdf-9628-2969a2e4a2e0" }, { "code": "Maintenance_11", "description": "[imprimantes et copieurs multifonctions] Dans le cas d'une maintenance par un tiers, pr\u00e9voir les mesures destin\u00e9es \u00e0 emp\u00eacher l'acc\u00e8s aux donn\u00e9es.", "importance": 0, "uuid": "84da6fc4-ff9e-471b-b7c7-cc813bb861c0" }, { "code": "Maintenance_12", "description": "[imprimantes et copieurs multifonctions] Dans le cas d'une t\u00e9l\u00e9maintenance par un tiers \u00e0 une imprimante ou copieur multifonction h\u00e9berg\u00e9 localement, prendre des mesures sp\u00e9cifiques pour prot\u00e9ger chaque acc\u00e8s.", "importance": 0, "uuid": "425074c4-142d-40f4-a094-37940e4fd731" }, { "code": "Maintenance_13", "description": "[imprimantes et copieurs multifonctions] Emp\u00eacher l'acc\u00e8s \u00e0 des donn\u00e9es stock\u00e9es sur des imprimantes ou copieurs multifonctions mis au rebut.", "importance": 0, "uuid": "09c09d1b-8191-472e-98e6-435847ddffb6" }, { "code": "Mat\u00e9riels_01", "description": "Tenir \u00e0 jour un inventaire des ressources informatiques utilis\u00e9es.", "importance": 0, "uuid": "c2ec9503-2c3d-4d23-8641-a6af1fae8cbd" }, { "code": "Mat\u00e9riels_02", "description": "Cloisonner les ressources de l'organisme en cas de partage de locaux.", "importance": 0, "uuid": "666ef708-8443-4f39-b91d-942e4c320c13" }, { "code": "Mat\u00e9riels_03", "description": "Emp\u00eacher l'acc\u00e8s \u00e0 des donn\u00e9es stock\u00e9es sur des ressources informatiques mises au rebut.", "importance": 0, "uuid": "f284858f-d562-4cfc-80a0-4f2bbecfc4fb" }, { "code": "Mat\u00e9riels_04", "description": "Pr\u00e9voir une redondance mat\u00e9rielle des unit\u00e9s de stockage par une technologie RAID ou \u00e9quivalente.", "importance": 0, "uuid": "6332515b-9304-4904-8780-1b95e27d9235" }, { "code": "Mat\u00e9riels_05", "description": "V\u00e9rifier que le dimensionnement des capacit\u00e9s de stockage et de traitement, ainsi que les conditions d'utilisation, sont appropri\u00e9s \u00e0 l'usage pr\u00e9vu des mat\u00e9riels, notamment en termes de place, d'humidit\u00e9 et de temp\u00e9rature.", "importance": 0, "uuid": "69f6611f-cab5-4478-bc92-1216bc9eb1f4" }, { "code": "Mat\u00e9riels_06", "description": "V\u00e9rifier que l'alimentation des mat\u00e9riels les plus critiques est prot\u00e9g\u00e9e contre les variations de tension et qu'elle est secourue, ou qu'elle permet au moins de les arr\u00eater normalement.", "importance": 0, "uuid": "4d31b35d-b318-4d1a-bdc0-343cf6c08ffd" }, { "code": "Mat\u00e9riels_07", "description": "Limiter l'acc\u00e8s aux mat\u00e9riels sensibles et/ou qui ont une grande valeur marchande.", "importance": 0, "uuid": "e5d8e91b-5729-477a-8343-0cc2b87dccc0" }, { "code": "Mat\u00e9riels_08", "description": "Limiter les possibilit\u00e9s de modification des mat\u00e9riels.", "importance": 0, "uuid": "9522e881-b20f-4a0e-880f-1184af84d900" }, { "code": "Mat\u00e9riels_09", "description": "[postes de travail] R\u00e9cup\u00e9rer les donn\u00e9es, \u00e0 l'exception des donn\u00e9es signal\u00e9es comme \u00e9tant priv\u00e9es ou personnelles, pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne.", "importance": 0, "uuid": "91d00285-5ac9-4bd2-9324-59c5c83dbfcc" }, { "code": "Mat\u00e9riels_10", "description": "[postes nomades] Limiter le stockage de donn\u00e9es sur les postes nomades au strict n\u00e9cessaire, et \u00e9ventuellement l'interdire lors des d\u00e9placements \u00e0 l'\u00e9tranger.", "importance": 0, "uuid": "025b80de-389e-409c-9a0a-bdc77a422839" }, { "code": "Mat\u00e9riels_11", "description": "[postes nomades] Verrouiller l'appareil au bout de quelques minutes d'inactivit\u00e9.", "importance": 0, "uuid": "8255e58d-d2e6-4fbc-929d-ee601cd26204" }, { "code": "Mat\u00e9riels_12", "description": "[supports amovibles] Limiter l'usage des supports amovibles \u00e0 ceux fournis par le service en charge de l'informatique.", "importance": 0, "uuid": "40973d0f-8960-427b-8495-7efe7d6fd15c" }, { "code": "Mat\u00e9riels_13", "description": "[supports amovibles] Interdire l'utilisation de cl\u00e9s USB \u00e0 connexion sans fil (ex : Bluetooth).", "importance": 0, "uuid": "7e5d3505-fb1a-44b0-a6f8-9ed07570c236" }, { "code": "Mat\u00e9riels_14", "description": "[supports amovibles] Interdire la connexion de cl\u00e9s USB sur des mat\u00e9riels non s\u00e9curis\u00e9s (antivirus, pare-feu, etc.).", "importance": 0, "uuid": "ff1d4a51-8e8b-4639-9ee6-cd34d65e49e9" }, { "code": "Mat\u00e9riels_15", "description": "[supports amovibles] Limiter l'utilisation des cl\u00e9s USB aux activit\u00e9s professionnelles.", "importance": 0, "uuid": "bc0a1306-882e-44d0-95a1-7f41dba8658f" }, { "code": "Mat\u00e9riels_16", "description": "[supports amovibles] D\u00e9sactiver la fonctionnalit\u00e9 d'ex\u00e9cution automatique sur tous les postes (strat\u00e9gie de groupe).", "importance": 0, "uuid": "a3f970b2-9752-4763-a82d-02c22da11eb8" }, { "code": "Mat\u00e9riels_17", "description": "[supports amovibles] Chiffrer les donn\u00e9es stock\u00e9es sur un support amovible.", "importance": 0, "uuid": "3c899fb0-9384-4b0c-a91c-1db80535fdd7" }, { "code": "Mat\u00e9riels_18", "description": "[supports amovibles] Restituer les supports amovibles d\u00e9fectueux ou plus utiles au service en charge de l'informatique.", "importance": 0, "uuid": "5c6f4802-3911-47ab-9d8b-fd482efb54d0" }, { "code": "Mat\u00e9riels_19", "description": "[supports amovibles] D\u00e9truire de mani\u00e8re s\u00e9curis\u00e9e les supports de donn\u00e9es qui sont inutiles.", "importance": 0, "uuid": "b8dba354-dec6-4364-9e35-265190329f1c" }, { "code": "Mat\u00e9riels_20", "description": "[imprimantes et copieurs multifonctions] Changer les mots de passe \"constructeur\" par d\u00e9faut.", "importance": 0, "uuid": "cefdb279-897d-4ed8-976c-9ba08750c457" }, { "code": "Mat\u00e9riels_21", "description": "[imprimantes et copieurs multifonctions] D\u00e9sactiver les interfaces r\u00e9seau inutiles.", "importance": 0, "uuid": "1af86688-591f-46bd-b08c-0198e36b3046" }, { "code": "Mat\u00e9riels_22", "description": "[imprimantes et copieurs multifonctions] D\u00e9sactiver ou supprimer les services inutiles.", "importance": 0, "uuid": "bfa1d4aa-bdc9-4036-86c7-b876e25127b1" }, { "code": "Mat\u00e9riels_23", "description": "[imprimantes et copieurs multifonctions] Chiffrer les donn\u00e9es sur le disque dur lorsque cette fonction est disponible.", "importance": 0, "uuid": "f4f8e468-bac0-40cd-9ed8-0ed5c976c523" }, { "code": "Mat\u00e9riels_24", "description": "[imprimantes et copieurs multifonctions] Limiter l'envoi de documents num\u00e9ris\u00e9s aux adresses de messagerie internes et dans certains cas limiter l'envoi de documents num\u00e9ris\u00e9s \u00e0 une seule adresse de messagerie.", "importance": 0, "uuid": "cbbadaca-2185-4c69-ab27-02d97d034043" }, { "code": "Minimisation des donn\u00e9es_01", "description": "Justifier de la collecte de chaque donn\u00e9e.", "importance": 0, "uuid": "edae0fbc-e415-4b7d-8208-b79130cfdf3b" }, { "code": "Minimisation des donn\u00e9es_02", "description": "Bien faire la distinction entre les donn\u00e9es anonymes et pseudonymes.", "importance": 0, "uuid": "f1c5c683-7025-4ba8-a3b0-4b9c7a4faf8e" }, { "code": "Minimisation des donn\u00e9es_03", "description": "\u00c9viter les champs de saisie en texte libre (ex : zones \u00ab commentaires \u00bb), en raison du risque que les utilisateurs y consignent des informations ne respectant pas les principes de minimisation. On pr\u00e9f\u00e8rera donc des champs de saisie \u00e0 base de listes d\u00e9roulantes. Si on ne peut \u00e9viter la saisie de texte libre, une sensibilisation des utilisateurs devra \u00eatre faite quant \u00e0 l'usage de ces champs, vis-\u00e0-vis des conditions g\u00e9n\u00e9rales du service et vis-\u00e0-vis de la loi (pas de propos injurieux, pas de donn\u00e9es sensibles non d\u00e9clar\u00e9es, etc.).", "importance": 0, "uuid": "b8072981-619d-46e0-8f9b-ad7e84549a6a" }, { "code": "Minimisation des donn\u00e9es_04", "description": "V\u00e9rifier que les donn\u00e9es sont ad\u00e9quates, pertinentes et non excessives au regard de la finalit\u00e9 poursuivie, et ne pas les collecter dans le cas contraire.", "importance": 0, "uuid": "2a529e83-d2ca-4147-82cf-f44f213ad29f" }, { "code": "Minimisation des donn\u00e9es_05", "description": "V\u00e9rifier que les donn\u00e9es ne font pas appara\u00eetre, directement ou indirectement, les origines raciales ou ethniques, les opinions politiques, philosophiques ou religieuses ou l'appartenance syndicale, ainsi que les donn\u00e9es relatives \u00e0 la sant\u00e9 ou \u00e0 la vie sexuelle, et ne pas les collecter dans le cas contraire \u00e0 moins d'\u00eatre dans des circonstances d'exception (consentement, int\u00e9r\u00eat public conform\u00e9ment \u00e0 l'article 9 du RGPD).", "importance": 0, "uuid": "8478c80b-1729-40d0-a4a7-315af3003c52" }, { "code": "Minimisation des donn\u00e9es_06", "description": "V\u00e9rifier que les donn\u00e9es ne sont pas relatives \u00e0 des infractions, condamnations ou mesures de s\u00fbret\u00e9, et ne pas les collecter dans le cas contraire, \u00e0 moins d'\u00eatre dans des circonstances d'exception (juridictions, auxiliaires de justice conform\u00e9ment \u00e0 l'article 10 du RGPD).", "importance": 0, "uuid": "be361b63-c23d-436e-bcca-b3e57b87fcd0" }, { "code": "Minimisation des donn\u00e9es_07", "description": "Emp\u00eacher de collecter davantage de donn\u00e9es.", "importance": 0, "uuid": "75fd0afd-a5f6-49f2-bc0f-808d75e98c27" }, { "code": "Minimisation des donn\u00e9es_08", "description": "Filtrer et retirer les donn\u00e9es inutiles.", "importance": 0, "uuid": "7f58309d-502e-43ba-a154-17b97fbe53f0" }, { "code": "Minimisation des donn\u00e9es_09", "description": "R\u00e9duire la sensibilit\u00e9 par transformation.", "importance": 0, "uuid": "706b68ba-4615-4b9d-bfef-e455d2027b57" }, { "code": "Minimisation des donn\u00e9es_10", "description": "R\u00e9duire le caract\u00e8re identifiant des donn\u00e9es.", "importance": 0, "uuid": "6e61bab7-4731-4a76-ad49-87021019a20b" }, { "code": "Minimisation des donn\u00e9es_11", "description": "R\u00e9duire l'accumulation de donn\u00e9es.", "importance": 0, "uuid": "ee0f9383-d0e4-42db-88fa-108d8f457139" }, { "code": "Minimisation des donn\u00e9es_12", "description": "Restreindre l'acc\u00e8s aux donn\u00e9es.", "importance": 0, "uuid": "76edaf87-77ad-4739-98bd-4dc95f2d22d1" }, { "code": "Minimisation des donn\u00e9es_13", "description": "Limiter l'envoi des documents \u00e9lectroniques contenant des donn\u00e9es aux personnes ayant le besoin d'en disposer dans le cadre de leur activit\u00e9.", "importance": 0, "uuid": "64eafbb1-6b71-42b1-aeab-73bf2889f2d7" }, { "code": "Minimisation des donn\u00e9es_14", "description": "Effacer de mani\u00e8re s\u00e9curis\u00e9e les donn\u00e9es qui ne sont plus utiles ou qu'une personne demande de supprimer, sur le syst\u00e8me en op\u00e9ration et sur les sauvegardes le cas \u00e9ch\u00e9ant.", "importance": 0, "uuid": "5d5c5f28-e2b3-4cd2-a608-e5e28b46673b" }, { "code": "Organisation_01", "description": "Faire d\u00e9signer par le responsable des traitements une personne en charge de l'assister dans la mise en application du r\u00e8glement g\u00e9n\u00e9ral sur la protection des donn\u00e9es (RGPD) et lui accorder les moyens n\u00e9cessaires \u00e0 l'exercice de sa mission.", "importance": 0, "uuid": "2801471c-383e-48dd-9d9a-ace88fb25b1b" }, { "code": "Organisation_02", "description": "D\u00e9finir les r\u00f4les, responsabilit\u00e9s et interactions entre toutes les parties prenantes dans le domaine de la protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "285712b1-b3a5-4d2a-95ef-762bec7c84c0" }, { "code": "Organisation_03", "description": "Cr\u00e9er un comit\u00e9 de suivi, compos\u00e9 du responsable des traitements, de la personne en charge de l'assister dans la mise en application du RGPD et des parties int\u00e9ress\u00e9es, et se r\u00e9unissant de mani\u00e8re r\u00e9guli\u00e8re (au moins une fois par an) pour fixer des objectifs et faire un point sur l'ensemble des traitements de l'organisme.", "importance": 0, "uuid": "8bbdcb67-c783-4d15-9a20-dbc3a2f87aa6" }, { "code": "Politique_01", "description": "Formaliser les \u00e9l\u00e9ments importants relatifs au domaine de la vie priv\u00e9e au sein d'une base documentaire qui constitue la politique de protection des donn\u00e9es personnelles, dans une forme adapt\u00e9e aux diff\u00e9rents contenus (risques, grands principes \u00e0 respecter, objectifs \u00e0 atteindre, r\u00e8gles \u00e0 appliquer, etc.) et aux diff\u00e9rentes cibles de communication (usagers, service en charge de l'informatique, d\u00e9cideurs, etc.).", "importance": 0, "uuid": "56085501-a07b-43c7-aafc-f0251b13c4c5" }, { "code": "Politique_02", "description": "Faire conna\u00eetre la politique de protection des donn\u00e9es personnelles aux personnes qui doivent l'appliquer.", "importance": 0, "uuid": "8a988847-bebf-460b-bf9d-5b8f3693af89" }, { "code": "Politique_03", "description": "Permettre aux personnes qui doivent appliquer la politique de protection des donn\u00e9es personnelles de demander formellement une d\u00e9rogation en cas de difficult\u00e9 de mise en oeuvre , \u00e9tudier chaque demande de d\u00e9rogation en termes d'impact sur les risques, et le cas \u00e9ch\u00e9ant, faire valider les d\u00e9rogations acceptables par le responsable de traitement et faire \u00e9voluer la politique en cons\u00e9quence.", "importance": 0, "uuid": "94ceebf9-e136-44dd-b537-b4ae81a51b81" }, { "code": "Politique_04", "description": "\u00c9tablir un plan d'action pluriannuel et suivre la mise en oeuvre la politique de protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "1fa223a3-2596-4e4d-8599-afd399f1a162" }, { "code": "Politique_05", "description": "Pr\u00e9voir les d\u00e9rogations aux r\u00e8gles de la politique de protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "119d2bda-cd01-4e82-bf1d-bb78ce8aff82" }, { "code": "Politique_06", "description": "Pr\u00e9voir de prendre en compte les difficult\u00e9s rencontr\u00e9es dans l'application de la politique de protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "26076a3f-0cbb-4268-a6f0-6bbc3f64c5d6" }, { "code": "Politique_07", "description": "V\u00e9rifier la conformit\u00e9 aux r\u00e8gles de la politique de protection des donn\u00e9es personnelles et la mise en oeuvre du plan d'action de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "e5e11b5a-ceb6-4546-892c-79e78dfd5a58" }, { "code": "Politique_08", "description": "R\u00e9viser la politique de protection des donn\u00e9es personnelles de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "f996d911-1c68-43fe-95f3-b48a59fa320b" }, { "code": "Postes de travail_01", "description": "Assurer la mise \u00e0 disposition et le maintien en conditions op\u00e9rationnelles et de s\u00e9curit\u00e9 des postes de travail des utilisateurs par le service en charge de l'informatique.", "importance": 0, "uuid": "2909e89a-fb31-465b-9b4d-5b986bc60aec" }, { "code": "Postes de travail_02", "description": "Prot\u00e9ger les postes peu volumineux, donc susceptibles d'\u00eatre facilement emport\u00e9s, et notamment les ordinateurs portables, \u00e0 l'aide d'un c\u00e2ble physique de s\u00e9curit\u00e9, d\u00e8s que l'utilisateur ne se trouve pas \u00e0 proximit\u00e9 et que le local n'est pas s\u00e9curis\u00e9 physiquement.", "importance": 0, "uuid": "adafec69-16e7-4255-bc00-bb763979be75" }, { "code": "Postes de travail_03", "description": "R\u00e9cup\u00e9rer les donn\u00e9es, \u00e0 l'exception des donn\u00e9es signal\u00e9es comme priv\u00e9es ou personnelles, pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne.", "importance": 0, "uuid": "151e0fde-8c9a-4dcf-a82f-e5731c99b09c" }, { "code": "Postes de travail_04", "description": "Effacer les donn\u00e9es pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne ou pour les postes partag\u00e9s.", "importance": 0, "uuid": "f15f0c88-08ac-46ec-a515-7efdda82f227" }, { "code": "Postes de travail_05", "description": "Supprimer les donn\u00e9es temporaires \u00e0 chaque reconnexion des postes partag\u00e9s.", "importance": 0, "uuid": "258a18a7-39b2-4c38-aec5-94397c4270c4" }, { "code": "Postes de travail_06", "description": "En cas de compromission d'un poste, rechercher toute trace d'intrusion dans le syst\u00e8me afin de d\u00e9tecter si l'attaquant a compromis d'autres \u00e9l\u00e9ments.", "importance": 0, "uuid": "e1f84a8a-12b5-46a2-a740-4859627256f9" }, { "code": "Postes de travail_07", "description": "Tenir les syst\u00e8mes et applications \u00e0 jour (versions, correctifs de s\u00e9curit\u00e9, etc.) ou, lorsque cela est impossible (ex : application uniquement disponible sur un syst\u00e8me qui n'est plus maintenu par l'\u00e9diteur), isoler la machine et porter une attention particuli\u00e8re aux journaux.", "importance": 0, "uuid": "54947799-560e-4195-89d7-51e86787b27c" }, { "code": "Postes de travail_08", "description": "Documenter les configurations et les mettre \u00e0 jour \u00e0 chaque changement notable.", "importance": 0, "uuid": "cb57f1bb-2fdb-468e-97fb-ef1da1bb7169" }, { "code": "Postes de travail_09", "description": "Limiter les possibilit\u00e9s de d\u00e9tournements d'usages.", "importance": 0, "uuid": "6ed3b030-a0a1-4ce5-933a-03a56dd79b12" }, { "code": "Postes de travail_10", "description": "Prot\u00e9ger les acc\u00e8s logiques aux postes de travail.", "importance": 0, "uuid": "3acfe072-0563-41a7-b418-6a48008d95fe" }, { "code": "Postes de travail_11", "description": "Activer les mesures de protection offertes par le syst\u00e8me et les applications.", "importance": 0, "uuid": "5cc20ef6-edc5-4eac-927d-dcdb56fe83bb" }, { "code": "Postes de travail_12", "description": "Interdire le partage de r\u00e9pertoires ou de donn\u00e9es localement sur les postes de travail.", "importance": 0, "uuid": "b2831da7-b6b1-4c14-b23d-a3caf7f543f3" }, { "code": "Postes de travail_13", "description": "Stocker les donn\u00e9es des utilisateurs sur un espace r\u00e9seau sauvegard\u00e9 et non sur les postes de travail.", "importance": 0, "uuid": "18fe7f33-228b-4e46-b0e4-9fdc31f21c95" }, { "code": "Postes de travail_14", "description": "Dans le cas o\u00f9 des donn\u00e9es doivent \u00eatre stock\u00e9es en local sur un poste, fournir des moyens de synchronisation ou de sauvegarde aux utilisateurs et les informer sur leur utilisation.", "importance": 0, "uuid": "c2bbf9e6-0396-46c6-9a69-e537033024bc" }, { "code": "Postes de travail_15", "description": "S\u00e9curiser la configuration du navigateur Internet.", "importance": 0, "uuid": "ba8a5792-fde0-4479-b552-37496c5e1e3f" }, { "code": "Postes de travail_16", "description": "D\u00e9ployer le navigateur dont la configuration a \u00e9t\u00e9 s\u00e9curis\u00e9e sur tous postes de travail n\u00e9cessitant un acc\u00e8s \u00e0 Internet ou Intranet.", "importance": 0, "uuid": "3252b36f-e80e-4bf1-bba0-3770970abcdf" }, { "code": "Postes de travail_17", "description": "Limiter le recours \u00e0 des modules d'extension (plugins), supprimer ceux qui ne sont pas utilis\u00e9s et tenir \u00e0 jour ceux qui sont install\u00e9s.", "importance": 0, "uuid": "830cef3a-82bc-4bb2-8996-c9cc6970325f" }, { "code": "Postes de travail_18", "description": "Interdire l'ex\u00e9cution des applications t\u00e9l\u00e9charg\u00e9es ne provenant pas de sources s\u00fbres.", "importance": 0, "uuid": "3f855614-4fe1-44a2-a181-39da61d62bb7" }, { "code": "Postes de travail_19", "description": "Rechercher les vuln\u00e9rabilit\u00e9s exploitables.", "importance": 0, "uuid": "c9daaf50-fd5a-428b-bbf6-fa64c7bf4d63" }, { "code": "Postes de travail_20", "description": "Contr\u00f4ler l'int\u00e9grit\u00e9 du syst\u00e8me \u00e0 l'aide de contr\u00f4leurs d'int\u00e9grit\u00e9 (qui v\u00e9rifient l'int\u00e9grit\u00e9 de fichiers choisis).", "importance": 0, "uuid": "4516765e-5d49-4e55-9963-bda208f3e04e" }, { "code": "Postes de travail_21", "description": "S'assurer que la taille maximale des journaux d'\u00e9v\u00e8nements est suffisante, et notamment que les \u00e9v\u00e8nements les plus anciens ne sont pas supprim\u00e9s automatiquement si la taille maximale est atteinte.", "importance": 0, "uuid": "09960a7b-3352-4f9a-aeaf-6aa6661bff68" }, { "code": "Postes de travail_22", "description": "Journaliser les \u00e9v\u00e8nements relatifs aux applications, \u00e0 la s\u00e9curit\u00e9 et au syst\u00e8me.", "importance": 0, "uuid": "1ddfa74b-1c92-482f-8421-24a0d144fb68" }, { "code": "Postes de travail_23", "description": "Exporter les journaux \u00e0 l'aide des fonctionnalit\u00e9s de gestion du domaine ou via un client syslog.", "importance": 0, "uuid": "040dad6c-dfb5-429c-9404-86ad4d35dc0c" }, { "code": "Postes de travail_24", "description": "Analyser principalement les heures de connexions et d\u00e9connexions, le type de protocole utilis\u00e9 pour se connecter et le type d'utilisateur qui y a recours, l'adresse IP d'origine de la connexion, les \u00e9checs successifs de connexions, les arr\u00eats inopin\u00e9s d'applications ou de t\u00e2ches.", "importance": 0, "uuid": "b6d0b02f-b02d-45ae-af0e-8dbcbf55a299" }, { "code": "Postes de travail_25", "description": "[postes nomades] Chiffrer les donn\u00e9es stock\u00e9es sur les postes nomades.", "importance": 0, "uuid": "c8ec2ccd-aa47-446a-8f37-0dee07f847ff" }, { "code": "Postes de travail_26", "description": "[postes nomades] Limiter le stockage de donn\u00e9es sur les postes nomades au strict n\u00e9cessaire, et \u00e9ventuellement l'interdire lors de d\u00e9placement \u00e0 l'\u00e9tranger.", "importance": 0, "uuid": "396fa6c3-fc9e-4775-acdb-0305b0c74b07" }, { "code": "Postes de travail_27", "description": "[postes nomades] Assurer la disponibilit\u00e9 des donn\u00e9es stock\u00e9es sur les postes nomades.", "importance": 0, "uuid": "28f4ae7b-9118-4ec3-956c-4eab0d817e3a" }, { "code": "Postes de travail_28", "description": "[postes nomades] Purger les donn\u00e9es collect\u00e9es sur le poste nomade sit\u00f4t qu'elles ont \u00e9t\u00e9 introduites dans le syst\u00e8me d'information de l'organisme.", "importance": 0, "uuid": "0921ec99-6747-49c3-917d-a22107d02bde" }, { "code": "Postes de travail_29", "description": "[postes nomades] Positionner un filtre de confidentialit\u00e9 sur les \u00e9crans des postes nomades d\u00e8s qu'ils sont utilis\u00e9s en dehors de l'organisme.", "importance": 0, "uuid": "7669215a-04d4-41a3-b3e3-7546ec06c9f5" }, { "code": "Postes de travail_30", "description": "[t\u00e9l\u00e9phones mobiles] Configurer les t\u00e9l\u00e9phones mobiles avant d'\u00eatre livr\u00e9s aux utilisateurs.", "importance": 0, "uuid": "e5744a1e-219e-4d1c-bc38-52a053a4cbb4" }, { "code": "Postes de travail_31", "description": "[t\u00e9l\u00e9phones mobiles] Informer les utilisateurs, par exemple sous la forme d'une note accompagnant la livraison, sur l'usage du t\u00e9l\u00e9phone, des applications (ex : business mail, Exchange, etc.) et des services fournis, ainsi que sur les r\u00e8gles de s\u00e9curit\u00e9 \u00e0 respecter.", "importance": 0, "uuid": "44a79e4f-89cb-4d71-b12b-a10397e6e9ce" }, { "code": "Postes de travail_32", "description": "[serveur] Isoler le serveur du reste du r\u00e9seau dans une DMZ sp\u00e9cifique ou un VLAN, utiliser un anti-virus \u00e0 jour, un anti-spyware et un anti-spam, installer imm\u00e9diatement les mises \u00e0 jour de s\u00e9curit\u00e9 du syst\u00e8me d'exploitation, authentifier les appareils par certificat \u00e9lectronique (si possible).", "importance": 0, "uuid": "b7f28967-ed0e-44f8-b473-fad807fc46ae" }, { "code": "Postes de travail_33", "description": "[t\u00e9l\u00e9phones mobiles] S\u00e9curiser la fin de vie de l'appareil.", "importance": 0, "uuid": "b5545f2a-d6bb-4d82-924a-b1aea285ab71" }, { "code": "Qualit\u00e9 des donn\u00e9es_01", "description": "V\u00e9rifier r\u00e9guli\u00e8rement l'exactitude des donn\u00e9es personnelles de l'utilisateur.", "importance": 0, "uuid": "560cfa0d-0266-44b6-ae2f-3f3190db2974" }, { "code": "Qualit\u00e9 des donn\u00e9es_02", "description": "Inviter l'utilisateur \u00e0 contr\u00f4ler et, si n\u00e9cessaire, mettre \u00e0 jour ses donn\u00e9es r\u00e9guli\u00e8rement.", "importance": 0, "uuid": "fd6ff76b-5f45-496b-91f4-8fda6180dbab" }, { "code": "Qualit\u00e9 des donn\u00e9es_03", "description": "Assurer la tra\u00e7abilit\u00e9 de toute modification des donn\u00e9es.", "importance": 0, "uuid": "4b2d9a54-fd04-44c7-8684-7f6ad571eb0c" }, { "code": "Relations avec les tiers_01", "description": "Identifier tous les tiers qui ont ou pourraient avoir un acc\u00e8s l\u00e9gitime aux donn\u00e9es.", "importance": 0, "uuid": "5842586f-9d95-4856-806b-e7a0653aa4d8" }, { "code": "Relations avec les tiers_02", "description": "D\u00e9terminer leur r\u00f4le vis-\u00e0-vis du traitement (administrateur informatique, sous-traitant, destinataire, personnes charg\u00e9es de traiter les donn\u00e9es, tiers autoris\u00e9) en fonction des actions qu'ils vont r\u00e9aliser.", "importance": 0, "uuid": "30bc4dd1-4f85-4d46-a3d7-07c22fa33994" }, { "code": "Relations avec les tiers_03", "description": "D\u00e9terminer les responsabilit\u00e9s respectives en fonction des risques li\u00e9s \u00e0 ces donn\u00e9es.", "importance": 0, "uuid": "1d7881b1-1bb4-4c1a-b81e-1c9e145ffeba" }, { "code": "Relations avec les tiers_04", "description": "D\u00e9terminer la forme appropri\u00e9e pour fixer les droits et obligations selon la forme juridique des tiers et leur localisation g\u00e9ographique.", "importance": 0, "uuid": "840fdc25-8160-47a4-84ef-1655446d90fa" }, { "code": "Relations avec les tiers_05", "description": "Formaliser les r\u00e8gles que les personnes doivent respecter durant tout le cycle de vie de la relation li\u00e9e au traitement ou aux donn\u00e9es, selon la cat\u00e9gorie de personnes et les actions qu'elles vont r\u00e9aliser.", "importance": 0, "uuid": "95e59cec-f9f5-4bad-8dc0-d64c9fdec0bf" }, { "code": "Relations avec les tiers_06", "description": "[prestataires en interne] Appliquer aux prestataires les m\u00eames mesures que pour les salari\u00e9s de l'organisme : formation aux enjeux de la protection des donn\u00e9es personnelles, obligation de respecter les r\u00e8gles d'usage des ressources informatiques de l'organisme annex\u00e9es au r\u00e8glement int\u00e9rieur.", "importance": 0, "uuid": "b3c20465-7306-4a61-8259-b2dffdd60e8c" }, { "code": "Relations avec les tiers_07", "description": "[prestataires en interne] Fournir aux prestataires un poste de travail interne \u00e0 l'organisme ou s'assurer que l'utilisation du poste de travail fourni par leur employeur est compatible avec les objectifs de s\u00e9curit\u00e9 de l'organisme.", "importance": 0, "uuid": "b5994020-e8ca-47be-8989-3d9eebe2da75" }, { "code": "Relations avec les tiers_08", "description": "[prestataires en interne] S'assurer que les prestataires sont bien engag\u00e9s aupr\u00e8s de leur employeur par une clause de confidentialit\u00e9 applicable aux organismes clients de leur employeur.", "importance": 0, "uuid": "edfde4eb-2ff2-42c9-b8c5-655da7bc8a7b" }, { "code": "Relations avec les tiers_09", "description": "[prestataires en interne] G\u00e9rer les habilitations des prestataires de fa\u00e7on sp\u00e9cifique en leur attribuant des habilitations limit\u00e9es dans le temps prenant fin automatiquement \u00e0 la date pr\u00e9visionnelle de la fin de leur mission.", "importance": 0, "uuid": "293c76d6-319d-4dc7-b2a2-8581e19d8f6b" }, { "code": "Relations avec les tiers_10", "description": "[tiers destinataires] Encadrer contractuellement la transmission des donn\u00e9es aux tiers destinataires.", "importance": 0, "uuid": "a45771d7-4498-450d-a0cf-ff8eddf4bee2" }, { "code": "Relations avec les tiers_11", "description": "[tiers destinataires] Imposer au tiers de publier une politique de protection des donn\u00e9es personnelles couvrant les traitements aliment\u00e9s par les donn\u00e9es transmises et pr\u00e9cisant les objectifs de s\u00e9curit\u00e9 issus de la politique de s\u00e9curit\u00e9 des syst\u00e8mes d'information.", "importance": 0, "uuid": "bbf4f754-0da7-40cb-bae1-9adec9a0b23b" }, { "code": "Relations avec les tiers_12", "description": "[tiers destinataires] Si la transmission de donn\u00e9es est faite via Internet toujours, chiffrer les flux de donn\u00e9es.", "importance": 0, "uuid": "5acc6bfc-cac5-45eb-842c-204ddacc1284" }, { "code": "Relations avec les tiers_13", "description": "[tiers destinataires] Syst\u00e9matiquement, informer le tiers lorsque des personnes exercent leur droit de rectification.", "importance": 0, "uuid": "2bbae62c-5f4d-4459-b16b-c169276a5e6c" }, { "code": "Relations avec les tiers_14", "description": "[tiers autoris\u00e9s] Ne r\u00e9pondre qu'aux demandes transmises de fa\u00e7on formelle (courrier postal, fax) et r\u00e9pondre via le m\u00eame canal de communication. Ne pas prendre en compte les demandes adress\u00e9es par mail ni ne r\u00e9pondre par ce canal de communication.", "importance": 0, "uuid": "658f383e-2a21-493f-9a4a-95252ada7850" }, { "code": "Relations avec les tiers_15", "description": "[tiers autoris\u00e9s] V\u00e9rifier la base l\u00e9gale de chaque demande de communication.", "importance": 0, "uuid": "5e7263eb-cc9b-4ec4-92f5-4d1feed5430e" }, { "code": "Relations avec les tiers_16", "description": "[tiers autoris\u00e9s] Authentifier les \u00e9metteurs et ne r\u00e9pondre qu'\u00e0 eux.", "importance": 0, "uuid": "34e66e2b-f9df-4680-a833-39b436fa2a61" }, { "code": "Relations avec les tiers_17", "description": "[tiers autoris\u00e9s] R\u00e9pondre de fa\u00e7on stricte \u00e0 la demande en ne fournissant que les donn\u00e9es mentionn\u00e9es dans la demande.", "importance": 0, "uuid": "d7c17d95-b28c-4328-a1af-0336f7bcb960" }, { "code": "R\u00e9seaux_01", "description": "Maintenir \u00e0 jour une cartographie d\u00e9taill\u00e9e du r\u00e9seau.", "importance": 0, "uuid": "b38a5776-9cce-4708-a383-d0735b4acb92" }, { "code": "R\u00e9seaux_02", "description": "Recenser tous les acc\u00e8s Internet, les int\u00e9grer dans la cartographie du r\u00e9seau et s'assurer que les mesures pr\u00e9vues sont bien appliqu\u00e9es \u00e0 chacun d'entre eux.", "importance": 0, "uuid": "64d5965c-eace-4754-abe4-d17dc42f5e82" }, { "code": "R\u00e9seaux_03", "description": "Assurer la disponibilit\u00e9 des canaux informatiques.", "importance": 0, "uuid": "5d24a637-56b0-4d6a-804f-cbe63961493d" }, { "code": "R\u00e9seaux_04", "description": "Segmenter le r\u00e9seau en sous-r\u00e9seaux logiques \u00e9tanches selon les services cens\u00e9s y \u00eatre d\u00e9ploy\u00e9s.", "importance": 0, "uuid": "fc83e811-4d47-4d6b-b443-7ccc476a1b5c" }, { "code": "R\u00e9seaux_05", "description": "Interdire toute communication directe entre des postes internes et l'ext\u00e9rieur.", "importance": 0, "uuid": "c81ee7e7-1598-4544-9870-ba47ed1c293f" }, { "code": "R\u00e9seaux_06", "description": "N'utiliser que les flux explicitement autoris\u00e9s (limiter les ports de communication strictement n\u00e9cessaires au bon fonctionnement des applications install\u00e9es) \u00e0 l'aide d'un pare-feu.", "importance": 0, "uuid": "89b1ced3-1950-4629-8479-06777206146d" }, { "code": "R\u00e9seaux_07", "description": "Surveiller l'activit\u00e9 r\u00e9seau apr\u00e8s en avoir inform\u00e9 les personnes concern\u00e9es.", "importance": 0, "uuid": "52fbddde-7b73-48e4-868d-3d57973d09de" }, { "code": "R\u00e9seaux_08", "description": "Pr\u00e9voir un plan de r\u00e9ponse en cas d'intrusion majeure contenant les mesures organisationnelles et techniques pour d\u00e9limiter et circonscrire la compromission.", "importance": 0, "uuid": "f88ee60a-cf84-44ee-9f99-eca0c8dfade1" }, { "code": "R\u00e9seaux_09", "description": "Identifier les mat\u00e9riels de mani\u00e8re automatique comme moyen d'authentification des connexions \u00e0 partir de lieux et mat\u00e9riels sp\u00e9cifiques.", "importance": 0, "uuid": "947cf84f-4f95-4ae8-a493-0b23a80de7f4" }, { "code": "R\u00e9seaux_10", "description": "S\u00e9curiser les flux d'administration et restreindre, voire interdire, l'acc\u00e8s physique et logique aux ports de diagnostic et de configuration \u00e0 distance.", "importance": 0, "uuid": "a34a3b2b-2317-43f0-9061-eabdca6eaa2b" }, { "code": "R\u00e9seaux_11", "description": "Interdire le raccordement d'\u00e9quipements informatiques non ma\u00eetris\u00e9s.", "importance": 0, "uuid": "64cc6741-9a90-4a52-afe4-dd1792c9a888" }, { "code": "R\u00e9seaux_12", "description": "Transmettre les secrets garantissant la confidentialit\u00e9 de donn\u00e9es (cl\u00e9 de d\u00e9chiffrement, mot de passe, etc.) dans une transmission distincte, si possible via un canal de nature diff\u00e9rente de celui ayant servi \u00e0 la transmission des donn\u00e9es.", "importance": 0, "uuid": "f87086dc-dd46-465a-87ec-12ebfb3067bb" }, { "code": "R\u00e9seaux_13", "description": "[\u00e9quipements actifs] Utiliser le protocole SSH ou une connexion directe \u00e0 l'\u00e9quipement pour la connexion aux \u00e9quipements actifs du r\u00e9seau (pare-feu, routeurs, commutateurs) et proscrire l'utilisation du protocole Telnet sauf en cas de connexion directe.", "importance": 0, "uuid": "7a73df5f-5d1b-46c7-9d20-d0d33884f6f5" }, { "code": "R\u00e9seaux_14", "description": "[t\u00e9l\u00e9maintenance] Limiter la prise de main \u00e0 distance d'une ressource informatique locale aux agents du service en charge de l'informatique, sur les ressources informatiques de leur p\u00e9rim\u00e8tre.", "importance": 0, "uuid": "800ae6b2-04a7-4b39-a2ea-c08826d7dadf" }, { "code": "R\u00e9seaux_15", "description": "[t\u00e9l\u00e9maintenance] Identifier les utilisateurs de l'outil de prise de main \u00e0 distance de mani\u00e8re unique.", "importance": 0, "uuid": "ecc30a00-d461-4b18-a80b-9e812b2e1999" }, { "code": "R\u00e9seaux_16", "description": "[t\u00e9l\u00e9maintenance] Authentifier les utilisateurs de l'outil de prise de main \u00e0 distance au moins par un mot de passe robuste et si possible par certificat \u00e9lectronique.", "importance": 0, "uuid": "5d0c0510-e983-4c9b-839f-0e9e6abae3bb" }, { "code": "R\u00e9seaux_17", "description": "[t\u00e9l\u00e9maintenance] Journaliser les actions des utilisateurs de l'outil de prise en main \u00e0 distance.", "importance": 0, "uuid": "d9e70d17-8200-40ac-8617-f8d286699206" }, { "code": "R\u00e9seaux_18", "description": "[t\u00e9l\u00e9maintenance] S\u00e9curiser le flux d'authentification s\u00e9curis\u00e9.", "importance": 0, "uuid": "3d0ff9ec-8e07-4aeb-bdc0-70a0999799b3" }, { "code": "R\u00e9seaux_19", "description": "[t\u00e9l\u00e9maintenance] La prise de main \u00e0 distance doit \u00eatre soumise \u00e0 un accord pr\u00e9alable de l'utilisateur.", "importance": 0, "uuid": "d6b20d02-e96c-4c72-8a57-9d819af7fa9c" }, { "code": "R\u00e9seaux_20", "description": "[t\u00e9l\u00e9maintenance] Interdire la modification du param\u00e9trage de s\u00e9curit\u00e9 de l'outil et la visualisation des mots de passe ou secrets utilis\u00e9s.", "importance": 0, "uuid": "0d809dac-07f2-4a2c-ac44-8f8d89d39318" }, { "code": "R\u00e9seaux_21", "description": "[t\u00e9l\u00e9maintenance] Emp\u00eacher la r\u00e9cup\u00e9ration des secrets utilis\u00e9s pour \u00e9tablir la connexion \u00e0 partir d'un poste de travail.", "importance": 0, "uuid": "a1b10cdf-f7c2-4c31-8487-0476ffeab70e" }, { "code": "R\u00e9seaux_22", "description": "[t\u00e9l\u00e9maintenance] Chiffrer l'ensemble des flux \u00e9chang\u00e9s.", "importance": 0, "uuid": "170febf2-0cb4-43c0-9fc1-f071ee3af5ce" }, { "code": "R\u00e9seaux_23", "description": "[t\u00e9l\u00e9maintenance] L'utilisateur doit \u00eatre inform\u00e9 qu'une prise de main \u00e0 distance est en cours sur son poste de travail (par exemple \u00e0 l'aide d'une ic\u00f4ne).", "importance": 0, "uuid": "6549e197-1a10-4145-a56c-727a1396514e" }, { "code": "R\u00e9seaux_24", "description": "[postes nomades] Mettre en place une solution d'authentification forte des utilisateurs acc\u00e9dant \u00e0 distance au syst\u00e8me d'information interne (quand cela est possible).", "importance": 0, "uuid": "fd742eed-ef22-46df-844a-6a7ba475782a" }, { "code": "R\u00e9seaux_25", "description": "[postes nomades] Chiffrer les communications entre le poste nomade et le syst\u00e8me d'information interne.", "importance": 0, "uuid": "78e54808-1768-45fb-bd6a-0efd5d16dc3d" }, { "code": "R\u00e9seaux_26", "description": "[postes nomades] Installer un pare-feu local pour s\u00e9curiser les \u00e9changes r\u00e9seau entrant et sortant sur le poste de travail en situation de nomadisme, qui doit \u00eatre activ\u00e9 d\u00e8s que le poste nomade sort de l'organisme.", "importance": 0, "uuid": "befbf1d0-810d-42d7-92c3-8facadf09773" }, { "code": "R\u00e9seaux_27", "description": "[interfaces sans fil] Interdire les communications non s\u00e9curis\u00e9es.", "importance": 0, "uuid": "dc95d51c-31c7-4fdb-82d2-113afa255783" }, { "code": "R\u00e9seaux_28", "description": "[interfaces sans fil] Interdire la connexion simultan\u00e9e \u00e0 un r\u00e9seau via une interface sans fil et par l'interface Ethernet.", "importance": 0, "uuid": "d4f9a1de-088d-4be6-b609-04b0aabbb576" }, { "code": "R\u00e9seaux_29", "description": "[interfaces sans fil] D\u00e9sactiver les interfaces de connexion sans fil (Wifi, Bluetooth, infrarouge, 4G, etc.) d\u00e8s lors qu'elles ne sont pas utilis\u00e9es, de mani\u00e8re mat\u00e9rielle ou logicielle.", "importance": 0, "uuid": "b613554b-0647-428f-be99-0f5075e5ff3f" }, { "code": "R\u00e9seaux_30", "description": "[interfaces sans fil] Ma\u00eetriser les r\u00e9seaux sans fil.", "importance": 0, "uuid": "a00b62ce-cd2a-4e0e-8540-88c5ba4ef0f1" }, { "code": "R\u00e9seaux_31", "description": "[Wifi] Utiliser le protocole WPA ou WPA2 avec un mode de chiffrement AES/CCMP ou le mode \u00ab Enterprise \u00bb des protocoles WPA et WPA2 (utilisant un serveur Radius, ainsi que les sous-protocoles EAP-TLS ou PEAP).", "importance": 0, "uuid": "57904ce6-566b-4fad-8292-713119cb8128" }, { "code": "R\u00e9seaux_32", "description": "[Wifi] Interdire les r\u00e9seaux ad hoc.", "importance": 0, "uuid": "f4406404-5a76-48e0-beaf-8b18cbb9ca4f" }, { "code": "R\u00e9seaux_33", "description": "[Wifi] Utiliser et configurer un pare-feu au point d'entr\u00e9e/sortie du r\u00e9seau, afin de cloisonner les \u00e9quipements connect\u00e9s en fonction des besoins.", "importance": 0, "uuid": "c7cb8369-bbdc-4005-8232-05af4496a6bb" }, { "code": "R\u00e9seaux_34", "description": "[Bluetooth] Imposer une authentification mutuelle avec l'appareil distant.", "importance": 0, "uuid": "fa01bb34-6b29-40fa-83d6-9e22295080b0" }, { "code": "R\u00e9seaux_35", "description": "[Bluetooth] Limiter l'utilisation \u00e0 l'\u00e9change de fichiers avec des mat\u00e9riels ma\u00eetris\u00e9s par le service en charge de l'informatique.", "importance": 0, "uuid": "7284cd89-16f2-4052-bd57-1d007618e79c" }, { "code": "R\u00e9seaux_36", "description": "[Bluetooth] Chiffrer les \u00e9changes.", "importance": 0, "uuid": "3258b781-41ae-4d67-9252-880bffbfa106" }, { "code": "R\u00e9seaux_37", "description": "[infrarouge] R\u00e9aliser une authentification avant la connexion, l'\u00e9mission et la r\u00e9ception d'un fichier ou d'une commande.", "importance": 0, "uuid": "78f1e57c-e085-49c8-ad22-e3d6c5aefb18" }, { "code": "R\u00e9seaux_38", "description": "[t\u00e9l\u00e9phonie mobile] Prot\u00e9ger la carte SIM par un code PIN demand\u00e9 \u00e0 chaque utilisation.", "importance": 0, "uuid": "60f1b6fa-30bf-4f83-80f1-3ec466120a88" }, { "code": "R\u00e9seaux_39", "description": "[Internet] Utiliser le protocole TLS (HTTPS) pour assurer l'authentification des serveurs et la confidentialit\u00e9 des communications.", "importance": 0, "uuid": "d95c1909-3eae-486b-a6ec-ab5d68a7ed74" }, { "code": "R\u00e9seaux_40", "description": "[transfert de fichiers] Utiliser le protocole SFTP ou \u00e9ventuellement le protocole SCP.", "importance": 0, "uuid": "e43a6ac7-d957-49a1-852a-744c68c4db11" }, { "code": "R\u00e9seaux_41", "description": "[fax] Chiffrer les fichiers avant tout transfert dans le cas de risques \u00e9lev\u00e9s.", "importance": 0, "uuid": "b521bc9c-4b3f-4400-b03f-6aadcf506164" }, { "code": "R\u00e9seaux_42", "description": "[fax] Positionner le fax dans un local physiquement contr\u00f4l\u00e9 et accessible uniquement au personnel habilit\u00e9.", "importance": 0, "uuid": "fd283473-0995-4b6b-832f-2f3e79025cba" }, { "code": "R\u00e9seaux_43", "description": "[fax] Mettre en place un contr\u00f4le par code d'acc\u00e8s personnel pour l'impression des messages.", "importance": 0, "uuid": "a24e9bac-a46d-4b22-af48-57aed0c9d86d" }, { "code": "R\u00e9seaux_44", "description": "[fax] Faire afficher l'identit\u00e9 du fax destinataire lors de l'\u00e9mission des messages, afin d'\u00eatre assur\u00e9 de l'identit\u00e9 du destinataire.", "importance": 0, "uuid": "6d457057-5311-40dd-9b38-3e2fc5e360e1" }, { "code": "R\u00e9seaux_45", "description": "[fax] Doubler l'envoi par fax d'un envoi des documents originaux au destinataire.", "importance": 0, "uuid": "b024fea4-cecf-4839-bd8c-d817a7d2a338" }, { "code": "R\u00e9seaux_46", "description": "[fax] Pr\u00e9enregistrer dans le carnet d'adresses des fax (si cette fonctionnalit\u00e9 existe) les destinataires potentiels.", "importance": 0, "uuid": "b3f15a65-11d9-4c98-b5ee-0c1ef9cbb508" }, { "code": "R\u00e9seaux_47", "description": "[ADSL/Fibre] Recenser les points d'acc\u00e8s locaux \u00e0 Internet.", "importance": 0, "uuid": "d2b2a148-c1e2-4998-a3cc-1feae580c188" }, { "code": "R\u00e9seaux_48", "description": "[ADSL/Fibre] Isoler physiquement les points d'acc\u00e8s locaux \u00e0 Internet du r\u00e9seau interne.", "importance": 0, "uuid": "607b68a1-3304-441d-93a4-208a8cebfe84" }, { "code": "R\u00e9seaux_49", "description": "[points d'acc\u00e8s locaux] Ne les utiliser qu'en cas de besoins sp\u00e9cifiques et justifi\u00e9s (exemple : perte de disponibilit\u00e9 de l'acc\u00e8s au r\u00e9seau interurbain).", "importance": 0, "uuid": "b8259109-ec84-429f-afb6-468188291be6" }, { "code": "R\u00e9seaux_50", "description": "[points d'acc\u00e8s locaux] Ne les activer que lors de leur utilisation.", "importance": 0, "uuid": "e2a0bae7-28dc-4831-a244-a5bffc226cdf" }, { "code": "R\u00e9seaux_51", "description": "[points d'acc\u00e8s locaux] D\u00e9sactiver leur \u00e9ventuelle interface sans fil (\u00ab wifi \u00bb).", "importance": 0, "uuid": "9d3287f7-d854-4c21-9054-23a98ca574f2" }, { "code": "R\u00e9seaux_52", "description": "[email] Chiffrer les pi\u00e8ces jointes contenant des donn\u00e9es.", "importance": 0, "uuid": "0c56934f-baaa-48b5-8ad0-73de64fa063b" }, { "code": "R\u00e9seaux_53", "description": "[email] Sensibiliser les utilisateurs au fait qu'ils doivent \u00e9viter d'ouvrir des courriers \u00e9lectroniques d'origine inconnue et encore plus les pi\u00e8ces jointes \u00e0 risque (extensions .pif, .com, .bat, .exe, .vbs, .lnk, etc.) ou configurer le syst\u00e8me de telle sorte qu'il ne soit pas possible de les ouvrir.", "importance": 0, "uuid": "7c85c408-1323-4985-8f9a-bef2aec522ab" }, { "code": "R\u00e9seaux_54", "description": "[email] Sensibiliser les utilisateurs au fait qu'il convient de ne pas relayer les canulars.", "importance": 0, "uuid": "37f331a2-8f93-4a53-9323-43963bf9e26b" }, { "code": "R\u00e9seaux_55", "description": "[messagerie instantan\u00e9e] Interdire l'installation et l'utilisation de logiciels de messagerie instantan\u00e9e, et si cela est n\u00e9anmoins n\u00e9cessaire, sensibiliser les utilisateurs aux risques et bonnes pratiques \u00e0 adopter.", "importance": 0, "uuid": "132abb6c-f387-4aac-b465-019b5f510c0c" }, { "code": "Sauvegardes_01", "description": "Effectuer une sauvegarde des donn\u00e9es, qu'elles soient sous forme papier ou \u00e9lectronique, de mani\u00e8re r\u00e9guli\u00e8re, selon les besoins de disponibilit\u00e9 et d'int\u00e9grit\u00e9 des m\u00e9tiers.", "importance": 0, "uuid": "37fee388-8a21-4f4e-8419-a79218124f32" }, { "code": "Sauvegardes_02", "description": "Mettre en oeuvre des m\u00e9canismes de chiffrement du canal de transmission des donn\u00e9es dans le cas o\u00f9 la sauvegarde est automatis\u00e9e par le r\u00e9seau.", "importance": 0, "uuid": "b2932c56-37ef-4e84-9119-53503a2df913" }, { "code": "Sauvegardes_03", "description": "Prot\u00e9ger les donn\u00e9es sauvegard\u00e9es au m\u00eame niveau de s\u00e9curit\u00e9 qu'en exploitation.", "importance": 0, "uuid": "943f7bd3-2760-4c7b-99b7-404397d602fd" }, { "code": "Sauvegardes_04", "description": "Tester les sauvegardes de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "5c4e538a-e437-4a42-a1de-ff750f441313" }, { "code": "Sauvegardes_05", "description": "Tester l'int\u00e9grit\u00e9 des donn\u00e9es sauvegard\u00e9es si les besoins des m\u00e9tiers le n\u00e9cessitent.", "importance": 0, "uuid": "32f1a608-726a-41f4-b20f-be030b4d6989" }, { "code": "Sauvegardes_06", "description": "Formaliser le niveau d'engagement du service en charge de l'informatique vis-\u00e0-vis du recouvrement des informations chiffr\u00e9es en cas de perte ou d'indisponibilit\u00e9 des secrets assurant le chiffrement (mots de passe, certificats) et contr\u00f4ler r\u00e9guli\u00e8rement les proc\u00e9dures en coh\u00e9rence avec l'engagement pris.", "importance": 0, "uuid": "fb8d805a-1ceb-4c7b-ab28-f402fe453f18" }, { "code": "Sauvegardes_07", "description": "S'assurer que l'organisation, les personnels, syst\u00e8mes et locaux n\u00e9cessaires au traitement sont disponibles dans un d\u00e9lai correspondant aux besoins des m\u00e9tiers.", "importance": 0, "uuid": "03f796b3-a464-4d28-b11f-2d8cff590458" }, { "code": "Sauvegardes_08", "description": "S'assurer de la localisation g\u00e9ographique des sauvegardes, notamment v\u00e9rifier dans quel(s) pays les donn\u00e9es seront stock\u00e9es.", "importance": 0, "uuid": "e80d1526-b858-4469-bcd6-3ac308b7e8a4" }, { "code": "Sites web_01", "description": "Utiliser un certificat sign\u00e9 par une autorit\u00e9 racine de confiance \"qualifi\u00e9e\".", "importance": 0, "uuid": "ba86f498-922c-4b46-bd2c-a6e75d90aaea" }, { "code": "Sites web_02", "description": "Le chiffrement des flux doit \u00eatre garanti par TLS, d\u00e8s lors, il est n\u00e9cessaire de configurer le serveur web afin que celui-ci n'accepte que ce type de protocole (exclure notamment le protocole SSL et rendre le chiffrement obligatoire lors de la n\u00e9gociation SSL).", "importance": 0, "uuid": "54ada837-7393-4bb9-82fa-8dbabe5781e8" }, { "code": "Sites web_03", "description": "D\u00e9finissez un Content-Security-Policy n'incluant que les acteurs que vous autorisez \u00e0 d\u00e9poser des contenus sur votre site.", "importance": 0, "uuid": "df02a7d4-64a0-4424-81c5-57c407c0ce1f" }, { "code": "Sites web_04", "description": "Effectuez des audits de s\u00e9curit\u00e9 sur le site.", "importance": 0, "uuid": "839987f9-a3af-4857-8d15-97e7a7a4b3e7" }, { "code": "sources non humaines_01", "description": "Mettre en place des moyens de pr\u00e9vention, d\u00e9tection et protection contre l'incendie.", "importance": 0, "uuid": "b7f1e10b-5c50-4a94-bb06-5d94df2f7006" }, { "code": "sources non humaines_02", "description": "Mettre en place des moyens de surveillance de la temp\u00e9rature.", "importance": 0, "uuid": "2df0a1d8-498a-4f74-8ddd-e66ce95abe32" }, { "code": "sources non humaines_03", "description": "Mettre en place des moyens de surveillance et de secours de l'alimentation \u00e9lectrique.", "importance": 0, "uuid": "85e4715f-cdf5-410d-9c85-4c2bf520caba" }, { "code": "sources non humaines_04", "description": "Mettre en place des moyens de pr\u00e9vention des d\u00e9g\u00e2ts des eaux.", "importance": 0, "uuid": "1b030af3-71d2-4d38-a9c8-229cdb73e0da" }, { "code": "sources non humaines_05", "description": "S'assurer que les services essentiels (\u00e9lectricit\u00e9, eau, climatisation, etc.) sont correctement dimensionn\u00e9s pour les syst\u00e8mes pris en charge.", "importance": 0, "uuid": "0d7b594a-9f70-4757-90cd-a8929212d28a" }, { "code": "sources non humaines_06", "description": "Pr\u00e9ciser dans les contrats de maintenance des \u00e9quipements de fonctionnement des services essentiels et de s\u00e9curit\u00e9 (extincteurs, climatisation, eau, d\u00e9tection de fum\u00e9e et de chaleur, d\u00e9tection d'ouverture et d'effraction, groupe \u00e9lectrog\u00e8ne, etc.) un d\u00e9lai d'intervention adapt\u00e9 en cas de d\u00e9faillance, et les contr\u00f4ler au moins une fois par an.", "importance": 0, "uuid": "3d3db077-14c5-4dd9-9a35-a20a480f673d" }, { "code": "sources non humaines_07", "description": "En cas de fortes exigences de disponibilit\u00e9, connecter l'infrastructure de t\u00e9l\u00e9communications par au moins deux acc\u00e8s diff\u00e9rents et ind\u00e9pendants, et faire en sorte de pouvoir basculer de l'un \u00e0 l'autre tr\u00e8s rapidement. Si les besoins de disponibilit\u00e9 sont tr\u00e8s \u00e9lev\u00e9s, le recours \u00e0 un site de secours doit \u00eatre envisag\u00e9.", "importance": 0, "uuid": "6fd63d6c-8e3f-4fed-8b46-3a121cad6716" }, { "code": "Sous-traitance_01", "description": "Un contrat de sous-traitance doit \u00eatre conclu avec chacun des sous-traitants, pr\u00e9cisant l'ensemble des \u00e9l\u00e9ments pr\u00e9vus \u00e0 l'art. 28 du RGPD.", "importance": 0, "uuid": "8e8d9706-2f4e-4155-9b4e-2e518af726c8" }, { "code": "Sous-traitance_02", "description": "Encadrer la relation de sous-traitance via un contrat conclu intuitu person\u00e6.", "importance": 0, "uuid": "dc824e4f-631c-44b7-853e-c50fcc4845de" }, { "code": "Sous-traitance_03", "description": "Exiger du sous-traitant la transmission de sa Politique de S\u00e9curit\u00e9 des Syst\u00e8mes d'Information (PSSI) ainsi que de toute les preuves de ses certifications en mati\u00e8re de s\u00e9curit\u00e9 de l'information et annexer ces documents au contrat.", "importance": 0, "uuid": "c525a6b8-a186-4a5e-8ec8-ca86a37a8a83" }, { "code": "Sous-traitance_04", "description": "D\u00e9terminer et fixer contractuellement de fa\u00e7on tr\u00e8s pr\u00e9cise les op\u00e9rations que le sous-traitant sera amen\u00e9 \u00e0 effectuer sur les donn\u00e9es \u00e0 caract\u00e8re personnel.", "importance": 0, "uuid": "55238cb5-d218-4ef3-a16a-fc8950e2cb58" }, { "code": "Sous-traitance_05", "description": "D\u00e9terminer contractuellement la r\u00e9partition des responsabilit\u00e9s vis-\u00e0-vis des processus l\u00e9gaux visant \u00e0 permettre l'exercice des droits des personnes.", "importance": 0, "uuid": "e6b0068c-2d13-45d6-bdb1-f3c01492a0e5" }, { "code": "Sous-traitance_06", "description": "Interdire explicitement ou encadrer le recours \u00e0 des sous-traitants de rang 2.", "importance": 0, "uuid": "2b741baa-6527-4d1e-af57-588d3222bfc0" }, { "code": "Sous-traitance_07", "description": "Pr\u00e9ciser dans le contrat que le respect des obligations de protection des donn\u00e9es personnelles est une obligation essentielle du contrat.", "importance": 0, "uuid": "ad62edd5-a05f-47e7-bf7a-239d70c9c5fe" }, { "code": "Sous-traitance_08", "description": "[fournisseurs de services de cloud computing] Imposer au fournisseur une s\u00e9paration \u00e0 minima logique entre les donn\u00e9es de l'organisme et les donn\u00e9es de ses autres clients.", "importance": 0, "uuid": "91c09f69-641d-4a67-b280-d88bc48cc025" }, { "code": "Sous-traitance_09", "description": "[fournisseurs de services de cloud computing] D\u00e9finir tr\u00e8s pr\u00e9cis\u00e9ment les lieux dans lesquels les donn\u00e9es sont susceptibles d'\u00eatre stock\u00e9es, et les pays depuis lesquels les donn\u00e9es stock\u00e9es dans le cloud sont susceptibles d'\u00eatre accessibles.", "importance": 0, "uuid": "ec375f72-ec16-4e03-84c1-0fd1cbd2544c" }, { "code": "Supervision_01", "description": "Effectuer r\u00e9guli\u00e8rement des contr\u00f4les des traitements de donn\u00e9es afin de v\u00e9rifier leur conformit\u00e9 au RGPD ainsi que l'effectivit\u00e9 et l'ad\u00e9quation des mesures pr\u00e9vues.", "importance": 0, "uuid": "fd130562-249c-4a67-a6ac-02ece98679cb" }, { "code": "Supervision_02", "description": "Fixer des objectifs dans le domaine de la vie priv\u00e9e et des indicateurs permettant de v\u00e9rifier l'atteinte de ces objectifs.", "importance": 0, "uuid": "6d968cf0-962b-4f7c-b03d-c3abd72e5b4a" }, { "code": "Supervision_03", "description": "Faire un bilan de la protection des donn\u00e9es personnelles de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "f908a54b-facf-4b53-9709-b4f2ecc00450" }, { "code": "Surveillance_01", "description": "Mettre en place une architecture de journalisation permettant de conserver une trace des \u00e9v\u00e8nements de s\u00e9curit\u00e9 et du moment o\u00f9 ils ont eu lieu.", "importance": 0, "uuid": "7db357a2-3776-44b4-a97e-b78367310ff9" }, { "code": "Surveillance_02", "description": "Choisir les \u00e9v\u00e8nements \u00e0 journaliser en fonction du contexte, des supports (postes de travail, pare-feu, \u00e9quipements r\u00e9seau, serveurs, etc.), des risques et du cadre l\u00e9gal.", "importance": 0, "uuid": "d62b121b-9365-40d8-8a56-2e2d542909ff" }, { "code": "Surveillance_03", "description": "Respecter les exigences du RGPD si les \u00e9v\u00e8nements journalis\u00e9s comprennent des donn\u00e9es \u00e0 caract\u00e8re personnel.", "importance": 0, "uuid": "336df569-2369-4397-accd-2ec1886e00aa" }, { "code": "Surveillance_04", "description": "Proc\u00e9der p\u00e9riodiquement \u00e0 l'analyse des informations journalis\u00e9es, voire mettre en place un syst\u00e8me de d\u00e9tection automatique de signaux faibles.", "importance": 0, "uuid": "2868de95-7bb9-46b7-8218-d9cc8424b72d" }, { "code": "Surveillance_05", "description": "Conserver les journaux d'\u00e9v\u00e8nements sur six mois, hors contraintes l\u00e9gales et r\u00e8glementaires particuli\u00e8res imposant des dur\u00e9es de conservation sp\u00e9cifiques.", "importance": 0, "uuid": "2452fb02-3ec7-4f44-a0c0-d31a18542ed8" }, { "code": "Surveillance_06", "description": "[pare-feu] Mettre en place une politique de filtrage interdisant toute communication directe entre des postes internes et l'ext\u00e9rieur (ne permettre les connexions que via le pare-feu) et ne laisser passer que les flux explicitement autoris\u00e9s (blocage par le pare-feu de toute connexion sauf celles identifi\u00e9es comme n\u00e9cessaires).", "importance": 0, "uuid": "4b4d6e38-4e83-4eba-903c-6bd0b21fcc3d" }, { "code": "Surveillance_07", "description": "[pare-feu] Journaliser toutes les connexions autoris\u00e9es r\u00e9ussies et toutes les tentatives de connexions rejet\u00e9es.", "importance": 0, "uuid": "1c1b2da0-1208-490a-bf54-23155d261ae9" }, { "code": "Surveillance_08", "description": "[pare-feu] Exporter les journaux par un canal s\u00e9curis\u00e9 vers un serveur d\u00e9di\u00e9.", "importance": 0, "uuid": "4b605778-2fd7-4fc7-969a-1c07218d63a9" }, { "code": "Surveillance_09", "description": "[\u00e9quipement r\u00e9seau] Journaliser l'activit\u00e9 sur chaque port d'un commutateur ou d'un routeur.", "importance": 0, "uuid": "f9934676-6196-4d87-bf84-5e0a56d8e286" }, { "code": "Surveillance_10", "description": "[\u00e9quipement r\u00e9seau] Exporter les journaux vers un serveur d\u00e9di\u00e9 \u00e0 l'aide d'un client syslog int\u00e9gr\u00e9 ou via un flux netflow.", "importance": 0, "uuid": "7916263f-fa8a-42f8-b9e1-479f5fe7365a" }, { "code": "Surveillance_11", "description": "[\u00e9quipement r\u00e9seau] Contr\u00f4ler la volum\u00e9trie en fonction des heures, ainsi que le respect des \u00e9ventuelles listes de contr\u00f4le d'acc\u00e8s (ACL : Access Control Lists) pour les routeurs.", "importance": 0, "uuid": "8f5e385a-e9c5-458e-ad24-24e26f4e5e6d" }, { "code": "Surveillance_12", "description": "[serveur] Journaliser le maximum d'informations sur les requ\u00eates effectu\u00e9es par les clients sur les serveurs web dans le but d'identifier les d\u00e9fauts de configuration, les injections de requ\u00eates SQL, etc.", "importance": 0, "uuid": "6b9f8abc-39fb-492e-bda4-0d8338cf3f46" }, { "code": "Surveillance_13", "description": "[serveur] Journaliser l'activit\u00e9 des usagers sur les serveurs proxy.", "importance": 0, "uuid": "d288aca4-c9ee-407c-881f-1a5d5609536f" }, { "code": "Surveillance_14", "description": "[serveur] Journaliser l'ensemble des requ\u00eates qui sont faites aux serveurs DNS, qu'elles soient \u00e9mises par des internautes ou par des clients du r\u00e9seau interne.", "importance": 0, "uuid": "b38b8e87-ef3d-4dac-bdb0-28e691a638e9" }, { "code": "Surveillance_15", "description": "[serveur] Journaliser les donn\u00e9es d'authentification horodat\u00e9es et la dur\u00e9e de chaque connexion sur les serveurs d'acc\u00e8s distant.", "importance": 0, "uuid": "08d11510-f718-4575-b19a-abbd372d335d" }, { "code": "Surveillance_16", "description": "[serveur] Journaliser la r\u00e9ception et la gestion des messages sur les serveurs de messagerie.", "importance": 0, "uuid": "da6e1b58-6d07-4c15-b45b-f8973043180c" }, { "code": "Tra\u00e7abilit\u00e9_01", "description": "Mettre en place un syst\u00e8me de journalisation applicative permettant de conserver une trace des acc\u00e8s et modifications de donn\u00e9es op\u00e9r\u00e9s par les utilisateurs et du moment o\u00f9 ils ont eu lieu.", "importance": 0, "uuid": "a7560e7f-76b1-4833-9b9d-ed6eea38f8a9" }, { "code": "Tra\u00e7abilit\u00e9_02", "description": "Mettre en place une authentification des utilisateurs permettant d'assurer l'imputabilit\u00e9 des \u00e9v\u00e8nements journalis\u00e9s.", "importance": 0, "uuid": "d1a26642-51f0-4dd9-8dde-3386af130a1d" }, { "code": "Tra\u00e7abilit\u00e9_03", "description": "Respecter les exigences du RGPD concernant les \u00e9v\u00e8nements journalis\u00e9s rattach\u00e9s \u00e0 un utilisateur identifi\u00e9.", "importance": 0, "uuid": "f7920955-ae16-4502-8b24-e85186c4dfc0" }, { "code": "Tra\u00e7abilit\u00e9_04", "description": "Proc\u00e9der p\u00e9riodiquement \u00e0 l'analyse des informations journalis\u00e9es, voire mettre en place un syst\u00e8me de d\u00e9tection automatique de comportements anormaux.", "importance": 0, "uuid": "b0cf4f33-d957-4e7f-b604-cc6983facce5" }, { "code": "Transferts hors UE_01", "description": "D\u00e9tailler le lieu g\u00e9ographique de stockage des diff\u00e9rentes donn\u00e9es du traitement.", "importance": 0, "uuid": "69fdb9c2-df41-49d2-840f-7926f211ae6e" }, { "code": "Transferts hors UE_02", "description": "justifier le choix d'un h\u00e9bergement \u00e9loign\u00e9 et indiquer les modalit\u00e9s d'encadrement juridique mises en oeuvre afin d'assurer une protection ad\u00e9quate aux donn\u00e9es faisant l'objet d'un transfert transfrontalier.", "importance": 0, "uuid": "a404e683-9464-4fd4-b98a-5d651684f8b5" } ], "version": 0 } 2021-04-13T13:00:22.042679+00:00 https://objects.monarc.lu/object/get/5199 2023-03-31T19:15:40.036616+00:00 MONARC { "label": "CNIL", "language": "EN", "refs": [ "https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf" ], "uuid": "b2f63ac4-c50c-43e1-8227-7078e6fcfd23", "values": [ { "code": "Anonymization_01", "description": "Determine what must be anonymized based on the context, the form in which the personal data are stored (including database fields or excerpts from texts, etc.) and the risks identified.", "importance": 0, "uuid": "a689861b-a722-4457-8171-934354562cab" }, { "code": "Anonymization_02", "description": "Permanently anonymize the data that require such anonymization based on the form of the data to be anonymized (including databases and textual records, etc.) and the risks identified.", "importance": 0, "uuid": "cbf48c2f-40e9-4c7e-8131-2393bcb591b5" }, { "code": "Anonymization_03", "description": "If such data cannot be anonymized permanently, choose tools (including partial deletion, encryption, hashing, key hashing, index, etc.) that most closely meet the functional needs.", "importance": 0, "uuid": "908a4718-c979-46d4-8d78-1a01d789a9e4" }, { "code": "Archiving_01", "description": "Confirm that the archive management processes are defined.", "importance": 0, "uuid": "d2693f41-f525-47da-85ed-5649770be40b" }, { "code": "Archiving_02", "description": "Confirm that the archiving roles are identified.", "importance": 0, "uuid": "f8637d15-df22-470c-8a11-c26487193ce5" }, { "code": "Archiving_03", "description": "Confirm that the measures can ensure, if necessary, the identification and authentication of the origin of the archives, integrity, intelligibility, readability, availability and accessibility of the archives, how long the archives must be kept and the traceability of the operations carried out on the archives (including transfer, consultation, migration, deletion, etc.) and take additional measures if this is not the case.", "importance": 0, "uuid": "0ad651e5-8fa6-40d9-81a6-747c203f7f13" }, { "code": "Archiving_04", "description": "Determine the methods for protecting the confidentiality of the archived personal data based on the risks identified.", "importance": 0, "uuid": "5171d119-7ab3-41f5-8789-1b16f4c14c40" }, { "code": "Archiving_05", "description": "Confirm that the archive authorities have an archiving policy.", "importance": 0, "uuid": "5dc180e8-3e00-42e7-9e60-bcbd8f9bd483" }, { "code": "Archiving_06", "description": "Confirm that a declaration of archiving practices exists.", "importance": 0, "uuid": "13b7897c-b7a1-4941-892e-abe056f12c05" }, { "code": "Backups_01", "description": "Back up the personal data regularly, whether they are on paper or in electronic form, based on the businesses' availability and integrity requirements.", "importance": 0, "uuid": "bb7cd7b2-4ea0-47a3-a607-e4f25c628698" }, { "code": "Backups_02", "description": "Implement mechanisms for encrypting the data transmission channel if the network's backup is automated.", "importance": 0, "uuid": "47ac599e-904b-45c4-9be8-035a75deac14" }, { "code": "Backups_03", "description": "Protect backed-up personal data with the same level of security as that used in operations.", "importance": 0, "uuid": "1b99ebd6-776f-4a4b-9e21-117349e5526f" }, { "code": "Backups_04", "description": "Test the backups regularly.", "importance": 0, "uuid": "49c46d91-36aa-469f-a743-77a4a35bdfef" }, { "code": "Backups_05", "description": "Test the integrity of the backed-up personal data if the businesses' requirements so require.", "importance": 0, "uuid": "2d890d10-9bf3-4a18-b59a-f2275e43d3de" }, { "code": "Backups_06", "description": "Formally document the level of commitment of the IT department regarding the recovery of encrypted information in the event of loss or unavailability of the secrets ensuring the encryption (including passwords and certificates) and regularly check the procedures associated with that commitment.", "importance": 0, "uuid": "3ad1a54b-58fa-4524-b857-6ede9d683ea0" }, { "code": "Backups_07", "description": "Ensure that the organization, staff, systems and premises necessary to carry out the processing are available within a timeframe that corresponds to the needs of the businesses.", "importance": 0, "uuid": "fdd84eeb-d249-4d82-a7ca-2edb149dad91" }, { "code": "Backups_08", "description": "Confirm the geographic location of the backups and, specifically, in which country (countries) the data are stored.", "importance": 0, "uuid": "05ca0450-a6c3-4e3b-9d85-3052442fb9af" }, { "code": "Basis_01", "description": "Determine and justify the lawfulness criterion applicable to the data processing.", "importance": 0, "uuid": "3e967274-f715-44f3-8a95-b1bc30604448" }, { "code": "Consent_01", "description": "Determine and justify the practical means to be implemented to obtain the consent of the data subjects or justify when they are impossible to implement.", "importance": 0, "uuid": "7cbad538-4ced-4b90-9563-52bd4620204a" }, { "code": "Consent_02", "description": "Ensure that consent is obtained before any processing begins.", "importance": 0, "uuid": "da02a7bf-64ed-4491-b6f9-0f8531479aaf" }, { "code": "Consent_03", "description": "Ensure that consent is obtained freely.", "importance": 0, "uuid": "8a1f9342-372e-4aa1-bfb8-36475bf41ddf" }, { "code": "Consent_04", "description": "Ensure that the consent is obtained in an informed, transparent manner in terms of the purposes of the processing.", "importance": 0, "uuid": "772ea30e-dcd3-4055-9c52-85aab209968b" }, { "code": "Consent_05", "description": "Ensure that consent is obtained for a specific purpose.", "importance": 0, "uuid": "643af31e-c023-4eed-8b54-0b9203a5f54b" }, { "code": "Consent_06", "description": "When procurement is involved, set out each party's obligations in an explicit written agreement accepted by both parties.", "importance": 0, "uuid": "c7f946f4-e289-4d25-bea6-514efffb3030" }, { "code": "Consent_07", "description": "Obtain the parents' consent for minors under 13 years of age.", "importance": 0, "uuid": "9f8ff069-e841-480b-8710-896978389fae" }, { "code": "Consent_08", "description": "Obtain the informed, express consent of data subjects prior to initiating the processing, unless the processing relies on a different legal basis or if the law prohibits collecting or processing personal data.", "importance": 0, "uuid": "5617d7b1-85e7-4441-9f8d-d08b8f02341b" }, { "code": "Consent_09", "description": "[collecting personal data via a website] Provide a form with boxes that must be checked and that are not checked by default (\"opt-in\" approach).", "importance": 0, "uuid": "82d00a60-b4de-4579-aea1-3ce851e58170" }, { "code": "Consent_10", "description": "[collecting personal data via cookies] If a cookie is not strictly necessary to provide the service that the user has expressly requested, obtain the Internet user's consent (e.g. via a banner at the top of a web page), a consent request zone overlaid on the page or boxes that must be checked when subscribing to a service online) after informing the user and before storing the cookie.", "importance": 0, "uuid": "980f2357-982c-4005-8391-05376c6f0461" }, { "code": "Consent_11", "description": "[collecting data via a mobile app] Obtain the user's consent when the mobile app or device is first activated.", "importance": 0, "uuid": "727c77de-66f2-4b06-a0d3-a5cd3afc7aff" }, { "code": "Consent_12", "description": "[collecting data via a mobile app] Offer consent segmented per data category or processing type, particularly by distinguishing data sharing with other users or third-party companies.", "importance": 0, "uuid": "4f5abefd-28fa-46de-8d3b-9e1c271f6b51" }, { "code": "Consent_13", "description": "[geolocation via a smartphone] Enable users to refuse to allow an application to systematically geolocate them.", "importance": 0, "uuid": "75fffbe7-7dd5-46c4-aada-1263f4a172af" }, { "code": "Consent_14", "description": "[geolocation via a smartphone] Allow users to choose which application may use geolocation.", "importance": 0, "uuid": "781d3830-d98a-44e8-844f-3826c63258b3" }, { "code": "Consent_15", "description": "[geolocation via a smartphone] Allow users to choose the persons authorized to access their geolocation information and at what level of detail.", "importance": 0, "uuid": "3df7a076-588f-49ae-9fb5-11e9abea46dd" }, { "code": "Consent_16", "description": "[targeted advertising] Provide users with simple, no-cost methods to accept or refuse advertising based on their navigation behavior and to choose the targeted advertising they would like to receive based on their interests.", "importance": 0, "uuid": "4aede15b-d689-4561-b73f-f875c82b0a4e" }, { "code": "Consent_17", "description": "[research using identifiable biological samples] If the samples are preserved for further processing that is different from the initial processing, also be sure to obtain the data subject's express, informed consent to said other processing.", "importance": 0, "uuid": "7ab2bc36-35db-4dac-84c3-9a9192cbf909" }, { "code": "Data minimization_01", "description": "Justify the collection of each piece of data.", "importance": 0, "uuid": "ff1d6815-b9f2-4ad9-bce4-e76774473d5b" }, { "code": "Data minimization_02", "description": "Clearly distinguish between anonymous and pseudonymous data.", "importance": 0, "uuid": "cf7c23d2-26e5-4d7d-bbaa-55e314f49c80" }, { "code": "Data minimization_03", "description": "Avoid free-form text fields (of the \"comments\" space type), because of the risk that users note down information that does not comply with the minimization principles there. Preference should therefore be given to scroll-down list type fields. If free- form text fields cannot be avoided, users' awareness must be raised in how to use such fields, with regard to the standard terms & conditions for service and the law (no offensive words, no undeclared sensitive data, etc.).", "importance": 0, "uuid": "90a44773-3816-4d4c-9e42-ce744ed70216" }, { "code": "Data minimization_04", "description": "Confirm that the personal data are adequate, relevant and not excessive with regard to the intended purpose; otherwise, do not collect the data.", "importance": 0, "uuid": "ba66d448-9b7d-45d6-8cf1-0b425a5e38d2" }, { "code": "Data minimization_05", "description": "Confirm that the personal data do not reveal (directly or indirectly) racial or ethnic origin, political, philosophical or religious views, trade union membership, health information or information on an individual's sex life and do not collect them if they do, except under exceptional circumstances (for example, with consent, in the public interest or pursuant to Article 9 of the GDPR).", "importance": 0, "uuid": "da32671d-3bc5-4446-83a4-48ca0c13e0a7" }, { "code": "Data minimization_06", "description": "Confirm that the personal data do not relate to offences, criminal convictions or security measures and do not collect them if they do, except under exceptional circumstances (for example, in dealing with the courts or court officers pursuant to Article 10 of the GDPR).", "importance": 0, "uuid": "0ee55672-327d-438f-8335-9d8f78ed6cd2" }, { "code": "Data minimization_07", "description": "Prevent the collection of additional personal data.", "importance": 0, "uuid": "fd2e985f-c782-4f1e-94ba-f8320cfc25d2" }, { "code": "Data minimization_08", "description": "Filter and remove unnecessary data.", "importance": 0, "uuid": "c759faba-276a-4451-a471-95ceb4b9c223" }, { "code": "Data minimization_09", "description": "Reduce sensitivity via conversion.", "importance": 0, "uuid": "164186d3-ddfc-4515-aab0-0a7124997210" }, { "code": "Data minimization_10", "description": "Reduce the identifying characteristics of data.", "importance": 0, "uuid": "baa2c6e2-308f-4b50-88ca-75f7f3758fc7" }, { "code": "Data minimization_11", "description": "Reduce data accumulation.", "importance": 0, "uuid": "9a0821c6-224e-47cf-bdd3-48cc1e4bb3c9" }, { "code": "Data minimization_12", "description": "Restrict access to data.", "importance": 0, "uuid": "9be8c793-8696-448c-b4fb-6d190d8555d4" }, { "code": "Data minimization_13", "description": "Restrict the transmission of electronic documents containing personal data to the individuals who need them in connection with their work.", "importance": 0, "uuid": "27568f00-0271-4c31-82ec-6adc48d1e4c1" }, { "code": "Data minimization_14", "description": "Securely delete personal data that are no longer necessary or that a subject requests be deleted from the system in operation or from backups where applicable.", "importance": 0, "uuid": "eb37f1b9-4976-4dd4-bdb4-f4543c944229" }, { "code": "Data partitioning_01", "description": "Identify the sole data necessary to each business process.", "importance": 0, "uuid": "91bfc9aa-b44a-41ab-bd74-d8820e7bf8a5" }, { "code": "Data partitioning_02", "description": "Separate the data useful to each process in logical fashion.", "importance": 0, "uuid": "8a690f8c-64bf-4b15-a62c-b871f6a53395" }, { "code": "Data partitioning_03", "description": "Regularly confirm that personal data are partitioned effectively and that recipients and interconnections have not been added.", "importance": 0, "uuid": "f566c1c7-822f-4b49-9a32-119f655d00ef" }, { "code": "Data quality_01", "description": "Regular checks of the accuracy of the user's personal data.", "importance": 0, "uuid": "f73c8a25-bfbb-44a1-928d-2b2bc26f7c20" }, { "code": "Data quality_02", "description": "Ask the user to check and, where necessary, update his or her data at regular intervals.", "importance": 0, "uuid": "6fd0a2b5-70a0-460b-860e-4cc495bd76cc" }, { "code": "Data quality_03", "description": "Ensure the traceability of any data changes.", "importance": 0, "uuid": "698c5493-1b87-4c61-9291-0a775060f3a5" }, { "code": "Encryption_01", "description": "Determine what should be encrypted (including an entire hard disk, a partition, a container, certain files, data from a database or a communications channel, etc.) based on the form in which data is stored, the risks identified and the performance required.", "importance": 0, "uuid": "80861066-d211-4a65-be96-e5f6f2e51868" }, { "code": "Encryption_02", "description": "Choose the type of encryption (symmetric or asymmetric) based on the context and the risks identified.", "importance": 0, "uuid": "e305b46a-4e52-4b0e-91dd-f8134854e38f" }, { "code": "Encryption_03", "description": "Adopt encryption solutions based on public algorithms known to be strong.", "importance": 0, "uuid": "f30b73cb-bd98-4e47-b62b-ba175a2cfb69" }, { "code": "Encryption_04", "description": "Establish measures to ensure the availability, integrity and confidentiality of the information necessary to recover lost secrets (including administrator passwords and a recovery CD, etc.).", "importance": 0, "uuid": "474fd10b-8fb9-4939-ab3c-ead2d8c6eb38" }, { "code": "Encryption_05", "description": "Only use a key for a single purpose.", "importance": 0, "uuid": "6b169b08-e70c-4449-930a-6391b9c25176" }, { "code": "Encryption_06", "description": "Formally document the key management system.", "importance": 0, "uuid": "2b2780eb-06d0-4093-a233-a42affd4e64b" }, { "code": "Encryption_07", "description": "Choose a mechanism recognized by the appropriate organizations and that provides security proof.", "importance": 0, "uuid": "8d1c9da7-abe2-412f-a17e-c2fdea323fc7" }, { "code": "Encryption_08", "description": "Establish mechanisms for verifying the electronic certificates.", "importance": 0, "uuid": "4548272b-3cd5-437c-aaae-0d2212cb9681" }, { "code": "Encryption_09", "description": "Protect the security of key generation and use consistent with their level in the key hierarchy.", "importance": 0, "uuid": "94a30b9d-8146-4463-8bc9-d4eefc447cc2" }, { "code": "Encryption_10", "description": "[workstations] Choose systems that do not store keys on the equipment that will be encrypted unless this implements a secure storage device (such as a TPM chip for laptops).", "importance": 0, "uuid": "d538629f-03a2-4192-860f-76c0ab1e64c3" }, { "code": "Encryption_11", "description": "[workstations] Encrypt the data at operating system level (encryption of a partition, directory or file) or using specialized software (encryption of a container).", "importance": 0, "uuid": "11d2ba45-f4e0-4859-a978-b47a78e31e2d" }, { "code": "Encryption_12", "description": "[databases] Based on the risks identified, encrypt the storage area (at the level of the hardware, operating system or database) so as to provide protection from physical theft, of the piece of data itself (encryption by application), with a view to guaranteeing the confidentiality of certain data as regards the administrators themselves. In the event of partitioned IT teams, database encryption can make data accessible only to database administrators, to the exclusion of system administrators.", "importance": 0, "uuid": "1cd4480b-3e0e-4822-9dfe-2ad7d79d188d" }, { "code": "Encryption_13", "description": "[email] Encrypt the stored files or the email attachments.", "importance": 0, "uuid": "9a104879-17fa-4603-8e35-f58ad23473dd" }, { "code": "Encryption_14", "description": "[email] Encrypt email messages.", "importance": 0, "uuid": "cbd64008-b687-490b-a204-06993f64d537" }, { "code": "Encryption_15", "description": "[networks] Encrypt the communications channel between an authenticated server and a remote client.", "importance": 0, "uuid": "dcfcf16e-908d-421d-8394-a45f02c88b5f" }, { "code": "Environmental_01", "description": "Store dangerous products (including inflammable, combustible, corrosive, explosive, aerosol and wet items) in appropriate storage areas and at a safe distance from the areas where personal data are processed.", "importance": 0, "uuid": "eba95781-d206-4855-853d-7fe76e551bc0" }, { "code": "Environmental_02", "description": "Avoid dangerous geographic areas (flood zones, areas near airports, chemical industry facilities, earthquake zones and volcanic zones, etc.).", "importance": 0, "uuid": "07af685d-5f82-48f2-9bf1-eacbd7c6e239" }, { "code": "Environmental_03", "description": "Do not store data in a foreign country without guarantees that can ensure an appropriate level of data protection.", "importance": 0, "uuid": "9df5f05c-26dc-42f6-adcf-657a53848a65" }, { "code": "Hardware_01", "description": "Maintain an up-to-date inventory of IT resources used.", "importance": 0, "uuid": "ae2d2a74-d55f-4da6-86dc-7fd61bf9d536" }, { "code": "Hardware_02", "description": "Partition off the organization's resources in the event of shared premises.", "importance": 0, "uuid": "d4a9d060-c84d-4edc-a601-06be90154512" }, { "code": "Hardware_03", "description": "Block access to personal data stored on discarded IT resources.", "importance": 0, "uuid": "bd107e40-4118-41d0-bbb9-3281154d3f97" }, { "code": "Hardware_04", "description": "Set up physical redundancy of storage units using RAID or an equivalent technology.", "importance": 0, "uuid": "61e6b947-8823-4542-a507-a062a9c883d5" }, { "code": "Hardware_05", "description": "Make sure that the sizes of storage and processing capacities, as well as the conditions of use, are compatible with the intended use of hardware, particularly in terms of location, humidity and temperature.", "importance": 0, "uuid": "5c5c2c6c-1642-484e-8516-47c3bc5176a2" }, { "code": "Hardware_06", "description": "Make sure that the power supplies of most critical hardware are protected from voltage variations and are backed up, or at least allow such hardware to be shut down normally.", "importance": 0, "uuid": "f28dd275-f6dd-42c1-a43d-1de66a86fed5" }, { "code": "Hardware_07", "description": "Protect access to hardware that is sensitive or of high market value.", "importance": 0, "uuid": "e64f2f6c-b462-4598-adae-28deebe06b16" }, { "code": "Hardware_08", "description": "Limit the possibilities of hardware alteration", "importance": 0, "uuid": "ef06c517-ac35-4e18-ba7f-3664d60420b9" }, { "code": "Hardware_09", "description": "[workstations] Retrieve data, except for data defined as private or personal, from workstations before they are assigned to other persons.", "importance": 0, "uuid": "c7ac7e92-0578-4579-adc2-dc13409f6e9d" }, { "code": "Hardware_10", "description": "[mobile devices] Limit the amount of personal data stored on mobile devices to the strict minimum, and prohibit such storage during travel abroad if needs be.", "importance": 0, "uuid": "3d7fe818-5b01-4928-bb97-222697aa367b" }, { "code": "Hardware_11", "description": "[mobile devices] Configure devices so that they lock after a few minutes of inactivity.", "importance": 0, "uuid": "c9f7a9a6-5e64-463f-b041-ef3013d543dd" }, { "code": "Hardware_12", "description": "[removable storage devices] Limit the use of removable storage devices to those provided by the IT department.", "importance": 0, "uuid": "94f90dd1-bc14-40cd-88f4-6222ef2441cf" }, { "code": "Hardware_13", "description": "[removable storage devices] Prohibit the use of wireless USB flash drives (e.g.: Bluetooth).", "importance": 0, "uuid": "022c09ba-3275-43bb-87c7-a1370a534d4d" }, { "code": "Hardware_14", "description": "[removable storage devices] Prohibit the use of USB flash drives on hardware that is not secure (antivirus, firewall, etc.).", "importance": 0, "uuid": "1aa1e4fc-de28-4123-9ffe-950d9116e9ae" }, { "code": "Hardware_15", "description": "[removable storage devices] Restrict the use of USB flash drives to work-related purposes.", "importance": 0, "uuid": "7ff93175-c45f-4573-866c-843fa93f5609" }, { "code": "Hardware_16", "description": "[removable storage devices] Disable the autorun functionality on all workstations (group strategy).", "importance": 0, "uuid": "90e4d611-b595-40f0-963c-abc571001408" }, { "code": "Hardware_17", "description": "[removable storage devices] Encrypt personal data stored on removable storage devices.", "importance": 0, "uuid": "f3725d8d-eb72-4b93-8a5d-331b137b4c93" }, { "code": "Hardware_18", "description": "[removable storage devices] Return removable storage devices that are either defective or no longer necessary, to the IT department.", "importance": 0, "uuid": "3bf45eda-a432-43b7-a983-e0dfdb18bdbf" }, { "code": "Hardware_19", "description": "[removable storage devices] Securely destroy unnecessary personal data storage devices.", "importance": 0, "uuid": "34981e25-763b-4337-b041-e05ef82b820d" }, { "code": "Hardware_20", "description": "[multifunction printers and copiers] Change \"manufacturer\" default passwords.", "importance": 0, "uuid": "f3bc733e-1b69-4f0c-93a7-72365c10591d" }, { "code": "Hardware_21", "description": "[multifunction printers and copiers] Disable unnecessary network interfaces.", "importance": 0, "uuid": "77d2099a-ddc0-46d9-b29d-d54c60b36ece" }, { "code": "Hardware_22", "description": "[multifunction printers and copiers] Disable or delete unnecessary services.", "importance": 0, "uuid": "c9cb46a4-696e-47e6-b047-de4042900586" }, { "code": "Hardware_23", "description": "[multifunction printers and copiers] Encrypt data stored on hard disks wherever possible.", "importance": 0, "uuid": "fead86d0-b8b9-45be-9499-7b3c92083dcf" }, { "code": "Hardware_24", "description": "[multifunction printers and copiers] Restrict the sending of electronic documents to internal email addresses and, in certain cases, restrict the sending of electronic documents to a single email address.", "importance": 0, "uuid": "5ac8ca33-5366-48ff-a7b3-5d4b70d9e05f" }, { "code": "Information for the data subjects_01", "description": "Determine and justify the practical means that will be implemented to inform the data subjects, or justify when they are impossible to implement.", "importance": 0, "uuid": "41c3e30b-3e14-4f9c-a03e-14481ecd8db7" }, { "code": "Information for the data subjects_02", "description": "Ensure that the notification is complete, clear and appropriate to the target audience based on the nature of the personal data and the practical means chosen.", "importance": 0, "uuid": "b1a8f108-26ab-40dd-8b69-80f2b2380fb0" }, { "code": "Information for the data subjects_03", "description": "Ensure that the notification is provided by the time the data are collected.", "importance": 0, "uuid": "3fe0606e-2a86-4afb-9d73-b72bc90c9012" }, { "code": "Information for the data subjects_04", "description": "Ensure that the data cannot be collected without providing this information.", "importance": 0, "uuid": "cd6b1192-ed8b-48f1-99bd-dd0486d07744" }, { "code": "Information for the data subjects_05", "description": "If possible, provide a means by which to show that notification was provided.", "importance": 0, "uuid": "0457059d-5f55-4a61-998a-e7ca1f690bad" }, { "code": "Information for the data subjects_06", "description": "[employees of an organization] Obtain the prior opinion of the staff representative organizations in the cases set forth in Labor Code.", "importance": 0, "uuid": "2191cdbc-f411-41c6-8b77-baa0c2fdafd9" }, { "code": "Information for the data subjects_07", "description": "[employees of an organization] Use the method that is most appropriate to the organization.", "importance": 0, "uuid": "191d466a-3d41-4883-ab9b-f85788e6ce85" }, { "code": "Information for the data subjects_08", "description": "[collecting personal data via a website] Provide direct or easily accessible information for Internet users.", "importance": 0, "uuid": "6406b9ab-72d4-4473-879c-2aa2d630f457" }, { "code": "Information for the data subjects_09", "description": "[collecting data via a mobile app] Provide direct or easily accessible information for users.", "importance": 0, "uuid": "13aa56e4-2f0c-4439-bdae-8e6fe2420fed" }, { "code": "Information for the data subjects_10", "description": "[collecting data via a mobile app] Inform the user if the app is likely to access the device's identifiers, by specifying whether these identifiers are communicated to third parties.", "importance": 0, "uuid": "537329de-73ae-49ec-8a91-97a5f0e2d667" }, { "code": "Information for the data subjects_11", "description": "[collecting data via a mobile app] Inform the user if the app is likely to run in the background.", "importance": 0, "uuid": "865b7fe1-779f-4410-a9a1-b54dfc205081" }, { "code": "Information for the data subjects_12", "description": "[collecting data via a mobile app] Present the protections for accessing the device to the user.", "importance": 0, "uuid": "f4523be3-7ffc-46d9-b6e9-27ec09507091" }, { "code": "Information for the data subjects_13", "description": "[collecting personal data by telephone] Issue an automatic message before the conversation begins with information on subjects' rights, the reason for recording the conversation (for training purposes or to monitor service quality), if necessary, and an opportunity to object to recording (on legitimate grounds).", "importance": 0, "uuid": "1d7dcc08-df36-4fd4-9cad-9a6567852aad" }, { "code": "Information for the data subjects_14", "description": "[collecting personal data by telephone] Set up means for authenticating the caller (e.g.: via information that is known only to the organization and data subject).", "importance": 0, "uuid": "30d53d6e-c454-483d-bcd6-db29d6f48bd3" }, { "code": "Information for the data subjects_15", "description": "[collecting data via a form] Place the appropriate notice on the form in a typeface identical to the rest of the document.", "importance": 0, "uuid": "b65b69c8-4bef-4165-8462-0e1eae30969a" }, { "code": "Information for the data subjects_16", "description": "[targeted advertising] Make the information available to Internet users in visible, legible form.", "importance": 0, "uuid": "a29cf640-fc41-45e8-9582-465181e2028a" }, { "code": "Information for the data subjects_17", "description": "[targeted advertising] Inform Internet users about the various forms of targeted advertising they are likely to see via the service they are accessing and the various procedures used, the categories of information processed to adapt the advertising content and, as needed, the information that is not gathered and how they may agree to the display of behavioral or personalized advertising. Notification must be provided and consent obtained before any information is stored or before accessing information already stored in the terminal equipment.", "importance": 0, "uuid": "dc20eeec-47fd-4f4f-914a-ff2a81e43a59" }, { "code": "Information for the data subjects_18", "description": "[updating existing processing] Provide specific notification about new forms of processing (for example, new purposes or new recipients).", "importance": 0, "uuid": "1a5ebce9-7783-4e5a-9f15-6d4130ed84c4" }, { "code": "Integrity monitoring_01", "description": "Identify the data that must be monitored for integrity based on the risks identified.", "importance": 0, "uuid": "81096f3d-434f-4ca6-b263-6402645f3a35" }, { "code": "Integrity monitoring_02", "description": "Choose a method for monitoring their integrity based on the context, the risks assessed and the robustness required.", "importance": 0, "uuid": "1ebe2b48-44a6-4976-9f1a-86ae43656806" }, { "code": "Integrity monitoring_03", "description": "Determine when the function is to be applied and when the integrity monitoring should be performed based on implementation of the business process.", "importance": 0, "uuid": "70393b55-d5b1-46f9-bb75-dff01c045a30" }, { "code": "Integrity monitoring_04", "description": "When the data are sent to a database, analytical measures must be set up to prevent scripting or SQL injection attacks.", "importance": 0, "uuid": "aebd360b-cd9a-4a10-8116-e752edf8f3ff" }, { "code": "Integrity monitoring_05", "description": "Choose a hash mechanism recognized by the appropriate organizations and that provides security proof.", "importance": 0, "uuid": "abd478b5-b3e6-4f59-9499-c6e059e37baf" }, { "code": "Integrity monitoring_06", "description": "Adopt electronic signature solutions based on public algorithms known to be strong.", "importance": 0, "uuid": "f8939c47-62ad-4e9a-a7f2-c9de2732e655" }, { "code": "Logical access_01", "description": "Manage users' profiles by separating tasks and areas of responsibility (preferably in centralized fashion) to limit access to personal data exclusively to authorized users by applying need-to-know and least-privilege principles.", "importance": 0, "uuid": "1aedf963-d4c1-4858-aa6a-83f1172295ca" }, { "code": "Logical access_02", "description": "Identify every person with legitimate access to personal data (employees, contracting parties and other third parties) by a unique identifier.", "importance": 0, "uuid": "1cf018d8-33e0-4f03-b87e-d0ecf15b8668" }, { "code": "Logical access_03", "description": "If the use of generic or shared identifiers cannot be avoided, obtain validation from top management and implement methods for tracing the use of this kind of identifier.", "importance": 0, "uuid": "24b38f5e-a0a2-41b4-94d4-04ebe1d73f16" }, { "code": "Logical access_04", "description": "Limit access to the tools and administration interfaces to authorized persons.", "importance": 0, "uuid": "7940afda-6f90-43ce-93de-9e13c2b388db" }, { "code": "Logical access_05", "description": "Limit the use of accounts that provide elevated privileges to operations that require them.", "importance": 0, "uuid": "a9a8432a-73d4-4f0d-8184-c8847a571cb4" }, { "code": "Logical access_06", "description": "Limit the use of \"administrator\" accounts to the IT department and to administration actions that require them.", "importance": 0, "uuid": "4d6297a1-0193-41d3-8868-37efa49c968b" }, { "code": "Logical access_07", "description": "Every account, particularly if it has elevated privileges (for example, an administrator account), must have its own password.", "importance": 0, "uuid": "ddb71c7d-1e28-4592-b033-f05e1403077e" }, { "code": "Logical access_08", "description": "Log information connected to the use of privileges.", "importance": 0, "uuid": "3c9ad118-203a-4e8f-906b-7508506aacba" }, { "code": "Logical access_09", "description": "Conduct an annual review of privileges to identify and delete unused accounts and to realign the privileges with each user's functions.", "importance": 0, "uuid": "810ce7c4-c1f2-46d1-a87d-da0e06f10684" }, { "code": "Logical access_10", "description": "Withdraw the rights of employees, contracting parties and other third parties when they are no longer authorized to access a premises or a resource or when their employment contract ends, and adjust the rights in the event of a job transfer.For individuals with a temporary account (including interns and service providers), configure an expiration date when the account is established.", "importance": 0, "uuid": "3ff50b19-8155-4e23-aba6-a6538b4d71f0" }, { "code": "Logical access_11", "description": "Choose an authentication method to open sessions that is appropriate to the context, the risk level and the robustness expected.", "importance": 0, "uuid": "ac78bbf8-87a7-48ae-8630-568011da98df" }, { "code": "Logical access_12", "description": "Prohibit the passwords used from appearing unencrypted in programs, files, scripts, traces or log files or on the screen when they are entered.", "importance": 0, "uuid": "9fc35976-da32-43f0-afae-f1045efac451" }, { "code": "Logical access_13", "description": "Determine the actions to be taken in the event of a failed authentication.", "importance": 0, "uuid": "b7911bea-4083-4e81-ba64-f9b114c13b2f" }, { "code": "Logical access_14", "description": "Limit authentication by identifiers and passwords to the workstation access control (unlocking only).", "importance": 0, "uuid": "dd4cf1bf-f164-4f4d-a0c2-8826d3e6ea77" }, { "code": "Logical access_15", "description": "Authenticate the workstation with the remote information system (servers) using cryptographic mechanisms.", "importance": 0, "uuid": "5663e669-0760-416b-90ef-5e81c909318a" }, { "code": "Logical access_16", "description": "Adopt a password policy, implement it and monitor it automatically to the extent that applications and resources allow, and inform users about it.", "importance": 0, "uuid": "27d1daee-57b8-4b19-be2a-66e11b3c61b7" }, { "code": "Logical access_17", "description": "Adopt a specific password policy for administrators, implement it and monitor it automatically to the extent that the applications and resources allow, and inform administrators of it.", "importance": 0, "uuid": "bdbf127d-b63f-402a-8897-da74fa058598" }, { "code": "Logical access_18", "description": "Immediately change default passwords after installing an application or a system.", "importance": 0, "uuid": "86066bc7-c9fe-4825-904c-98569deb4d93" }, { "code": "Logical access_19", "description": "Create an initial unique random password for each user account, transmit it securely to the user, for example by using two separate channels (paper and others) or a scratch-off field, and require that it be changed when the first connection is made and when the user receives a new password (for example, if the old password is forgotten).", "importance": 0, "uuid": "6d751f03-c787-492f-9118-fb7d2da905fb" }, { "code": "Logical access_20", "description": "Store the authentication information (including passwords for accessing information systems and private keys linked to electronic certificates) so that it is accessible only to authorized users.", "importance": 0, "uuid": "1aea53f6-194e-40ae-8cc1-c165e01575a6" }, { "code": "Logical access_21", "description": "If many passwords or secrets (including private keys and certificates) must be used, implement a centralized authentication solution using OTPs or secure vaults.", "importance": 0, "uuid": "7d2dc652-2129-4e3e-a828-eb5c12e91fad" }, { "code": "Maintenance_01", "description": "Establish a procurement contract to govern maintenance operations when they are carried out by service providers.", "importance": 0, "uuid": "4d5e5e9c-cba4-4204-a996-de155230d9b6" }, { "code": "Maintenance_02", "description": "Record all maintenance operations in a logbook.", "importance": 0, "uuid": "af3621e5-6901-471d-9367-4f56d41feaff" }, { "code": "Maintenance_03", "description": "Govern remote maintenance operations.", "importance": 0, "uuid": "6ce0b616-a0b7-4434-b106-a2ad1aaaf142" }, { "code": "Maintenance_04", "description": "Encrypt or erase data contained on hardware (desktop computers or laptops, servers, etc.) that are sent for external maintenance. If this is not possible, remove the equipment storage devices before dispatch to maintenance or manage maintenance internally.", "importance": 0, "uuid": "6b6ca736-930c-44f9-a751-a688fd5163f2" }, { "code": "Maintenance_05", "description": "[workstations] During maintenance operations that require remote access to a workstation, only perform the operation after obtaining the user's agreement, and indicate to the latter on the screen if the access is effective.", "importance": 0, "uuid": "bd928759-84d2-4469-8946-b3dbfad554a5" }, { "code": "Maintenance_06", "description": "[workstations] When a maintenance operation requires physical intervention on a workstation containing sensitive data, delete the data during the maintenance.", "importance": 0, "uuid": "2d9e26f1-0652-41bd-9f1d-7098aa35ef14" }, { "code": "Maintenance_07", "description": "[smartphone] Configure telephones before delivering them to users.", "importance": 0, "uuid": "1f89e0d0-ca12-43eb-8816-49032071bba0" }, { "code": "Maintenance_08", "description": "[smartphone] Inform users, such as in a memo provided at delivery, about how to use their phone, the applications installed on it (e.g. Business Mail, Exchange, etc.), the services provided, and the security rules to be followed.", "importance": 0, "uuid": "2c7aafdb-82b9-498e-833f-c1d1d53c8eeb" }, { "code": "Maintenance_09", "description": "[storage devices] Erase all contents securely or physically destroy storage devices that are discarded.", "importance": 0, "uuid": "f07bb13a-7363-42ab-a90f-ed746612f2ed" }, { "code": "Maintenance_10", "description": "[storage devices] During maintenance operations that require remote access to a workstation, only perform the operation after obtaining the user's agreement.", "importance": 0, "uuid": "46ff3960-e7fb-4696-b4b5-ba9dadafef13" }, { "code": "Maintenance_11", "description": "[multifunction printers and copiers] If maintenance is performed by a third party, set up measures to block access to personal data.", "importance": 0, "uuid": "0a3f6ab5-1481-4341-bfab-c87bd7a228fd" }, { "code": "Maintenance_12", "description": "[multifunction printers and copiers] If a locally networked multifunction printer or copier is maintained remotely by a third party, take specific measures to protect access to this equipment.", "importance": 0, "uuid": "7145ea83-4e8c-4cd2-b4b3-33971db52618" }, { "code": "Maintenance_13", "description": "[multifunction printers and copiers] Block access to personal data stored on discarded multifunction printers or copiers.", "importance": 0, "uuid": "e0064066-b27a-40a1-9b4b-fb5ed06b3896" }, { "code": "Malware_01", "description": "Install an antivirus application on servers and workstations and configure it.", "importance": 0, "uuid": "65114d0a-e751-4b45-934f-0e1706d1954c" }, { "code": "Malware_02", "description": "Update the antivirus software.", "importance": 0, "uuid": "5011211c-ac04-40c7-90c2-f562d3284ee0" }, { "code": "Malware_03", "description": "Implement filtering measures that can filter network inflows and outflows (including firewalls and proxies).", "importance": 0, "uuid": "29496756-8f16-4422-9836-dc8bd7745af9" }, { "code": "Malware_04", "description": "Transfer antivirus security events to a centralized server for statistical analysis and ex post management of problems (to detect an infected server or a virus that has been detected and not eradicated by the antivirus application, etc.).", "importance": 0, "uuid": "41c92fbf-3051-4a25-a1bb-991ef2fe0b8b" }, { "code": "Malware_05", "description": "Install an anti-spyware program on the workstations, configure it and keep it up-to- date.", "importance": 0, "uuid": "2a24a644-282c-4894-9229-31dd0dcfff56" }, { "code": "Management of incidents and data breaches_01", "description": "Define the roles and responsibilities of the stakeholders, as well as procedures for providing feedback and responses in the event of a personal data breach.", "importance": 0, "uuid": "de0f99e6-3155-4c00-b236-5b5ee808bbd0" }, { "code": "Management of incidents and data breaches_02", "description": "Establish a directory of individuals responsible for managing personal data breaches.", "importance": 0, "uuid": "bf83096f-1f4a-41aa-ab7b-f74c9611edb9" }, { "code": "Management of incidents and data breaches_03", "description": "Develop a response plan in the event of a personal data breach for each high risk, update it and test it periodically.", "importance": 0, "uuid": "9e2deca0-636b-48ef-a730-f658625a6645" }, { "code": "Management of incidents and data breaches_04", "description": "Categorize the personal data breaches based on their impact on data subjects' privacy.", "importance": 0, "uuid": "fd5f40a6-766d-44a1-b5f3-ad3d733c2d08" }, { "code": "Management of incidents and data breaches_05", "description": "Handle the incidents based on their categorization (event, incident, damaging event or crisis.).", "importance": 0, "uuid": "8aae7bf3-966e-4948-8709-72df31e775c2" }, { "code": "Management of incidents and data breaches_06", "description": "Keep up-to-date documentation on data breaches.", "importance": 0, "uuid": "fd65829e-e1e4-441e-80ae-0a8bfc4c3139" }, { "code": "Management of incidents and data breaches_07", "description": "Analyze the possibility of improving the security measures based on the personal data breaches that have occurred.", "importance": 0, "uuid": "7a89917d-7dce-42c4-84dc-84d8bdad5d2e" }, { "code": "Networks_01", "description": "Keep up-to-date a detailed map of the network.", "importance": 0, "uuid": "ce24b7a9-b37c-478c-9998-90632c530a6a" }, { "code": "Networks_02", "description": "Make an inventory of all Internet access points and add them to the network map, make sure that measures put in place are enforced at each access point.", "importance": 0, "uuid": "60cb8791-6373-4e0c-9869-fbfb8c9d9882" }, { "code": "Networks_03", "description": "Ensure the availability of computer communications networks.", "importance": 0, "uuid": "2d883236-aa41-47ff-b49f-7da0f12c5d37" }, { "code": "Networks_04", "description": "Segment the network into impenetrable logical subnets based on the services intended to be deployed.", "importance": 0, "uuid": "7507e56f-24f9-4c08-9362-40e3a4ffb193" }, { "code": "Networks_05", "description": "Prohibit all direct communication between internal workstations and external networks.", "importance": 0, "uuid": "e835c995-7944-4046-8f73-395f1d0601e6" }, { "code": "Networks_06", "description": "Only use connections that are explicitly allowed (restrict absolutely necessary communication ports to the proper execution of installed applications) by a firewall.", "importance": 0, "uuid": "3c73630e-ec15-4323-92a1-bf5dc390d692" }, { "code": "Networks_07", "description": "Monitor network activity after informing data subjects of such monitoring.", "importance": 0, "uuid": "591fd1ac-fc95-4277-907d-68f114f09862" }, { "code": "Networks_08", "description": "Set up a major intrusion response plan with organizational and technical measures for identifying and containing compromises.", "importance": 0, "uuid": "271513a6-75d7-44ee-9331-f4b6f1e09f26" }, { "code": "Networks_09", "description": "Automatically identify hardware as a means of authenticating connections from specific locations and hardware.", "importance": 0, "uuid": "5a634931-316e-49e4-9e55-e4f167ec3f9c" }, { "code": "Networks_10", "description": "Secure management traffic and restrict or prohibit physical and logical access to remote diagnostic and configuration ports.", "importance": 0, "uuid": "d1150e3f-8480-45bf-96cb-720c5f8ff3d7" }, { "code": "Networks_11", "description": "Prohibit the connection of uncontrolled hardware.", "importance": 0, "uuid": "530c47bc-d615-45ce-9895-046e5169d6c1" }, { "code": "Networks_12", "description": "Transmit secret information guaranteeing the confidentiality of personal data (decryption key, password, etc.) in a separate transmission using, where possible, a channel different from that used to transmit data.", "importance": 0, "uuid": "4909075a-3ccd-4b55-bf06-16d292736a41" }, { "code": "Networks_13", "description": "[active network hardware] Use the SSH protocol or a direct hardware connection for connecting to active network hardware (firewall, routers, switches) and prohibit the use of the Telnet protocol except for direct connections.", "importance": 0, "uuid": "1b072b0d-6b8f-4edb-9e0f-be780020b985" }, { "code": "Networks_14", "description": "[remote-administration tools] Restrict the remote administration of local IT resources to IT department staff and to IT resources within the limits of their duties.", "importance": 0, "uuid": "09d79fda-1949-4f39-a5dc-a6c2bf9dd052" }, { "code": "Networks_15", "description": "[remote-administration tools] Uniquely identify users of remote-administration tools.", "importance": 0, "uuid": "eb4da876-2842-40f1-b2d5-3d238176c8dd" }, { "code": "Networks_16", "description": "[remote-administration tools] Authenticate users of remote-administration tools with at least a robust password and, where possible, a digital certificate.", "importance": 0, "uuid": "7cfd31d6-4f3e-409e-8a35-93f99653a822" }, { "code": "Networks_17", "description": "[remote-administration tools] Keep a log of the activity of users of remote-administration tools.", "importance": 0, "uuid": "138ee3bc-171c-4084-9ae9-5a6816b31044" }, { "code": "Networks_18", "description": "[remote-administration tools] Secure the secure authentication flow.", "importance": 0, "uuid": "005c6c29-079b-4802-954d-cb2fac3055a8" }, { "code": "Networks_19", "description": "[remote-administration tools] Remote administration must be covered by prior agreement on the part of the user.", "importance": 0, "uuid": "04afbb2f-8830-4b8a-8298-b7c5a40f2143" }, { "code": "Networks_20", "description": "[remote-administration tools] Prohibit changes to the tool's security settings and the viewing of passwords or secret information used.", "importance": 0, "uuid": "49218fd1-80f0-4242-a481-9ef57205abbb" }, { "code": "Networks_21", "description": "[remote-administration tools] Block the retrieval of secret information for the purposes of establishing a connection from a workstation.", "importance": 0, "uuid": "f6cceae4-a755-44cf-9742-98c8551a9a0b" }, { "code": "Networks_22", "description": "[remote-administration tools] Encrypt all traffic flows.", "importance": 0, "uuid": "1aa37c6a-20e4-4423-a9cc-bb07ab7bc1c5" }, { "code": "Networks_23", "description": "[remote-administration tools] The user must be informed that remote administration is under way on his/her workstation (for example via an icon).", "importance": 0, "uuid": "76acdf16-872a-4fae-84f3-1b962de9b521" }, { "code": "Networks_24", "description": "[mobile or remote devices] Set up a strong solution for authenticating users who access internal information systems (when this is possible).", "importance": 0, "uuid": "9830b820-50b1-4ec2-ba3a-36aedc6d7123" }, { "code": "Networks_25", "description": "[mobile or remote devices] Encrypt communications between mobile devices and internal information systems.", "importance": 0, "uuid": "566e4419-d66d-4742-aff6-ec82328e75a9" }, { "code": "Networks_26", "description": "[mobile or remote devices] Install a firewall to protect network traffic to and from mobile devices. This firewall must be enabled as soon as a mobile device leaves the organization's premises.", "importance": 0, "uuid": "2918ca8c-11e7-4a36-9d04-8e992764eb2e" }, { "code": "Networks_27", "description": "[wireless interfaces] Prohibit non-secure communications for connections via wireless interfaces.", "importance": 0, "uuid": "efb6ed9b-a3f1-4440-95d6-b714d8b05c81" }, { "code": "Networks_28", "description": "[wireless interfaces] Prohibit simultaneous network connections via a wireless interface and the Ethernet interface.", "importance": 0, "uuid": "6cbd4df9-8d32-4120-b4c4-53a5b7ee9c2f" }, { "code": "Networks_29", "description": "[wireless interfaces] Disable unused wireless connection interfaces (Wi-Fi, Bluetooth, infrared, 4G, etc.) on hardware and software.", "importance": 0, "uuid": "568092c7-943f-4202-9686-6f745cf3b514" }, { "code": "Networks_30", "description": "[wireless interfaces] Control wireless networks.", "importance": 0, "uuid": "ec7afbcd-496b-4d6d-a168-6c96947fe3eb" }, { "code": "Networks_31", "description": "[Wifi] Use the WPA or WPA2 protocol with AES-CCMP encryption or the \"Enterprise\" mode of the WPA and WPA2 protocols (using a RADIUS server as well as the EAP- TLS or PEAP subprotocols).", "importance": 0, "uuid": "7c223c18-678f-4c3d-be0e-643eb66eddb5" }, { "code": "Networks_32", "description": "[Wifi] Prohibit ad-hoc networks.", "importance": 0, "uuid": "c0fab12f-6d49-415b-a1d9-289fe8c81e4b" }, { "code": "Networks_33", "description": "[Wifi] Use and configure a firewall at network entry and exit points in order to partition off connected hardware as needed.", "importance": 0, "uuid": "bd03815c-8243-4ea7-af45-a805eda8691f" }, { "code": "Networks_34", "description": "[Bluetooth] Impose mutual authentication with remote devices.", "importance": 0, "uuid": "511b5ca4-89c6-4383-858c-d45133a0a778" }, { "code": "Networks_35", "description": "[Bluetooth] Restrict usage to file sharing with hardware controlled by the IT department.", "importance": 0, "uuid": "8e0244ad-ce81-4c00-be5a-6f8e0eb8ab53" }, { "code": "Networks_36", "description": "[Bluetooth] Encrypt sharing traffic.", "importance": 0, "uuid": "d4d34379-d6f7-4dca-b465-8f47fed709a7" }, { "code": "Networks_37", "description": "[infrared] Perform authentication prior to establishing connections and sending/receiving files or commands.", "importance": 0, "uuid": "a08e87a9-84b6-48cc-a735-dd9f1d29e835" }, { "code": "Networks_38", "description": "[mobile telephony networks] Protect SIM cards with PINs that must be entered each time a device is used.", "importance": 0, "uuid": "588f6c93-b675-4f82-9494-da2984833a13" }, { "code": "Networks_39", "description": "[Web browsing] Use the SSL protocol (HTTPS) to ensure server authentication and confidentiality of communications.", "importance": 0, "uuid": "0960767a-3798-42d2-9766-8a544d6454aa" }, { "code": "Networks_40", "description": "[file transfers] Use the SFTP protocol or possibly the SCP protocol.", "importance": 0, "uuid": "3ab07920-30d5-4368-b5b7-96c085dfa4b9" }, { "code": "Networks_41", "description": "[fax machines] Place fax machines in a physically secure room only accessible by authorized personnel.", "importance": 0, "uuid": "aeca1cdd-0dba-4a08-86a9-199d0dc1a44c" }, { "code": "Networks_42", "description": "[fax machines] Set up a personal access code system for the printing of messages.", "importance": 0, "uuid": "45b46846-ae73-4f1e-ad1f-56085fa7f0c7" }, { "code": "Networks_43", "description": "[fax machines] When sending faxes, have the identity of the destination fax displayed so that the recipient's identity may be checked.", "importance": 0, "uuid": "392f2a2d-b717-4230-9d65-feb6f8f3c0e9" }, { "code": "Networks_44", "description": "[fax machines] When sending faxes, have the identity of the destination fax displayed so that the recipient's identity may be checked.", "importance": 0, "uuid": "847559d4-6855-475d-8099-28dfcf8c6a53" }, { "code": "Networks_45", "description": "[fax machines] Follow up each fax by sending the originals to the recipient.", "importance": 0, "uuid": "9dc411bc-b69e-4413-8191-882b5cb070b6" }, { "code": "Networks_46", "description": "[fax machines] Pre-enter the numbers of potential recipients in the fax machine's built-in phone book (where available).", "importance": 0, "uuid": "5a66bc71-a621-4eee-b9af-5bdaae2fc18b" }, { "code": "Networks_47", "description": "[ADSL/Fiber] Make an inventory of the local Internet access points.", "importance": 0, "uuid": "f5c1911b-6dec-45da-a702-656048918d03" }, { "code": "Networks_48", "description": "[ADSL/Fiber] Physically isolate the local Internet access points from the internal network.", "importance": 0, "uuid": "f135d1b6-595d-4b6f-9129-654ad0131024" }, { "code": "Networks_49", "description": "[local access points] Only use them for specific legitimate needs (e.g. loss of availability of access to the direct distance dialing network).", "importance": 0, "uuid": "6fa31f5c-5905-4849-ac5a-f6e5679d3eaf" }, { "code": "Networks_50", "description": "[local access points] Enable them only when they are used.", "importance": 0, "uuid": "fd7e5584-6f01-4d2a-8428-51efe44ba9ad" }, { "code": "Networks_51", "description": "[local access points] Disable their wireless interface (Wi-Fi) if they have one.", "importance": 0, "uuid": "62ee5964-4a5e-4bf6-8d8d-54d73f283a4d" }, { "code": "Networks_52", "description": "[email] Encrypt attachments containing personal data.", "importance": 0, "uuid": "69e8a5ad-1b0d-4544-8d98-2c4a57aeb5bb" }, { "code": "Networks_53", "description": "[email] Make users aware that they must avoid opening email of unknown origin, and especially risky attachments (with extensions such as .pif, .com, .bat, .exe, .vbs, and .lnk), or configure the system so that it is impossible to open them.", "importance": 0, "uuid": "3cf88fb5-6356-4b3e-a291-e2228852ac45" }, { "code": "Networks_54", "description": "[email] Make users aware that they should not pass on hoaxes, etc.", "importance": 0, "uuid": "acdc4e21-c206-495f-a618-c16cc0ea5325" }, { "code": "Networks_55", "description": "[instant messaging] Prohibit the installation and use of instant messaging software. If such software is necessary, inform users about the risks involved and the good practices to follow.", "importance": 0, "uuid": "387e8c03-52ed-4f29-854f-7c77a9a36ea9" }, { "code": "Non-human risk sources_01", "description": "Establish fire prevention, detection and protection systems.", "importance": 0, "uuid": "e9a6a6c2-36d4-43e2-97d7-a758160ae171" }, { "code": "Non-human risk sources_02", "description": "Install temperature monitoring systems.", "importance": 0, "uuid": "91cfea4c-20b0-4be1-aeea-ec68b813ffcc" }, { "code": "Non-human risk sources_03", "description": "Establish a power supply monitoring and relief system.", "importance": 0, "uuid": "fddb164a-8cd8-4c88-9865-eb09e168eae6" }, { "code": "Non-human risk sources_04", "description": "Install systems to prevent water damage.", "importance": 0, "uuid": "83c2a188-77b1-4a96-857d-39c5d2c9d147" }, { "code": "Non-human risk sources_05", "description": "Ensure that the essential services (including power, water and air conditioning) are sized appropriately based on the systems they support.", "importance": 0, "uuid": "443af974-738a-474f-994e-a8555d57eb35" }, { "code": "Non-human risk sources_06", "description": "Specify an appropriate response time, in the event of failure, in maintenance contracts covering the equipment used in the operation of essential and security services (including extinguishers, air conditioners, water, smoke and heat detectors, opening and unauthorized entry detection and generator) and check the equipment at least annually.", "importance": 0, "uuid": "67ce43a0-8ed7-4ab2-9343-de474df5d54d" }, { "code": "Non-human risk sources_07", "description": "In the case of high availability requirements, connect the telecommunications infrastructure via at least two different, independent access points and ensure that they can switch from one to the other very quickly. If availability needs are very high, consider a backup site.", "importance": 0, "uuid": "a7ddedda-ca2a-4fc8-9a27-f414f06ff038" }, { "code": "Operating security_01", "description": "Document the operating procedures, update them and make them available to all users concerned (every action on the system, whether it involves administration operations or the use of an application, must be explained in the users' reference documents).", "importance": 0, "uuid": "0c906d42-562d-4d6c-817d-c237697026c7" }, { "code": "Operating security_02", "description": "Maintain an up-to-date inventory of the software and hardware used in operation.", "importance": 0, "uuid": "971e238f-6539-4309-9fbd-bbe551184a3d" }, { "code": "Operating security_03", "description": "Conduct monitoring of vulnerabilities discovered in the software (including firmware) used in operation, and correct them at the earliest possible opportunity.", "importance": 0, "uuid": "a58cb9b6-3c4b-4718-ad26-96971c6e8da2" }, { "code": "Operating security_04", "description": "Maintain an up-to-date inventory of the software and hardware used in operation.", "importance": 0, "uuid": "59afc518-72aa-4698-a8dd-d414e90416c2" }, { "code": "Operating security_05", "description": "Prohibit the use of production servers (database servers, Web servers, messaging server, etc.) for other purposes than those initially intended", "importance": 0, "uuid": "4b1d4939-dcf8-4449-bffb-7ecf309593e6" }, { "code": "Operating security_06", "description": "Use data storage units that use physical redundancy mechanisms (such as RAID), or mechanisms for duplicating data between several servers and/or sites.", "importance": 0, "uuid": "e310d89d-cb9f-4a4f-9478-f0214fd81bf6" }, { "code": "Operating security_07", "description": "Check that the size of storage and computing capacities is sufficient for allowing the processing to operate correctly \u2013 even during activity peaks.", "importance": 0, "uuid": "1e14c624-18e7-4db4-b7d0-67f3c5a94c64" }, { "code": "Operating security_08", "description": "Check that the physical hosting conditions (temperature, humidity, energy supply, etc.) are compatible with the intended use of hardware, and include backup mechanisms (inverter and/or backup supply and/or generator).", "importance": 0, "uuid": "4ce6491a-dfb5-4a39-b09c-e229f4d4a3ab" }, { "code": "Operating security_09", "description": "Limit access to hardware that is sensitive and/or of high market value.", "importance": 0, "uuid": "0f707a1a-3beb-4c0c-8662-7dfd7c9fd437" }, { "code": "Operating security_10", "description": "Limit the possibilities of hardware alteration.", "importance": 0, "uuid": "001e35ba-544b-43a1-a94e-3cc3aecde0c5" }, { "code": "Operating security_11", "description": "Provide for an Activity Recovery Plan (PRA) or Activity Continuity Plan (PCA), based on the availability objectives of the processing carried out.", "importance": 0, "uuid": "2f02df3f-b652-449f-9e47-018baa1b4a7e" }, { "code": "Operating security_12", "description": "Set up a security incident management procedure allowing such incidents to be detected, recorded, described and resolved.", "importance": 0, "uuid": "97d227c8-215b-4b24-a858-f0e181476b03" }, { "code": "Organization_01", "description": "Have the data controller appoint an assistant to help them enforce the General Data Protection Regulation (GDPR) and provide such assistant with the means to perform their duties.", "importance": 0, "uuid": "e296be10-3b93-4ed0-bbb2-3e84e330f639" }, { "code": "Organization_02", "description": "Define the roles, responsibilities and interactions between all data protection stakeholders.", "importance": 0, "uuid": "83f5e4ad-f20e-4bbc-8912-56923387da9b" }, { "code": "Organization_03", "description": "Set up a monitoring committee formed of the data controller, the person in charge of assisting the controller in enforcing compliance with the GDPR and the stakeholders. This committee must meet regularly (at least once a year) to set objectives and review the organization's entire range of processing operations.", "importance": 0, "uuid": "82b6cd19-b2e2-405e-9728-a7bd7251ac6f" }, { "code": "Paper document_01", "description": "Include a visible, explicit reference on each page of the documents that include sensitive personal data.", "importance": 0, "uuid": "d41faa6b-99bd-4b71-9bec-66a2d5334c95" }, { "code": "Paper document_02", "description": "Include a visible, explicit reference in the business applications that provide access to personal data.", "importance": 0, "uuid": "38b3b764-c6b1-447a-81aa-90ba5fb02472" }, { "code": "Paper document_03", "description": "Choose paper formats and printing methods that are suitable to the storage conditions (storage duration, ambient humidity, etc.).", "importance": 0, "uuid": "43021e79-ec81-4867-8bc4-55bc5330a32b" }, { "code": "Paper document_04", "description": "Retrieve printed documents containing personal data immediately after they are printed or, where possible, carry out secure printing.", "importance": 0, "uuid": "6e1ba563-e4ff-452b-b793-34b6c42c3837" }, { "code": "Paper document_05", "description": "Restrict the distribution of paper documents containing personal data to individuals who require them for work-related purposes.", "importance": 0, "uuid": "c9e78377-c4ef-49e6-937b-6d3720206b38" }, { "code": "Paper document_06", "description": "Store paper documents containing personal data in a secure cabinet.", "importance": 0, "uuid": "b3cd646a-9ee6-4e60-bb21-74c086e1a89a" }, { "code": "Paper document_07", "description": "Destroy, using a shredder of the appropriate certification level, paper documents that are no longer necessary and which contain personal data.", "importance": 0, "uuid": "1c5b07c9-70c4-44b7-9d23-0d5112589210" }, { "code": "Paper document_08", "description": "Only send paper documents containing personal data that are necessary for processing.", "importance": 0, "uuid": "9d218324-5fec-4547-a1bc-502b3ba86905" }, { "code": "Paper document_09", "description": "Keep close track of the circulation of paper documents containing personal data.", "importance": 0, "uuid": "d2b72130-8771-49a7-aa39-eb9e3c3abe43" }, { "code": "Paper document_10", "description": "Choose a transmission channel that is suited to the risks and frequency of transmission.", "importance": 0, "uuid": "97f4548c-8a5a-4128-848f-5c44b886adf1" }, { "code": "Paper document_11", "description": "Improve trust in companies used to deliver paper documents containing personal data.", "importance": 0, "uuid": "c9004d16-3c95-4491-a581-e8493e5ac7bb" }, { "code": "Paper document_12", "description": "Protect paper documents containing personal data.", "importance": 0, "uuid": "b20a6adb-cb65-4dca-9401-fe0f08f67b18" }, { "code": "Physical access_01", "description": "Categorize areas of the buildings by risk.", "importance": 0, "uuid": "c50ec4bf-c87b-450f-99d3-7444767bb529" }, { "code": "Physical access_02", "description": "Maintain an up-to-date list of individuals (including visitors, employees, authorized employees, trainees and service providers) who are authorized to enter each area.", "importance": 0, "uuid": "c688ba0f-d671-4718-ba97-6bfbc999257a" }, { "code": "Physical access_03", "description": "Select methods for authenticating employees that are proportional to the risks associated with each area.", "importance": 0, "uuid": "c71ee1c8-164c-4aff-9796-412f2018ef81" }, { "code": "Physical access_04", "description": "Select visitor authentication methods (for example, persons coming to attend a meeting, external service providers or auditors) proportional to the risks associated with each area.", "importance": 0, "uuid": "3d8139f7-6e50-4613-b17e-d54c00188544" }, { "code": "Physical access_05", "description": "Define actions to take if authentication fails (identity cannot be confirmed or lack of authorization to enter a security area).", "importance": 0, "uuid": "19de6071-7aa0-4c45-bee8-563c7c6446e2" }, { "code": "Physical access_06", "description": "Keep a record of access granted after notifying the data subjects.", "importance": 0, "uuid": "a482d122-b761-403f-b916-7757918cfb45" }, { "code": "Physical access_07", "description": "Visitors needing to access premises outside public reception areas should be escorted (from the time they arrive, during their visit and until they exit the premises) by a member of the organization.", "importance": 0, "uuid": "be8b8190-8b98-45c1-8f72-4d1a565b1a5c" }, { "code": "Physical access_08", "description": "Protect the most sensitive areas in proportion to the risks.", "importance": 0, "uuid": "19576116-27b2-4eda-ad2f-c0ffdc51f09b" }, { "code": "Physical access_09", "description": "Install a warning system in the event of unauthorized entry.", "importance": 0, "uuid": "764b70e6-79be-4338-8a85-df02a0845424" }, { "code": "Physical access_10", "description": "Establish a system to slow individuals who may have penetrated an area they are prohibited from entering and a system for intervening in such situations to ensure intervention before the unauthorized persons can leave the area.", "importance": 0, "uuid": "6935ed7e-c2ff-41e1-84f0-abb94789e6c6" }, { "code": "Policy_01", "description": "Set out important aspects relating to data protection within a documentary base making up the data protection policy and in a form suited to each type of content (risks, key principles to be followed, target objectives, rules to be applied, etc.) and each communication target (users, IT department, policymakers, etc.).", "importance": 0, "uuid": "3044ec83-7f6c-4f36-9b41-fd8f4148f0db" }, { "code": "Policy_02", "description": "Distribute the data protection policy to those in charge of enforcing it.", "importance": 0, "uuid": "5c8cfba8-eaaf-49d4-a8c2-eb80e38bedf3" }, { "code": "Policy_03", "description": "Allow individuals in charge of enforcing the data protection policy to formally request exceptions in the event of implementation difficulties, review the impacts of all exception requests on the related risks and, where applicable, have acceptable exceptions approved by the data controller and amend the data protection policy accordingly.", "importance": 0, "uuid": "0cfa2120-97ad-4553-9634-eb882d082611" }, { "code": "Policy_04", "description": "Establish a multi-annual action plan and monitor implementation of data protection policy.", "importance": 0, "uuid": "f5325095-e849-4311-929f-4f98b1a3f6b9" }, { "code": "Policy_05", "description": "Allow for exceptions to the data protection policy.", "importance": 0, "uuid": "265e4f9a-c3fa-45a4-bb88-329c9842a610" }, { "code": "Policy_06", "description": "Anticipate how to take into account difficulties in enforcing the data protection policy.", "importance": 0, "uuid": "7da96d90-bb4b-4a7a-843d-d34404a6af91" }, { "code": "Policy_07", "description": "Regularly check compliance with the rules of the data protection policy and the implementation of the action plan.", "importance": 0, "uuid": "860682f8-a917-436b-8c3b-e1204cef9c88" }, { "code": "Policy_08", "description": "Regularly revise the data protection policy.", "importance": 0, "uuid": "9bc3437a-1156-41bc-a5a7-7f227acecb9c" }, { "code": "Prior formalities_01", "description": "Check that the data processing does indeed comply with the declared purpose.", "importance": 0, "uuid": "e35056d7-f710-494a-b88d-b889cca71b24" }, { "code": "Prior formalities_02", "description": "Perform a Privacy Impact Assessment (PIA) and have it validated.", "importance": 0, "uuid": "a68526c7-2924-4d5b-8e3c-46e4ff4e661a" }, { "code": "Prior formalities_03", "description": "Consult the supervisory authority if the residual risks are high, pursuant to Article 36 of the General Data Protection Regulation (GDPR).", "importance": 0, "uuid": "2cfe236e-a265-4ad6-b465-3f1c54e4b583" }, { "code": "Prior formalities_04", "description": "Carry out the other sectoral and contractual formalities applicable to the processing (e.g. formalities associated with other codes and regulations, contract with an external data source, etc.)", "importance": 0, "uuid": "5f305f28-fae7-427e-a438-2a94270a8eed" }, { "code": "Processors_01", "description": "A procurement contract must be signed with each processor, setting out all of the points stipulated in Art. 28 of the GDPR.", "importance": 0, "uuid": "56e18e09-aba6-45e7-bcad-b6e095d3c109" }, { "code": "Processors_02", "description": "Regulate the procurement relations via a contract signed intuitu person\u00e6.", "importance": 0, "uuid": "7368415c-5c8e-4388-8f37-e0a12b42e27c" }, { "code": "Processors_03", "description": "Require the processor to forward its Information Systems Security Policy (PSSI) along with all supporting documents of its information security certifications and append said documents to the contract.", "importance": 0, "uuid": "1ae3cecb-b8c2-4513-8a7e-87ef4737b586" }, { "code": "Processors_04", "description": "Precisely determine and set, on a contractual basis, the operations that the processor will be required to carry out on personal data.", "importance": 0, "uuid": "c923a487-93d3-4ad7-a0a9-a379b586903f" }, { "code": "Processors_05", "description": "Determine, on a contractual basis, the division of responsibility regarding the legal processes aimed at allowing the data subjects to exercise their rights.", "importance": 0, "uuid": "df423c35-2f36-4da7-8b9b-45c420faede5" }, { "code": "Processors_06", "description": "Explicitly prohibit or regulate use of tier-2 processors.", "importance": 0, "uuid": "f2c8f0fd-8e8c-4977-9b6a-3935cfcbfe5c" }, { "code": "Processors_07", "description": "Clarify in the contract that compliance with the data protection obligations is a binding requirement of the contract.", "importance": 0, "uuid": "117e287b-32ca-47b9-8fb5-bf5ec461b9c8" }, { "code": "Processors_08", "description": "[providers of cloud computing services] Require the provider to apply at least logical separation between the organization's data and the data of its other clients.", "importance": 0, "uuid": "d508b338-1c29-4d0f-815c-f8724b16817d" }, { "code": "Processors_09", "description": "[providers of cloud computing services] Very clearly define the locations in which the data are likely to be stored, and the countries from which the data stored in the cloud are likely to be accessible.", "importance": 0, "uuid": "b2b88c80-8c5e-47e7-bf45-03a92fcaa049" }, { "code": "Project management_01", "description": "Use a risk management approach as soon as a service is devised or an application designed.", "importance": 0, "uuid": "0943a203-920c-4869-a562-c739bd1f14c1" }, { "code": "Project management_02", "description": "Favor the use of trusted names in ISS and data protection (procedures, products, management systems, organizations, individuals, etc.).", "importance": 0, "uuid": "66063408-245e-4027-a2bc-86f360996e2a" }, { "code": "Project management_03", "description": "Favor the use of recognized and proven guidelines.", "importance": 0, "uuid": "b5c8636e-490e-4989-89d5-9816c36ed059" }, { "code": "Project management_04", "description": "Carry out supervisory authority formalities before launching new processing operations.", "importance": 0, "uuid": "a5225278-26a4-4920-abe0-5256c40435d7" }, { "code": "Project management_05", "description": "[software acquisitions] Make sure that developers and maintainers have sufficient resources to perform their tasks.", "importance": 0, "uuid": "0e76309c-a1e9-4361-bd60-fe30cad19371" }, { "code": "Project management_06", "description": "[software acquisitions] Favor interoperable and user-friendly applications.", "importance": 0, "uuid": "d344ad67-fe91-477a-b150-87d78e59f02f" }, { "code": "Project management_07", "description": "[software acquisitions] Carry out IT developments in an IT environment distinct from the running environment.", "importance": 0, "uuid": "c25ecdc1-1eff-4101-af9b-34d31c5a1f2c" }, { "code": "Project management_08", "description": "[software acquisitions] Protect the availability, integrity and, where necessary, confidentiality of source codes.", "importance": 0, "uuid": "68d3ef08-0b9a-4341-a335-afb27e80021a" }, { "code": "Project management_09", "description": "[software acquisitions] Impose data entry and recording formats that minimize the amount of data collected.", "importance": 0, "uuid": "ea1e195a-de83-4e5b-97f3-d5d7c74dddf3" }, { "code": "Project management_10", "description": "[software acquisitions] Make sure that data formats are compatible with the implementation of a storage duration.", "importance": 0, "uuid": "f0a432b1-5c69-4a69-950f-b2e37bc3963f" }, { "code": "Project management_11", "description": "[software acquisitions] Integrate access control to data by user categories during development.", "importance": 0, "uuid": "c06e557e-2436-4b3d-8fa0-552d184f69f9" }, { "code": "Project management_12", "description": "[software acquisitions] Avoid using free-form text fields. If such fields are required, the following wording must either appear as a watermark or disappear once a user starts typing inside the field: \"Individuals have a right of access to the information about them entered in this field. The information you enter in this field must be RELEVANT to the context. Such information must neither include any subjective opinions nor reveal \"either directly or indirectly, an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or any information relating to said individual's health or sex life\".", "importance": 0, "uuid": "5f06b644-3743-486c-8431-1bac8186c729" }, { "code": "Project management_13", "description": "[software acquisitions] Prohibit the use of actual data prior to the implementation, and anonymize them where necessary.", "importance": 0, "uuid": "ccbce76a-86fe-4cce-a46b-bab851fcbf78" }, { "code": "Project management_14", "description": "[software acquisitions] Make sure that software runs correctly and as specified during acceptance testing.", "importance": 0, "uuid": "0c846c96-c091-4e40-a9d8-bec9828fd839" }, { "code": "Purpose_01", "description": "Describe the data processing purposes in detail and justify their legitimacy.", "importance": 0, "uuid": "0af91e8e-6412-4ec2-86f0-d00b4f1c83dc" }, { "code": "Purpose_02", "description": "Explain the purposes of sharing with third parties as well as the data processing purposes for improving the service.", "importance": 0, "uuid": "c9133806-5bfe-4c1b-85cf-7717b7316936" }, { "code": "Purpose_03", "description": "Explain the specific conditions under which the processing will take place, particularly by clarifying data matching where applicable.", "importance": 0, "uuid": "325f56ec-a483-4ee3-8b70-1a36e8218ad2" }, { "code": "Relations with third parties_01", "description": "Identify all third parties who have or could have legitimate access to personal data.", "importance": 0, "uuid": "70118f99-45c3-4068-aac2-0970b75078a3" }, { "code": "Relations with third parties_02", "description": "Determine their role in the processing (including IT administrators, processors, recipients, persons responsible for processing data and authorized third parties) based on the actions they will perform.", "importance": 0, "uuid": "e67de690-620b-4dfc-84b9-f1b41789ebae" }, { "code": "Relations with third parties_03", "description": "Determine the respective responsibilities based on the risks connected to the personal data.", "importance": 0, "uuid": "8fbc269e-b6bc-4fcb-99a9-d3e01b2dbd11" }, { "code": "Relations with third parties_04", "description": "Determine the appropriate form for establishing rights and obligations based on the third parties' legal structure and their geographic location.", "importance": 0, "uuid": "affffb06-4f24-4609-b02c-dc94f9eef84d" }, { "code": "Relations with third parties_05", "description": "Formally document the rules that persons must comply with throughout the life cycle of the relationship related to the processing or the personal data, based on the person's category and the actions that he/she will perform.", "importance": 0, "uuid": "bc2c32c5-0d94-470c-965b-1362354d0170" }, { "code": "Relations with third parties_06", "description": "[internal service providers] Apply to said service providers the same measures as for the organization's employees: training in data protection issues, requirement to comply with the rules for using the organization's IT resources, appended to the rules of procedure.", "importance": 0, "uuid": "addc6cd5-341c-4e65-9f97-80363edc2d23" }, { "code": "Relations with third parties_07", "description": "[internal service providers] Provide said service providers with a workstation inside the organization or check that use of the workstation supplied by their employer is compatible with the organization's security objectives.", "importance": 0, "uuid": "4188ca8c-6e9d-47f3-afb2-14f6524f1d69" }, { "code": "Relations with third parties_08", "description": "[internal service providers] Make sure said service providers are properly bound with their employer by a confidentiality clause applicable to their employer's client organizations.", "importance": 0, "uuid": "5a653d24-a00c-47e9-9df8-c5da8f03fa59" }, { "code": "Relations with third parties_09", "description": "[internal service providers] Manage clearance authorizations for such service providers specifically by granting time-bound authorizations that automatically end on the provisional end date for their assignment.", "importance": 0, "uuid": "cb8a4285-4740-43dd-ad88-3fec51d119de" }, { "code": "Relations with third parties_10", "description": "[third-party recipients] Govern the transmission of data to said third-parties via a contract setting out.", "importance": 0, "uuid": "9e9a5a6c-fc2d-4248-afe3-30457f3c8718" }, { "code": "Relations with third parties_11", "description": "[third-party recipients] Require the third party to publish a privacy protection policy covering the processing making use of the data transmitted and outlining the security objectives pursuant to the IT system security policy.", "importance": 0, "uuid": "2ebe062a-a1f9-432c-9b15-4c44c1e121e6" }, { "code": "Relations with third parties_12", "description": "[third-party recipients] If data are transmitted via the Internet, always encrypt the data flows.", "importance": 0, "uuid": "ecfa059a-ce80-46b6-80a3-49d09eefff9b" }, { "code": "Relations with third parties_13", "description": "[third-party recipients] Systematically inform the third party when the data subjects exercise their right to rectification.", "importance": 0, "uuid": "71b7fe30-963e-4ff8-9744-0fd5b34747c7" }, { "code": "Relations with third parties_14", "description": "[authorized third parties] Only reply to requests that are officially sent (by mail or fax) and reply using the same communications channel. Do not take account of requests sent by email and do not reply using this communications channel.", "importance": 0, "uuid": "f50afe3d-22eb-453b-9c0f-3a8209ee42d0" }, { "code": "Relations with third parties_15", "description": "[authorized third parties] Check the legal basis of each request for communication.", "importance": 0, "uuid": "8cdc1082-78c0-4064-8ee0-2f43560f2a4f" }, { "code": "Relations with third parties_16", "description": "[authorized third parties] Authenticate the parties submitting the requests and only reply to them.", "importance": 0, "uuid": "4235ff42-c907-4089-9b07-1443ee2cbbb2" }, { "code": "Relations with third parties_17", "description": "[authorized third parties] Reply strictly to the request by only supplying the data asked for in the request.", "importance": 0, "uuid": "39a72d0c-9c2e-43ee-8725-478cd01397e4" }, { "code": "Right of access and data portability_01", "description": "Determine the practical means that will be implemented to allow the exercise of the right of access. Individuals must be able to exercise this right as quickly as possible, within two months without exception (one month under the GDPR) for data, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and they must not incur expenses that exceed copying costs.", "importance": 0, "uuid": "676fcbe6-c3f9-45a5-8338-4cbfa5a8d1b7" }, { "code": "Right of access and data portability_02", "description": "Ensure that the right of access can always be exercised.", "importance": 0, "uuid": "e95147b7-c5ea-478b-9a58-1ff58779a065" }, { "code": "Right of access and data portability_03", "description": "Confirm that requests to exercise the right of access submitted on-site provide the identity of the individuals submitting requests and the identity of the individuals they may appoint as their representative.", "importance": 0, "uuid": "c10b1012-d440-426d-919e-4314090bb711" }, { "code": "Right of access and data portability_04", "description": "Confirm that requests to exercise the right of access submitted by regular mail are signed and accompanied by a photocopy of a piece of identification (which should not be retained unless proof must be kept) and that they specify a reply-to address.", "importance": 0, "uuid": "4a6e08eb-25a3-4705-87a6-00ae4dc26e0d" }, { "code": "Right of access and data portability_05", "description": "Confirm that requests to exercise the right of access submitted by email (using an encrypted channel if transmitted via the Internet) are accompanied by a digitized piece of identification (which should not be retained unless proof must be kept and, in that case, in black and white, low definition and as an encrypted file).", "importance": 0, "uuid": "d2f46aae-123a-4047-be3d-9c77d1b1cfe0" }, { "code": "Right of access and data portability_06", "description": "Ensure that all information that data subjects may request can be provided while still protecting the personal data of third parties.", "importance": 0, "uuid": "7a3dd186-475f-471d-9f5b-702cdf2aaed0" }, { "code": "Right of access and data portability_07", "description": "[medical files] Provide the information within eight days following the request and within two months if the information is more than five years old (as of the date on which the medical information was assembled).", "importance": 0, "uuid": "b0308ad7-11e9-440a-8a19-234b47f54bb9" }, { "code": "Right of access and data portability_08", "description": "[medical files] Allow those who hold parental rights (for minors) and legal representatives (for individuals subject to guardianship) to exercise the right of access.", "importance": 0, "uuid": "51777d5c-5290-4861-ada7-4b1fadac38a4" }, { "code": "Rights to rectification and erasure_01", "description": "Determine the practical means that will be implemented to permit the exercise of the right to rectification. Individuals must be able to exercise this right as quickly as possible, within two months without exception, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and must not involve any cost to them.", "importance": 0, "uuid": "3e5aca0a-a8eb-4005-b549-e14091d02295" }, { "code": "Rights to rectification and erasure_02", "description": "Ensure that the right to rectification may always be exercised.", "importance": 0, "uuid": "820e628b-f40d-4454-87b1-eb33e2c4cf7e" }, { "code": "Rights to rectification and erasure_03", "description": "Ensure that the right to rectification may always be exercised.", "importance": 0, "uuid": "2ae0587e-65dc-4c2a-9e02-557642a9ffce" }, { "code": "Rights to rectification and erasure_04", "description": "Ensure that the identity of individuals submitting requests will be verified.", "importance": 0, "uuid": "749726d9-1fad-4f68-97f9-9a9d6d3b7701" }, { "code": "Rights to rectification and erasure_05", "description": "Ensure that the accuracy of the corrections requested will be verified.", "importance": 0, "uuid": "3f2092db-7b8b-47b4-a1e3-5ad2e03c2b99" }, { "code": "Rights to rectification and erasure_06", "description": "Ensure that the data to be deleted are properly erased.", "importance": 0, "uuid": "443cde40-ee08-4089-b4d0-239af70e728f" }, { "code": "Rights to rectification and erasure_07", "description": "Ensure that the individuals submitting requests receive confirmation.", "importance": 0, "uuid": "89f0882c-0b65-47c9-85dd-c6a675ec890e" }, { "code": "Rights to rectification and erasure_08", "description": "Ensure that the third parties to whom the data may have been sent are informed of the corrections made.", "importance": 0, "uuid": "4dd00be3-f30a-4401-8bb8-475e79bf21d7" }, { "code": "Rights to rectification and erasure_09", "description": "Upon receiving an erasure request, inform the user if the personal data are going to be kept all the same (technical requirements, legal obligations.)", "importance": 0, "uuid": "fa8b29ba-bef5-484f-90ec-60dd75ea91bf" }, { "code": "Rights to rectification and erasure_10", "description": "Implementing the right to be forgotten for minors.", "importance": 0, "uuid": "8222db32-6b4d-4b60-b70b-422764a49dc5" }, { "code": "Rights to rectification and erasure_11", "description": "[online targeted advertising] Provide a way for individuals to access the areas of interest in their profile and a way to modify them. The individual's identity may be authenticated based on the information used to access his or her account or on the cookie (or equivalent) on his or her computer.", "importance": 0, "uuid": "68485fa9-6933-4444-81e8-91690350a102" }, { "code": "Rights to restriction and to object_01", "description": "Determine the practical means that will be implemented to allow individuals to exercise the right to object. Individuals must be able to exercise this right as quickly as possible, within two months without exception, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and must not involve any cost to them.", "importance": 0, "uuid": "7a35cf66-ace9-44fc-ae3d-4cbacab0d099" }, { "code": "Rights to restriction and to object_02", "description": "Ensure that the right to object may always be exercised and that the personal data collected and processed actually allow the exercise of the right to object.", "importance": 0, "uuid": "9ef3e939-b392-4567-9253-36e67d0657a1" }, { "code": "Rights to restriction and to object_03", "description": "Ensure that \"the interested party is able to express his or her choice prior to the final validation of his or her responses\".", "importance": 0, "uuid": "8f61de26-82bc-40bb-bbe7-b2205e26a885" }, { "code": "Rights to restriction and to object_04", "description": "Confirm that requests to exercise the right to object submitted on-site provide for verification of the identity of the individuals submitting requests and the identity of the individuals they may appoint as their representative.", "importance": 0, "uuid": "595a5219-5458-4c44-8593-0dd33334c199" }, { "code": "Rights to restriction and to object_05", "description": "Confirm that requests to exercise the right to object submitted by regular mail are signed and accompanied by a photocopy of a piece of identification (which should not be retained unless proof must be kept) and that they specify a reply-to address.", "importance": 0, "uuid": "5c557a20-1b92-4182-8712-b81b469ccd27" }, { "code": "Rights to restriction and to object_06", "description": "Confirm that requests to exercise the right to object submitted by email (using an encrypted channel if transmitted via the Internet) include a digitized piece of identification (which should not be retained unless proof must be kept and, in that case, in black and white, low definition and as an encrypted file).", "importance": 0, "uuid": "bb7a66aa-2629-4922-bb39-ea134171eea8" }, { "code": "Rights to restriction and to object_07", "description": "Ensure that individuals exercising their right to object provide legitimate grounds and that those grounds are evaluated (except in the case of marketing and processing for the purpose of health research, which provides the individual a discretionary right to object).", "importance": 0, "uuid": "97c2d533-638f-4b8a-974b-74d767f11301" }, { "code": "Rights to restriction and to object_08", "description": "Ensure that all recipients of the processing are notified of the objections submitted by the data subjects.", "importance": 0, "uuid": "e2421127-348a-4457-b196-1e7d88c67e82" }, { "code": "Rights to restriction and to object_09", "description": "[processing via telephone] Provide a mechanism allowing data subjects to express their objection by telephone.", "importance": 0, "uuid": "b53d86b0-4b43-45e2-bc95-d38f27521377" }, { "code": "Rights to restriction and to object_10", "description": "[processing via electronic form] Create an easily accessible form with opt-out boxes to check or allow the user to unsubscribe from a service (delete an account).", "importance": 0, "uuid": "a5742264-b164-426c-be4f-a8a2030e4768" }, { "code": "Rights to restriction and to object_11", "description": "[processing via email] Ensure that the sender of the messages is clearly identified.", "importance": 0, "uuid": "2b0fb90e-89d0-4030-b177-3bb617a63893" }, { "code": "Rights to restriction and to object_12", "description": "[processing via email] Ensure that the body of the messages relates to the subject of the messages.", "importance": 0, "uuid": "8d9c1918-8b86-47b3-a9f7-d7d78fe9c3fb" }, { "code": "Rights to restriction and to object_13", "description": "[processing via email] Allow recipients to object by responding to the message or by clicking on a link. Individuals should not be required to identify themselves to unsubscribe.", "importance": 0, "uuid": "cb78228a-4041-44a8-a689-bf6578874463" }, { "code": "Rights to restriction and to object_14", "description": "[processing via a connected object or mobile app] Existence of \"Privacy\" settings in mobile apps.", "importance": 0, "uuid": "6bb37898-960e-4ca7-98e7-95e81e4bddd3" }, { "code": "Rights to restriction and to object_15", "description": "[processing via a connected object or mobile app] Allow the mobile app user to object to the collection of special data.", "importance": 0, "uuid": "7459271b-d172-4ad6-81da-cb209817a995" }, { "code": "Rights to restriction and to object_16", "description": "[processing via a connected object or mobile app] Take underage users into account.", "importance": 0, "uuid": "44daf7b1-6e18-4b46-a66c-f79b94e4cfe2" }, { "code": "Rights to restriction and to object_17", "description": "[processing via a connected object or mobile app] Properly stop any collection of data where the user withdraws his/her consent.", "importance": 0, "uuid": "145b5b1e-fadd-46ee-942a-645112753615" }, { "code": "Risk management_01", "description": "List the personal data processing operations, whether automated or otherwise, the data processed (e.g. client files, contracts) and the supporting assets on which they rely.", "importance": 0, "uuid": "fe95ad70-790a-456e-a46e-1585608fe899" }, { "code": "Risk management_02", "description": "Assess the way in which the fundamental principles (information, consent, right of access, etc.) are respected.", "importance": 0, "uuid": "814d402c-daf5-4f3b-88e7-82cfc5f7b1c9" }, { "code": "Risk management_03", "description": "Assess the risks of each processing.", "importance": 0, "uuid": "c70188fa-c058-415e-a704-5f089a20faec" }, { "code": "Risk management_04", "description": "Implement and check the planned measures. Where the existing and planned measures are considered appropriate for guaranteeing the right level of security in light of the risks, their application and monitoring must be ensured.", "importance": 0, "uuid": "f5f11b9a-a9f1-4836-8da4-a3a7ef479e93" }, { "code": "Risk management_05", "description": "Make sure a security audit is carried out periodically \u2013 annually where possible. Each audit must be accompanied by an action plan, the implementation of which should be monitored at the highest level.", "importance": 0, "uuid": "9335ac84-9854-4c75-8841-c059c9e9ed6a" }, { "code": "Risk management_06", "description": "Update the map periodically and at each major change.", "importance": 0, "uuid": "09c8fe47-6d8e-4130-b6f4-98127bfe2eb2" }, { "code": "Staff management_01", "description": "Make sure that individuals who have access to personal data and the processing of such data are qualified for their jobs.", "importance": 0, "uuid": "7f6b0b2f-b85a-4b3d-a7ab-69d4d1a08f4d" }, { "code": "Staff management_02", "description": "Make sure that the working conditions of individuals with access to personal data and the processing of such data are satisfactory.", "importance": 0, "uuid": "c80aacb6-80d5-4222-92b7-d7482e0da130" }, { "code": "Staff management_03", "description": "Raise the awareness of individuals with access to personal data and the processing of such data about the risks associated with exploitation of their vulnerabilities.", "importance": 0, "uuid": "2aaa85f4-a8a1-4d03-940c-fed3552a5943" }, { "code": "Storage durations_01", "description": "Define, for each data category, storage durations that are time-limited and appropriate to the purpose of the processing and/or legal requirements.", "importance": 0, "uuid": "9364fb43-09ae-42e0-b273-8b2b0ff24d39" }, { "code": "Storage durations_02", "description": "Check that the processing enables the end of the storage duration to be detected (set up an automatic mechanism based on the date on which the data are created or last used).", "importance": 0, "uuid": "2d0ddcc8-aca7-4833-b10a-1ce35039f496" }, { "code": "Storage durations_03", "description": "Confirm that the processing allows the deletion of personal data when the storage duration expires and that the method chosen to delete them is appropriate to the risks to privacy of the data subjects.", "importance": 0, "uuid": "fb34159c-869f-47fd-afdb-07d7c5c6add6" }, { "code": "Storage durations_04", "description": "Once the storage duration has expired, subject to intermediate archiving of the necessary data, delete the data with immediate effect.", "importance": 0, "uuid": "e662c3c9-6b20-48fc-afbf-4940f89193a6" }, { "code": "Supervision_01", "description": "Regularly inspect personal data processing operations to ensure that they comply with GDPR as well as the effectiveness and appropriateness of planned measures.", "importance": 0, "uuid": "ab36dcfc-8acd-4ef4-9670-0951f2d038b4" }, { "code": "Supervision_02", "description": "Set data protection objectives in the field of privacy and define indicators for determining whether these objectives are met.", "importance": 0, "uuid": "46bac0c0-104c-498f-bb3e-af702c95c734" }, { "code": "Supervision_03", "description": "Regularly assess data protection.", "importance": 0, "uuid": "93b8e97a-f1bb-4962-a3e2-c78138ff0c93" }, { "code": "Surveillance_01", "description": "Set up a logging architecture that retains a record of security incidents and the time they occurred.", "importance": 0, "uuid": "5480b920-a87a-4e8d-903c-4e2b959a0749" }, { "code": "Surveillance_02", "description": "Select the incidents to be logged based on the context, supporting assets (including workstations, firewall, network equipment and servers), risks and legal framework.", "importance": 0, "uuid": "1e9bfd52-15f3-4d71-aded-d530a582999f" }, { "code": "Surveillance_03", "description": "Comply with the requirements of GDPR if the logged events include personal data.", "importance": 0, "uuid": "1c5e91ea-3a5e-4e49-a151-2d221f650842" }, { "code": "Surveillance_04", "description": "Conduct periodic analyses of the logged information, and if needs be establish a system that detects weak signals automatically.", "importance": 0, "uuid": "36c52a02-e84b-4850-aef7-6643002bbe07" }, { "code": "Surveillance_05", "description": "Retain the incident logs for six months unless legal and regulatory restrictions require specific storage durations.", "importance": 0, "uuid": "860a6f94-976b-4761-985c-c3a4d220be70" }, { "code": "Surveillance_06", "description": "[firewall] Establish a filtering policy that prohibits any direct communication between the internal workstations and the exterior (permit connections only via the firewall) and allow only those flows that are explicitly authorized (firewall blockage of all connections except those identified as necessary).", "importance": 0, "uuid": "b0998e5c-5e6f-4f1a-97f0-4997f2b1a8f2" }, { "code": "Surveillance_07", "description": "[firewall] Log all successful authorized connections and all rejected attempts to connect.", "importance": 0, "uuid": "bbaedcb2-560f-43a1-a28b-3a3fb9a77181" }, { "code": "Surveillance_08", "description": "[firewall] Export the logs via a secure channel to a dedicated server.", "importance": 0, "uuid": "6ef6c9a0-bcab-4aa5-9fe6-e848a88ad46a" }, { "code": "Surveillance_09", "description": "[network equipment] Log the activity on each port of a switch or a router.", "importance": 0, "uuid": "c0cd756e-dc5a-4cf7-aa43-da45f3fcbd60" }, { "code": "Surveillance_10", "description": "[network equipment] Export the logs to a dedicated server using an integrated client syslog or via a netflow.", "importance": 0, "uuid": "c2e4f784-1347-499f-a76d-180a78756afd" }, { "code": "Surveillance_11", "description": "[network equipment] Monitor the volume based on times and monitor compliance with any access control lists (ACL) for the routers.", "importance": 0, "uuid": "90a8ee4a-7138-44e2-a52d-a55ddeaf0b15" }, { "code": "Surveillance_12", "description": "[server] Log as much information as possible regarding client requests on the web servers to identify configuration defects and injections of SQL queries.", "importance": 0, "uuid": "e1b1359e-d937-4028-a6a2-1d3da2c2c44a" }, { "code": "Surveillance_13", "description": "[server] Log users' activity on the proxy servers.", "importance": 0, "uuid": "657c1b9d-6675-40b5-9a6d-5f29e4d12d7c" }, { "code": "Surveillance_14", "description": "[server] Log all queries made to the DNS servers, whether issued by Internet users or internal network clients.", "importance": 0, "uuid": "89954a92-cae7-4685-8ec1-552af649cc8f" }, { "code": "Surveillance_15", "description": "[server] Log the time- and date-stamped authentication data and the length of each connection on the remote access servers.", "importance": 0, "uuid": "43f776b1-40c5-4c10-b220-306e85583ac7" }, { "code": "Surveillance_16", "description": "[server] Log the reception and management of messages on the messaging servers.", "importance": 0, "uuid": "ebda03ad-7d72-45ab-8c85-f71b89ed797e" }, { "code": "Traceability_01", "description": "Depending on the country in question, justify the choice of remote hosting and indicate the legal supervision arrangements implemented in order to ensure adequate protection of the data which are subject to a cross-border transfer.", "importance": 0, "uuid": "c124943d-08c4-45b2-97ce-17eeff247a10" }, { "code": "Traceability_02", "description": "Set up user authentication making it possible to attribute the logged incidents.", "importance": 0, "uuid": "94de88c6-f55d-451b-a844-4c97bc3b677c" }, { "code": "Traceability_03", "description": "Comply with the requirements of GDPR as regards logged events attached to an identified user.", "importance": 0, "uuid": "e0e84602-ed80-4927-bd9e-cc4fc032869c" }, { "code": "Traceability_04", "description": "Conduct periodic analyses of the logged information and, if needs be, establish a system that detects abnormal activity automatically.", "importance": 0, "uuid": "04f41149-f24e-4120-aa99-78c0e30448c6" }, { "code": "Transfer outside EU_01", "description": "State the geographic storage location for the different types of processing data.", "importance": 0, "uuid": "9f6b1062-13cd-4ecb-a43c-bcbab3655af6" }, { "code": "Transfer outside EU_02", "description": "Depending on the country in question, justify the choice of remote hosting and indicate the legal supervision arrangements implemented in order to ensure adequate protection of the data which are subject to a cross-border transfer.", "importance": 0, "uuid": "94e7783a-5e67-45a6-a439-01f0492fdc1e" }, { "code": "Website_01", "description": "Use a certificate signed by an \"approved\" trusted root authority.", "importance": 0, "uuid": "d49de769-1ea6-4046-a829-5e1990c6042f" }, { "code": "Website_02", "description": "Traffic encryption must be guaranteed by TLS; then, it is necessary to configure the web server so that this only accepts this type of protocol (particularly exclude the SSL protocol and render encryption compulsory during SSL negotiations)", "importance": 0, "uuid": "d8f38e66-61a1-4033-b530-3cef1ec16aed" }, { "code": "Website_03", "description": "Define a Content-Security-Policy only including stakeholders whom you authorize to place content on your website.", "importance": 0, "uuid": "2e7e68ce-861c-417a-893e-5034dcb9f559" }, { "code": "Website_04", "description": "Conduct on-site security audits.", "importance": 0, "uuid": "ffca4dc3-0dff-4c78-95bd-0aca191f8f23" }, { "code": "Workstations_01", "description": "Ensure that the IT department provides users with workstations that are kept secure and in working order.", "importance": 0, "uuid": "b1fcea2c-d822-4ccf-9fb2-ba401a747610" }, { "code": "Workstations_02", "description": "Small workstations, especially laptops, can be easily stolen. They must therefore be equipped with anti-theft cables whenever their users are not nearby and the premises are not protected by physical security measures.", "importance": 0, "uuid": "6b75e464-9a3f-4e3f-8605-e6bf06e320df" }, { "code": "Workstations_03", "description": "Retrieve data, except for data defined as private or personal, from workstations before they are assigned to other persons.", "importance": 0, "uuid": "dd87892a-27d0-4680-be98-aa1d9372c722" }, { "code": "Workstations_04", "description": "Erase data from workstations before assigning them to other persons or if such workstations are shared.", "importance": 0, "uuid": "82ed5d4a-9600-407e-898e-eac4c2936f4f" }, { "code": "Workstations_05", "description": "Delete temporary data each time a person logs onto a shared workstation.", "importance": 0, "uuid": "c15b93e3-9ef1-4efb-a5f6-018c1d176b53" }, { "code": "Workstations_06", "description": "If a workstation becomes compromised, inspect the system for all signs of intrusion in order to determine whether other information has been compromised by the attacker.", "importance": 0, "uuid": "5b1d0450-a746-4688-97f5-08b1283c1db4" }, { "code": "Workstations_07", "description": "Maintain systems and applications up-to-date (versions, security patches, etc.) or, where this is not possible (e.g. applications available only on a system that is no longer supported by the software company), isolate the machine and closely monitor the logs.", "importance": 0, "uuid": "a50db22c-4108-4c18-8209-d860708f07a0" }, { "code": "Workstations_08", "description": "Document configurations and update them whenever major changes are made.", "importance": 0, "uuid": "caec7b23-f185-4bac-ac21-275f8c109b52" }, { "code": "Workstations_09", "description": "Reduce the possibilities of misuse.", "importance": 0, "uuid": "7002e5b3-1696-4cbb-b698-8e019bb3b0ef" }, { "code": "Workstations_10", "description": "Protect workstations access.", "importance": 0, "uuid": "5e0092bc-7eb8-4599-8a0a-728aa7e224cf" }, { "code": "Workstations_11", "description": "Enable protection measures afforded by the system and the applications.", "importance": 0, "uuid": "390ad031-333f-4449-bf96-5aa2b34f02ac" }, { "code": "Workstations_12", "description": "Prohibit local sharing of directories or data on workstations.", "importance": 0, "uuid": "7b5ff016-d3fc-4468-88a0-8a73cb5e153c" }, { "code": "Workstations_13", "description": "Store user data on a backed-up network space, not on workstations.", "importance": 0, "uuid": "9dc44b61-d124-47f5-a272-25023edea841" }, { "code": "Workstations_14", "description": "If data must be stored on a local workstation, provide users with means of synchronization or backup and inform them how to use these means.", "importance": 0, "uuid": "130bf4ae-d3f4-4409-96a1-0d91c37f261e" }, { "code": "Workstations_15", "description": "Secure the configuration of Web browsers.", "importance": 0, "uuid": "6481e72d-5c49-40a0-bedb-452ac59836ff" }, { "code": "Workstations_16", "description": "Deploy a secure browser on all servers that are to be used to access the Internet or an intranet.", "importance": 0, "uuid": "72bf8a1c-b98c-476d-8d6a-4feb688d8e70" }, { "code": "Workstations_17", "description": "Limit the number of plugins, remove any that are not used, regularly update those that are left installed.", "importance": 0, "uuid": "319fcc62-4d32-4903-9ba1-aef7d58c0900" }, { "code": "Workstations_18", "description": "Prohibit the use of downloaded applications that are not from safe sources.", "importance": 0, "uuid": "df180601-4736-4f3f-a3ff-aee76f31a5ea" }, { "code": "Workstations_19", "description": "Search for exploitable vulnerabilities.", "importance": 0, "uuid": "1399ed3f-423f-4a7f-8143-646477f3bb22" }, { "code": "Workstations_20", "description": "Check system integrity using integrity checkers (which check the integrity of selected files).", "importance": 0, "uuid": "87b654c1-47a5-4c35-848b-f53a8404907a" }, { "code": "Workstations_21", "description": "Confirm that the maximum size of the incident logs is adequate and, in particular, that the oldest incidents are not automatically deleted if the maximum size is reached.", "importance": 0, "uuid": "f36a4d0b-ba0b-4c36-bca6-39f5ee193e1d" }, { "code": "Workstations_22", "description": "Log application, security and system-related incidents.", "importance": 0, "uuid": "02cc65ae-2522-4ebf-97a0-4f3d3230736e" }, { "code": "Workstations_23", "description": "Export the logs using domain management functionalities or via a client syslog.", "importance": 0, "uuid": "c74af249-f469-40e3-bee4-631299caf240" }, { "code": "Workstations_24", "description": "Analyze primarily the connection and disconnection times, the type of protocol used to connect and the type of user who uses it, the original IP connection address, successive connection failures and unplanned interruptions of applications or tasks.", "importance": 0, "uuid": "3a08d397-5234-43c4-bef4-74c23bd83bab" }, { "code": "Workstations_25", "description": "[mobile devices] Encrypt personal data stored on mobile devices.", "importance": 0, "uuid": "3c61efd4-f671-49ac-8137-e942341c0d75" }, { "code": "Workstations_26", "description": "[mobile devices] Limit the amount of personal data stored on mobile devices to the strict minimum, and prohibit such storage during travel abroad if needs be.", "importance": 0, "uuid": "1e3d14e1-2acd-4510-9428-52222cb5366e" }, { "code": "Workstations_27", "description": "[mobile devices] Ensure the availability of personal data stored on mobile devices.", "importance": 0, "uuid": "afd91008-7339-4160-8193-998cc570f2e5" }, { "code": "Workstations_28", "description": "[mobile devices] Erase personal data from mobile devices as soon as such data is entered in the organization's information system.", "importance": 0, "uuid": "07b2d2df-e1b9-4752-9be9-aab849ac6bda" }, { "code": "Workstations_29", "description": "[mobile devices] Place privacy filters on mobile devices whenever they are used outside the organization.", "importance": 0, "uuid": "55607dc8-949c-4d95-a216-f602a0d61958" }, { "code": "Workstations_30", "description": "[smartphones] Configure smartphones before delivering them to users.", "importance": 0, "uuid": "b84dfff8-2705-4b25-8fc7-eea8b61f9af4" }, { "code": "Workstations_31", "description": "[smartphones] Inform users, such as in a memo provided at delivery, about how to use their phone, the applications installed on it (e.g. Business Mail, Exchange, etc.), the services provided, and the security rules to be followed.", "importance": 0, "uuid": "96e207b0-160a-4d9f-818c-5a6098b88685" }, { "code": "Workstations_32", "description": "[server] Isolate the server from the rest of the network in a specific DMZ or VLAN, use up-to-date virus, spyware and spam protection, immediately install operating system security updates, authenticate devices with digital certificates (where possible), etc.", "importance": 0, "uuid": "df5cfbbc-c589-49ac-ac0c-4eafe4e815ee" }, { "code": "Workstations_33", "description": "[smartphones] Secure phones at the end of their life cycle.", "importance": 0, "uuid": "28662b29-7c3b-43cd-8ba8-952298ae3a8f" } ], "version": 1 } 2021-04-13T13:03:22.339585+00:00 https://objects.monarc.lu/object/get/5122 2023-03-31T19:15:40.036486+00:00 MONARC { "a": true, "c": false, "code": "COVID-19", "description": "Corona virus", "i": false, "label": "Corona virus", "language": "EN", "theme": "Loss of essential services", "uuid": "1d5d4e81-1b8a-46eb-a00f-6c6d35ef816d" } 2021-04-13T13:06:49.310656+00:00 https://objects.monarc.lu/object/get/5203 2023-03-31T19:15:40.036237+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "Preventive measures to avoid the contanination and to lower the impact of a contamination of an employee with COVID-19", "language": "EN", "refs": [ "https://gouvernement.lu/coronavirus" ], "uuid": "8e0715b2-192e-4535-b0cb-d62f71e33ce1", "values": [ { "code": "COVID-19_Rec-1", "description": "Wash your hands regularly and properly.", "importance": 3, "uuid": "43a89c13-8660-4ee4-83e5-98fda07031cf" }, { "code": "COVID-19_Rec-2", "description": "Do you cough or sneeze? Do it in a tissue or in the crease of the elbow. Throw the tissue in a bin with a lid.", "importance": 3, "uuid": "6031a6a6-f840-4e9a-8487-c8ac7d63db9f" }, { "code": "COVID-19_Rec-3", "description": "Avoid shaking hands or kissing.", "importance": 3, "uuid": "9dc7bc8f-5433-4518-8261-a00ec0c8fd6a" }, { "code": "COVID-19_Rec-4", "description": "Avoid close contact with sick people (keep a distance of at least 2 meters).", "importance": 3, "uuid": "5e9f15cb-cf84-44b7-8388-d7c063e45eff" }, { "code": "COVID-19_Rec-5", "description": "Stay home if you are sick. Don't go to work!", "importance": 3, "uuid": "b505aa3e-369f-49e4-b65a-3a8c0f2d3ce2" }, { "code": "COVID-19_Rec-6", "description": "Avoid touching your face with your hands as much as possible.", "importance": 3, "uuid": "880e6e99-c4a1-4f5f-82f8-41c6609a7ff1" }, { "code": "COVID-19_Rec-7", "description": "Keep up-to-date documentation of workflows.", "importance": 3, "uuid": "67bbd888-c5d7-4ccb-804a-befee66eea49" }, { "code": "COVID-19_Rec-8", "description": "Regularly train employees in order to prevent single point of failure.", "importance": 3, "uuid": "69fd1d1c-c848-4c0b-b3d9-92e9b03984a4" } ], "version": 1 } 2021-04-13T13:07:02.477106+00:00 https://objects.monarc.lu/object/get/5200 2023-03-31T19:15:40.035263+00:00 MISP { "authors": [ "Various" ], "label": "Preventive Measure", "uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65", "values": [ { "code": "Backup and Restore Process", "description": "Make sure to have adequate backup processes on place and frequently test a restore of these backups.(Schr\u00f6dinger's backup - it is both existent and non-existent until you've tried a restore", "importance": 0, "uuid": "5f942376-ea5b-4b23-9c26-81d3aeba7fb4" }, { "code": "Block Macros", "description": "Disable macros in Office files downloaded from the Internet. This can be configured to work in two different modes:A.) Open downloaded documents in 'Protected View'B.) Open downloaded documents and block all macros", "importance": 0, "uuid": "79563662-8d92-4fd1-929a-9b8926a62685" }, { "code": "Disable WSH", "description": "Disable Windows Script Host", "importance": 0, "uuid": "e6df1619-f8b3-476c-b5cf-22b4c9e9dd7f" }, { "code": "Filter Attachments Level 1", "description": "Filter the following attachments on your mail gateway:.ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .ht, .hta, .inf, .ins, .isp, .jar, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .ocx, .pcd, .ps1, .reg, .scr, .sct, .shs, .svg, .url, .vb, .vbe, .vbs, .wbk, .wsc, .ws, .wsf, .wsh, .exe, .pif, .pub", "importance": 0, "uuid": "7055b72b-b113-4f93-8387-e6f58ce5fc92" }, { "code": "Filter Attachments Level 2", "description": "Filter the following attachments on your mail gateway:(Filter expression of Level 1 plus) .doc, .xls, .rtf, .docm, .xlsm, .pptm", "importance": 0, "uuid": "8c9bbbf5-a321-4eb1-8c03-a399a9687687" }, { "code": "Restrict program execution", "description": "Block all program executions from the %LocalAppData% and %AppData% folder", "importance": 0, "uuid": "6a234b1d-8e86-49c4-91d6-cc3be3d04f74" }, { "code": "Show File Extensions", "description": "Set the registry key \"HideFileExt\" to 0 in order to show all file extensions, even of known file types. This helps avoiding cloaking tricks that use double extensions. (e.g. \"not_a_virus.pdf.exe\")", "importance": 0, "uuid": "5b911d46-66c8-4180-ab97-663a0868264e" }, { "code": "Enforce UAC Prompt", "description": "Enforce administrative users to confirm an action that requires elevated rights", "importance": 0, "uuid": "3f8c55db-611e-4831-b624-f9cbdc3b0e11" }, { "code": "Remove Admin Privileges", "description": "Remove and restrict administrative rights whenever possible. Malware can only modify files that users have write access to.", "importance": 0, "uuid": "168f94d3-4ffc-4ea6-8f2e-8ba699f0fef6" }, { "code": "Restrict Workstation Communication", "description": "Activate the Windows Firewall to restrict workstation to workstation communication", "importance": 0, "uuid": "fb25c345-0cee-4ae7-ab31-c1c801cde1c2" }, { "code": "Sandboxing Email Input", "description": "Using sandbox that opens email attachments and removes attachments based on behavior analysis", "importance": 0, "uuid": "7960740f-71a5-42db-8a1a-1c7ccbf83349" }, { "code": "Execution Prevention", "description": "Software that allows to control the execution of processes - sometimes integrated in Antivirus softwareFree: AntiHook, ProcessGuard, System Safety Monitor", "importance": 0, "uuid": "bfda0c9e-1303-4861-b028-e0506dd8861c" }, { "code": "Change Default \"Open With\" to Notepad", "description": "Force extensions primarily used for infections to open up in Notepad rather than Windows Script Host or Internet Explorer", "importance": 0, "uuid": "3b7bc1b2-e04f-4492-b3b1-87bb6701635b" }, { "code": "File Screening", "description": "Server-side file screening with the help of File Server Resource Manager", "importance": 0, "uuid": "79769940-7cd2-4aaa-80da-b90c0372b898" }, { "code": "Restrict program execution #2", "description": "Block program executions (AppLocker)", "importance": 0, "uuid": "feb6cddb-4182-4515-94dc-0eadffcdc098" }, { "code": "EMET", "description": "Detect and block exploitation techniques", "importance": 0, "uuid": "5f0a749f-88f2-4e6e-8fd8-46307f8439f6" }, { "code": "Sysmon", "description": "Detect Ransomware in an early stage with new Sysmon 5 File/Registry monitoring", "importance": 0, "uuid": "1b1e5664-4250-459b-adbb-f0b33f64bf7e" }, { "code": "Blacklist-phone-numbers", "description": "Filter the numbers at phone routing level including PABX", "importance": 0, "uuid": "123e20c5-8f44-4de5-a183-6890788e5a81" }, { "code": "ACL", "description": "Restrict access to shares users should not be allowed to write to", "importance": 0, "uuid": "3e7a7fb5-8db2-4033-8f4f-d76721819765" } ], "version": 3 } 2021-04-13T13:08:05.850559+00:00 https://objects.monarc.lu/object/get/5204 2023-03-31T19:15:40.034987+00:00 MONARC { "authors": [ "MITRE ATT&CK\u00ae" ], "label": "MITRE ATT&CK - Mobile Mitigations", "language": "EN", "refs": [ "https://attack.mitre.org/mitigations/mobile/" ], "uuid": "f3caa83b-28fb-49fd-b7ad-6e4cd1aaad07", "values": [ { "code": "M1013 - Application Developer Guidance", "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.", "importance": 0, "uuid": "90624dfc-21b6-4172-8848-a4042860656b" }, { "code": "M1005 - Application Vetting", "description": "Enterprises can vet applications for exploitable vulnerabilities or unwanted (privacy-invasive or malicious) behaviors. Enterprises can inspect applications themselves or use a third-party service.", "importance": 0, "uuid": "7fd9df45-7351-420c-8116-57d48fa23c40" }, { "code": "M1002 - Attestation", "description": "Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.", "importance": 0, "uuid": "5617161e-a40d-461a-ae8e-6a0650392e3a" }, { "code": "M1007 - Caution with Device Administrator Access", "description": "Warn device users not to accept requests to grant Device Administrator access to applications without good reason.", "importance": 0, "uuid": "63138250-3821-45f3-a820-55d0ffa30367" }, { "code": "M1010 - Deploy Compromised Device Detection Method", "description": "A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.", "importance": 0, "uuid": "6501d616-1a60-4b38-a40a-847ad5d28058" }, { "code": "M1009 - Encrypt Network Traffic", "description": "Application developers should encrypt all of their application network traffic using the Transport Layer Security (TLS) protocol to ensure protection of sensitive data and deter network-based attacks. If desired, application developers could perform message-based encryption of data before passing it for TLS encryption.", "importance": 0, "uuid": "c591b8fd-5f57-4064-b5c5-f0acd38ae41f" }, { "code": "M1012 - Enterprise Policy", "description": "An enterprise mobility management (EMM), also known as mobile device management (MDM), system can be used to provision policies to mobile devices to control aspects of their allowed behavior.", "importance": 0, "uuid": "b141135f-2c2f-4588-9d4c-6c7abd243e23" }, { "code": "M1014 - Interconnection Filtering", "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests.", "importance": 0, "uuid": "6066f816-7914-4228-96b6-155f4501d70c" }, { "code": "M1003 - Lock Bootloader", "description": "On devices that provide the capability to unlock the bootloader (hence allowing any operating system code to be flashed onto the device), perform periodic checks to ensure that the bootloader is locked.", "importance": 0, "uuid": "148c35e1-7837-42a2-9884-4e475a48e6a3" }, { "code": "M1001 - Security Updates", "description": "Install security updates in response to discovered vulnerabilities.", "importance": 0, "uuid": "057adb3d-1eeb-4f04-a9c6-c08b514bc785" }, { "code": "M1004 - System Partition Integrity", "description": "Ensure that Android devices being used include and enable the Verified Boot capability, which cryptographically ensures the integrity of the system partition.", "importance": 0, "uuid": "daa42611-836d-464e-aab5-80d41da314cf" }, { "code": "M1006 - Use Recent OS Version", "description": "New mobile operating system versions bring not only patches against discovered vulnerabilities but also often bring security architecture improvements that provide resilience against potential vulnerabilities or weaknesses that have not yet been discovered. They may also bring improvements that block use of observed adversary techniques.", "importance": 0, "uuid": "f4bbe273-dc6c-4b5d-8c66-286effded2c7" }, { "code": "M1011 - User Guidance", "description": "Describes any guidance or training given to users to set particular configuration settings or avoid specific potentially risky behaviors.", "importance": 0, "uuid": "8f023e31-b83d-4323-ba0e-888ec025b35f" } ], "version": 6.3 } 2021-04-13T13:09:24.093861+00:00 https://objects.monarc.lu/object/get/5205 2023-03-31T19:15:40.034447+00:00 MONARC { "authors": [ "MITRE ATT&CK\u00ae" ], "label": "MITRE ATT&CK - Enterprise Mitigations", "language": "EN", "refs": [ "https://attack.mitre.org/mitigations/enterprise/" ], "uuid": "355a1506-4d46-4ace-a044-234ba5cc00e4", "values": [ { "code": "M1036 - Account Use Policies", "description": "Configure features related to account use like login attempt lockouts, specific login times, etc.", "importance": 0, "uuid": "5fc7d0fc-e28d-4f7a-a403-7e7bdda88e0d" }, { "code": "M1015 - Active Directory Configuration", "description": "Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.", "importance": 0, "uuid": "4aa9409f-bf4c-43c4-985b-a1435854c378" }, { "code": "M1049 - Antivirus/Antimalware", "description": "Use signatures or heuristics to detect malicious software.", "importance": 0, "uuid": "26347771-8c53-40f8-8416-de6ebce40d52" }, { "code": "M1013 - Application Developer Guidance", "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.", "importance": 0, "uuid": "a45f1b4e-169a-4ce9-b1a8-aa3a06eda460" }, { "code": "M1048 - Application Isolation and Sandboxing", "description": "Restrict execution of code to a virtual environment on or in transit to an endpoint system.", "importance": 0, "uuid": "b01fca12-12d0-498b-a2ea-d6d526094393" }, { "code": "M1047 - Audit", "description": "Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.", "importance": 0, "uuid": "fe0afbce-14d2-4fc0-b9d9-0ded2d2d46bf" }, { "code": "M1040 - Behavior Prevention on Endpoint", "description": "Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.", "importance": 0, "uuid": "2d4bd512-601b-428d-8c96-93eb0f8ab270" }, { "code": "M1046 - Boot Integrity", "description": "Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.", "importance": 0, "uuid": "7b98e144-2052-4365-a644-e439dd0b50f3" }, { "code": "M1045 - Code Signing", "description": "Enforce binary and application integrity with digital signature verification to prevent untrusted code from executing.", "importance": 0, "uuid": "b1bf2dc7-78a8-42d5-8912-3aff922f2c53" }, { "code": "M1043 - Credential Access Protection", "description": "Use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping.", "importance": 0, "uuid": "645905d3-2e47-45e8-b61d-35ee230d162c" }, { "code": "M1053 - Data Backup", "description": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.", "importance": 0, "uuid": "f687063a-4811-4782-9e6d-47368554818c" }, { "code": "M1042 - Disable or Remove Feature or Program", "description": "Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.", "importance": 0, "uuid": "479cf2d6-6772-4b07-9e3d-748c3c64acdd" }, { "code": "M1055 - Do Not Mitigate", "description": "This category is to associate techniques that mitigation might increase risk of compromise and therefore mitigation is not recommended.", "importance": 0, "uuid": "a5927ec6-60da-4367-8e4e-a6db261c2433" }, { "code": "M1041 - Encrypt Sensitive Information", "description": "Protect sensitive information with strong encryption.", "importance": 0, "uuid": "5c4c5b69-fc94-4922-b9a3-c7a621faaca8" }, { "code": "M1039 - Environment Variable Permissions", "description": "Prevent modification of environment variables by unauthorized users and groups.", "importance": 0, "uuid": "2ffd3b45-aa5f-4363-a6e9-c9c8dec111b6" }, { "code": "M1038 - Execution Prevention", "description": "Block execution of code on a system through application whitelisting, blacklisting, and/or script blocking.", "importance": 0, "uuid": "4d4ea32d-ec56-4eba-b22a-0ef3a1946a21" }, { "code": "M1050 - Exploit Protection", "description": "Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.", "importance": 0, "uuid": "25a8c89c-382f-4431-87ea-3b886e07c1ab" }, { "code": "M1037 - Filter Network Traffic", "description": "Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.", "importance": 0, "uuid": "c50e3dd7-d87b-498c-892c-d0683c38b1e1" }, { "code": "M1035 - Limit Access to Resource Over Network", "description": "Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.", "importance": 0, "uuid": "bb516ce1-5241-428b-ad41-ef292ef4b691" }, { "code": "M1034 - Limit Hardware Installation", "description": "Block users or groups from installing or using unapproved hardware on systems, including USB devices.", "importance": 0, "uuid": "ac4469fb-cfa0-4979-8a0e-d5137e1cf750" }, { "code": "M1033 - Limit Software Installation", "description": "Block users or groups from installing unapproved software.", "importance": 0, "uuid": "cdddeaa0-0ff7-4dda-8d8d-2836bd65862f" }, { "code": "M1032 - Multi-factor Authentication", "description": "Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.", "importance": 0, "uuid": "65bcbe9f-e7cb-4262-b5d4-dddc79bb4740" }, { "code": "M1031 - Network Intrusion Prevention", "description": "Use intrusion detection signatures to block traffic at network boundaries.", "importance": 0, "uuid": "cd1c61bb-0655-4d10-93a8-4f19fe409802" }, { "code": "M1030 - Network Segmentation", "description": "Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network.", "importance": 0, "uuid": "992b2dff-d6d5-4af8-adf6-e05a21c48fcb" }, { "code": "M1028 - Operating System Configuration", "description": "Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques.", "importance": 0, "uuid": "33242a01-d66e-4361-9cd0-6c84e5ed405a" }, { "code": "M1027 - Password Policies", "description": "Set and enforce secure password policies for accounts.", "importance": 0, "uuid": "87f7ae7d-d7af-40e5-8e26-ed046e49ecec" }, { "code": "M1026 - Privileged Account Management", "description": "Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.", "importance": 0, "uuid": "237dc8eb-d3e8-4561-80c9-d6c10f3101dd" }, { "code": "M1025 - Privileged Process Integrity", "description": "Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures.", "importance": 0, "uuid": "4f82cb16-f43a-4032-bebb-63e901dc669d" }, { "code": "M1029 - Remote Data Storage", "description": "Use remote security log and sensitive file storage where access can be controlled better to prevent exposure of intrusion detection log data or sensitive information.", "importance": 0, "uuid": "cb442fee-310a-4bd4-a5ac-0607a1132d80" }, { "code": "M1022 - Restrict File and Directory Permissions", "description": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.", "importance": 0, "uuid": "556d2fa4-ec80-4012-8d42-cf2aa003883c" }, { "code": "M1044 - Restrict Library Loading", "description": "Prevent abuse of library loading mechanisms in the operating system and software to load untrusted code by configuring appropriate library loading mechanisms and investigating potential vulnerable software.", "importance": 0, "uuid": "81ff3e62-c8a5-437d-90af-a90a77a7240b" }, { "code": "M1024 - Restrict Registry Permissions", "description": "Restrict the ability to modify certain hives or keys in the Windows Registry.", "importance": 0, "uuid": "4a464358-5cb8-471b-8f42-b222cff6ee23" }, { "code": "M1021 - Restrict Web-Based Content", "description": "Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.", "importance": 0, "uuid": "0874d800-bded-4bd1-a5a8-d68f83db734e" }, { "code": "M1054 - Software Configuration", "description": "Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.", "importance": 0, "uuid": "7a99e33f-0fb4-487a-b965-f19d7c6d0977" }, { "code": "M1020 - SSL/TLS Inspection", "description": "Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.", "importance": 0, "uuid": "e4cf1546-a2cb-4d8d-8bd2-a88bd60b2fb4" }, { "code": "M1019 - Threat Intelligence Program", "description": "A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities to mitigate risk.", "importance": 0, "uuid": "1af3aa74-5d49-4285-a9d1-a15cc9fb84b9" }, { "code": "M1051 - Update Software", "description": "Perform regular software updates to mitigate exploitation risk.", "importance": 0, "uuid": "541d848f-2672-42f6-be1c-6b1b0f76100e" }, { "code": "M1052 - User Account Control", "description": "Configure Windows User Account Control to mitigate risk of adversaries obtaining elevated process access.", "importance": 0, "uuid": "3d3be1de-7d06-4f89-a8a5-c73e06384f4d" }, { "code": "M1018 - User Account Management", "description": "Manage the creation, modification, use, and permissions associated to user accounts.", "importance": 0, "uuid": "8d1fcda5-0e35-43c8-aab5-2b2bebf97c4c" }, { "code": "M1017 - User Training", "description": "Train users to to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.", "importance": 0, "uuid": "9e318f0b-0864-4150-a50c-6e1118dd69e7" }, { "code": "M1016 - Vulnerability Scanning", "description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.", "importance": 0, "uuid": "406160f2-9c33-44c2-b1d2-852478fe050d" } ], "version": 6.3 } 2021-04-13T13:10:22.882035+00:00 https://objects.monarc.lu/object/get/5207 2023-03-31T19:15:40.033090+00:00 Various contributors { "authors": [ "S3cN3tSys" ], "label": "CIS Controls v8 safeguards", "language": "EN", "refs": [ "https://www.cisecurity.org/controls/v8/" ], "uuid": "e104cdf4-2fff-4989-9636-c16ddd8b2a78", "values": [ { "code": "1.1-Devices-Identify-IG1", "description": "Inventory and control of enterprise assets-Establish and maintain detailed enterprise asset inventory", "importance": 0, "uuid": "bddbfd9a-bd01-4818-9b0f-59b876243c90" }, { "code": "1.2-Devices-Respond-IG1", "description": "Inventory and control of enterprise assets-Address unauthorized assets", "importance": 0, "uuid": "df7b8cf0-93ef-49ce-bb41-3ae405ed0953" }, { "code": "1.3-Devices-Detect-IG2", "description": "Inventory and control of enterprise assets-Utilize an active discovery tool", "importance": 0, "uuid": "0a290b75-f9a0-4103-a5ee-95900765c420" }, { "code": "1.4-Devices-Identify-IG2", "description": "Inventory and control of enterprise assets-Use dynamic host configuration protocol (DHCP) logging to update enterprise asset inventory", "importance": 0, "uuid": "b511f821-a439-4591-b3ae-018e4669ecd2" }, { "code": "1.5-Devices-Detect-IG3", "description": "Inventory and control of enterprise assets-Use a passive asset discovery tool", "importance": 0, "uuid": "e087cb99-8458-46e9-a685-d8b9c1d90309" }, { "code": "10.1-Devices-Protect-IG1", "description": "Malware defenses-Deploy and maintain anti-malware software", "importance": 0, "uuid": "3dc09e1e-964f-465d-81b3-e7bee3dc4fc2" }, { "code": "10.2-Devices-Protect-IG1", "description": "Malware defenses-Configure automatic anti-malware signature updates", "importance": 0, "uuid": "d6c49f98-6204-42e6-a1f4-f0f7206e2485" }, { "code": "10.3-Devices-Protect-IG1", "description": "Malware defenses-Disable autorun and autoplay for removable media", "importance": 0, "uuid": "d25cd6be-da2a-4262-9949-168cdd555c36" }, { "code": "10.4-Devices-Detect-IG2", "description": "Malware defenses-Configure automatic anti-malware scanning of removable media", "importance": 0, "uuid": "0f85c704-796b-4620-ab3b-307d870cf02e" }, { "code": "10.5-Devices-Protect-IG2", "description": "Malware defenses-Enable anti-exploitation features", "importance": 0, "uuid": "71bcef8a-b0f9-4a9d-8736-7106eed100aa" }, { "code": "10.6-Devices-Protect-IG2", "description": "Malware defenses-Centrally manage anti-malware software", "importance": 0, "uuid": "992326df-4230-4411-8369-271031da8fd3" }, { "code": "10.7-Devices-Detect-IG2", "description": "Malware defenses-Use behavior-based anti-malware software", "importance": 0, "uuid": "5ff9342c-ef4b-4a94-846b-116449b816cc" }, { "code": "11.1-Data-Recover-IG1", "description": "Data recovery-Establish and maintain a data recovery process", "importance": 0, "uuid": "a13ea0ef-ffb0-40b1-ad2a-12575023abc3" }, { "code": "11.2-Data-Recover-IG1", "description": "Data recovery-Perform automated backups", "importance": 0, "uuid": "5d962f76-f06c-4ac8-8719-1e076bc045fa" }, { "code": "11.3-Data-Protect-IG1", "description": "Data recovery-Protect recovery data", "importance": 0, "uuid": "8f1aea43-f84d-42f8-963b-f022bc26e0f0" }, { "code": "11.4-Data-Recover-IG1", "description": "Data recovery-Establish and maintain an isolated instance of recovery data", "importance": 0, "uuid": "1856b595-3895-4dff-9ceb-558abec393f2" }, { "code": "11.5-Data-Recover-IG2", "description": "Data recovery-Test data recovery", "importance": 0, "uuid": "d54a8077-661a-4aaa-b90e-f61e23764513" }, { "code": "12.1-Network-Protect-IG1", "description": "Network infrastructure management-Ensure network infrastructure is up-to-date", "importance": 0, "uuid": "6f3c9210-54be-4aef-a326-c46389d34e5a" }, { "code": "12.2-Network-Protect-IG2", "description": "Network infrastructure management-Establish and maintain a secure network architecture", "importance": 0, "uuid": "3b941a78-f75b-4b7d-9565-c3840af19471" }, { "code": "12.3-Network-Protect-IG2", "description": "Network infrastructure management-Securely manage network infrastructure", "importance": 0, "uuid": "b3a03b9b-5f74-4a5b-9043-8662221dcde5" }, { "code": "12.4-Network-Identify-IG2", "description": "Network infrastructure management-Establish and maintain architecture diagram(s)", "importance": 0, "uuid": "d6bb7326-163d-4c9d-a94c-f910a345cc55" }, { "code": "12.5-Network-Protect-IG2", "description": "Network infrastructure management-Centralize network authentication; authorization; and auditing (AAA)", "importance": 0, "uuid": "bb69f5e6-5745-4a70-b863-248ba2a6fae2" }, { "code": "12.6-Network-Protect-IG2", "description": "Network infrastructure management-Use of secure network management and communication protocols", "importance": 0, "uuid": "ad65c163-116b-4ff9-afc1-d2986362958c" }, { "code": "12.7-Devices-Protect-IG2", "description": "Network infrastructure management-Ensure remote devices utilize a vpn and are connecting to an enterprises aaa infrastructure", "importance": 0, "uuid": "10779a71-e1a5-40bc-8035-65c1e879b3fb" }, { "code": "12.8-Devices-Protect-IG3", "description": "Network infrastructure management-Establish and maintain dedicated computing resources for all administrative work", "importance": 0, "uuid": "6b2e129e-7212-418f-b73e-98ece0f5495a" }, { "code": "13.1-Network-Detect-IG2", "description": "Network monitoring and defense-Centralize security event alerting", "importance": 0, "uuid": "67f9d216-3a19-41fe-9867-3ad72e46a8e4" }, { "code": "13.1-Network-Protect-IG2", "description": "Network monitoring and defense-Perform application layer filtering", "importance": 0, "uuid": "7ceb6e84-5b91-4768-bac2-f5f378b17d39" }, { "code": "13.11-Network-Detect-IG3", "description": "Network monitoring and defense-Tune security event alerting thresholds", "importance": 0, "uuid": "c36588b7-3795-4d29-aeb1-cad9779e071e" }, { "code": "13.2-Devices-Detect-IG2", "description": "Network monitoring and defense-Deploy a host-based intrusion detection solution", "importance": 0, "uuid": "8b0e9aa6-563d-4932-b84e-42f7f5fa4b66" }, { "code": "13.3-Network-Detect-IG2", "description": "Network monitoring and defense-Deploy a network intrusion detection solution", "importance": 0, "uuid": "8ad4ac5f-27d8-4088-8fdf-428dbca182ef" }, { "code": "13.4-Network-Protect-IG2", "description": "Network monitoring and defense-Perform traffic filtering between network segments", "importance": 0, "uuid": "926bbf48-ac93-47b4-9c88-e18f3d2e0dd5" }, { "code": "13.5-Devices-Protect-IG2", "description": "Network monitoring and defense-Manage access control for remote assets", "importance": 0, "uuid": "077f28d8-ad9f-429d-96dc-31f91b7daf3c" }, { "code": "13.6-Network-Detect-IG2", "description": "Network monitoring and defense-Collect network traffic flow logs ", "importance": 0, "uuid": "db99bd9e-2b52-4513-9385-7ccb7fec8325" }, { "code": "13.7-Devices-Protect-IG3", "description": "Network monitoring and defense-Deploy a host-based intrusion prevention solution", "importance": 0, "uuid": "8fc8c868-4a72-4a49-af62-01b0b7931475" }, { "code": "13.8-Network-Protect-IG3", "description": "Network monitoring and defense-Deploy a network intrusion prevention solution", "importance": 0, "uuid": "ed739bd6-2fce-416c-a24a-9a85d0a205d0" }, { "code": "13.9-Devices-Protect-IG3", "description": "Network monitoring and defense-Deploy port-level access control", "importance": 0, "uuid": "d97e7de7-32d7-45bd-a149-c60c68b205a1" }, { "code": "14.1-N/A-Protect", "description": "Security awareness and skills training-Establish and maintain a security awareness program", "importance": 0, "uuid": "242c4eef-df6b-4111-b443-c748405d7612" }, { "code": "14.2-N/A-Protect", "description": "Security awareness and skills training-Train workforce members to recognize social engineering attacks", "importance": 0, "uuid": "f9f5f9e1-2909-467a-995f-6aa98e5d5c64" }, { "code": "14.3-N/A-Protect", "description": "Security awareness and skills training-Train workforce members on authentication best practices", "importance": 0, "uuid": "7c0e7f6a-7e63-4837-b1af-64fc4a33094e" }, { "code": "14.4-N/A-Protect", "description": "Security awareness and skills training-Train workforce on data handling best practices", "importance": 0, "uuid": "4d0e4320-e854-4787-ac37-d9781582481b" }, { "code": "14.5-N/A-Protect", "description": "Security awareness and skills training-Train workforce members on causes of unintentional data exposure", "importance": 0, "uuid": "f6d1f4bf-74ff-4075-ba11-e143a0606193" }, { "code": "14.6-N/A-Protect", "description": "Security awareness and skills training-Train workforce members on recognizing and reporting security incidents", "importance": 0, "uuid": "41304900-8386-4462-b6e5-ab24aed576fd" }, { "code": "14.7-N/A-Protect", "description": "Security awareness and skills training-Train workforce on how to identify and report if their enterprise assets are missing security updates", "importance": 0, "uuid": "6a408e9a-eddf-4500-a06c-77fd5e40ceac" }, { "code": "14.8-N/A-Protect", "description": "Security awareness and skills training-Train workforce on the dangers of connecting to and transmitting enterprise data over insecure networks", "importance": 0, "uuid": "675cfd37-7f0e-428d-9897-17e599b359e2" }, { "code": "14.9-N/A-Protect", "description": "Security awareness and skills training-Conduct role-specific security awareness and skills training", "importance": 0, "uuid": "635b5ea6-fac3-4ce0-a2a5-c52d45e45567" }, { "code": "15.1-N/A-Identify", "description": "Service provider management-Establish and maintain an inventory of service providers", "importance": 0, "uuid": "9a93ac72-5e01-40c8-aa59-15ce818dfc9e" }, { "code": "15.2-N/A-Identify", "description": "Service provider management-Establish and maintain a service provider management policy", "importance": 0, "uuid": "3cc0492c-aef0-43e8-a204-518c85e16bfb" }, { "code": "15.3-N/A-Identify", "description": "Service provider management-Classify service providers", "importance": 0, "uuid": "4679c841-a248-4acd-9546-4c0b296667b3" }, { "code": "15.4-N/A-Protect", "description": "Service provider management-Ensure service provider contracts include security requirements", "importance": 0, "uuid": "c5899967-df04-4c30-88f2-9a5063fa9fc0" }, { "code": "15.5-N/A-Identify", "description": "Service provider management-Assess service providers", "importance": 0, "uuid": "306e2298-b1b3-403f-8bb0-0ace52e2ada2" }, { "code": "15.6-Data-Detect-IG3", "description": "Service provider management-Monitor service providers", "importance": 0, "uuid": "2401973b-c535-4e04-b7b6-2e5411b41a84" }, { "code": "15.7-Data-Protect-IG3", "description": "Service provider management-Securely decommission service providers", "importance": 0, "uuid": "d11c9f97-a848-4c18-9153-e0ca31f2dd3c" }, { "code": "16.1-Applications-Protect-IG2", "description": "Application software security-Establish and maintain a secure application developmentprocess", "importance": 0, "uuid": "db784c45-c0b9-43bd-8643-e43fdbb4c437" }, { "code": "16.10-Applications-Protect-IG2", "description": "Application software security-Apply secure design principles in application architectures", "importance": 0, "uuid": "d93d03cd-205d-4ac6-b1a1-ccd278a8061d" }, { "code": "16.11-Applications-Protect-IG2", "description": "Application software security-Leverage vetted modules or services for application security components", "importance": 0, "uuid": "811f7d98-b355-48bf-bb99-d760dfbdcfc6" }, { "code": "16.12-Applications-Protect-IG3", "description": "Application software security-Implement code-level security checks", "importance": 0, "uuid": "17376129-173e-4ca8-8f7c-033b70fb2001" }, { "code": "16.13-Applications-Protect-IG3", "description": "Application software security-Conduct application penetration testing", "importance": 0, "uuid": "53c61b03-34bf-41b7-9739-7be444b7467f" }, { "code": "16.14-Applications-Protect-IG3", "description": "Application software security-Conduct threat modeling", "importance": 0, "uuid": "113cd8a0-199c-4af4-9fb9-9d039513d08f" }, { "code": "16.2-Applications-Protect-IG2", "description": "Application software security-Establish and maintain a process to accept and address software vulnerabilities", "importance": 0, "uuid": "074c5418-aae7-41df-854e-909ccb91d469" }, { "code": "16.3-Applications-Protect-IG2", "description": "Application software security-Perform root cause analysis on security vulnerabilities", "importance": 0, "uuid": "59ef8b71-f972-47dc-be03-0f8b25dfbe80" }, { "code": "16.4-Applications-Protect-IG2", "description": "Application software security-Establish and manage an inventory of third-party software components", "importance": 0, "uuid": "10df85b2-f5e4-48ec-8ff6-ea9e33bd7a3d" }, { "code": "16.5-Applications-Protect-IG2", "description": "Application software security-Use up-to-date and trusted third-party software components", "importance": 0, "uuid": "5cb4fd72-aefd-4d91-a551-85ab75b0fa95" }, { "code": "16.6-Applications-Protect-IG2", "description": "Application software security-Establish and maintain a severity rating system and process for application vulnerabilities", "importance": 0, "uuid": "40780741-bf90-49d0-8cae-8b79b9c67688" }, { "code": "16.7-Applications-Protect-IG2", "description": "Application software security-Use standard hardening configuration templates for application infrastructure", "importance": 0, "uuid": "08765a85-badb-4064-afd2-0a5f44191c09" }, { "code": "16.8-Applications-Protect-IG2", "description": "Application software security-Separate production and non-production systems", "importance": 0, "uuid": "93648fa0-22f5-48db-902b-ea183636ee60" }, { "code": "16.9-Applications-Protect-IG2", "description": "Application software security-Train developers in application security concepts and secure coding", "importance": 0, "uuid": "cf064702-2b50-4584-ad85-b0906fc2cd41" }, { "code": "17.1-N/A-Respond", "description": "Incident response management-Designate personnel to manage incident handling", "importance": 0, "uuid": "21ef0712-1c11-41ee-8779-1df154ba60c0" }, { "code": "17.2-N/A-Respond", "description": "Incident response management-Establish and maintain contact information for reporting security incidents", "importance": 0, "uuid": "63e7f08e-97f8-4158-bda4-236b90c1e3bc" }, { "code": "17.3-N/A-Respond", "description": "Incident response management-Establish and maintain an enterprise process for reporting incidents", "importance": 0, "uuid": "803cce36-fdf0-40c6-b307-f599d1d2dd7b" }, { "code": "17.4-N/A-Respond", "description": "Incident response management-Establish and maintain an incident response process", "importance": 0, "uuid": "28a2bd0e-963a-4136-a2ca-97aaeb464730" }, { "code": "17.5-N/A-Respond", "description": "Incident response management-Assign key roles and responsibilities", "importance": 0, "uuid": "5ffc1ef8-c708-437d-92ed-47a4c009c707" }, { "code": "17.6-N/A-Respond", "description": "Incident response management-Define mechanisms for communicating during incident response", "importance": 0, "uuid": "705f68b7-b2e7-4fc1-8fc2-6f5ca2c907fb" }, { "code": "17.7-N/A-Recover", "description": "Incident response management-Conduct routine incident response exercises", "importance": 0, "uuid": "c4cd4c54-ef9b-4772-b38a-637beb606327" }, { "code": "17.8-N/A-Recover", "description": "Incident response management-Conduct post-incident reviews", "importance": 0, "uuid": "eb3a14e8-43c9-4a37-af9d-210413259eb3" }, { "code": "17.9-N/A-Recover", "description": "Incident response management-Establish and maintain security incident thresholds", "importance": 0, "uuid": "e3484c4b-6fdf-48a8-ba77-91f4f2385daa" }, { "code": "18.1-N/A-Identify", "description": "Penetration testing-Establish and maintain a penetration testing program", "importance": 0, "uuid": "52057c66-fefe-40b9-a176-3eec10c0ab06" }, { "code": "18.2-Network-Identify-IG2", "description": "Penetration testing-Perform periodic external penetration tests", "importance": 0, "uuid": "d39d0f22-cdbb-4577-9285-1de2a6f7036b" }, { "code": "18.3-Network-Protect-IG2-IG1", "description": "Penetration testing-Remediate penetration test findings", "importance": 0, "uuid": "c0d370ca-5c25-4c22-becc-79516a026298" }, { "code": "18.4-Network-Protect-IG3-IG2", "description": "Penetration testing-Validate security measures", "importance": 0, "uuid": "3eee979d-2e78-4b4f-aaa1-701a1eb81bd3" }, { "code": "18.5-N/A-Identify", "description": "Penetration testing-Perform periodic internal penetration tests", "importance": 0, "uuid": "8bf03dd7-9b05-4d90-9e78-b8745eb163fa" }, { "code": "2.1-Applications-Identify-IG1", "description": "Inventory and control of software assets-Establish and maintain a software inventory", "importance": 0, "uuid": "cb300188-2a2a-47aa-a5d1-89292844d692" }, { "code": "2.2-Applications-Identify-IG1", "description": "Inventory and control of software assets-Ensure authorized software is currently supported ", "importance": 0, "uuid": "5b7c6e6c-a603-4c92-9721-a8a24177cbaa" }, { "code": "2.3-Applications-Respond-IG1", "description": "Inventory and control of software assets-Address unauthorized software", "importance": 0, "uuid": "93befead-5a8f-4df7-91a2-b23e3f922f48" }, { "code": "2.4-Applications-Detect-IG2", "description": "Inventory and control of software assets-Utilize automated software inventory tools", "importance": 0, "uuid": "155fea9b-0ca0-4c3a-9414-91928f7af662" }, { "code": "2.5-Applications-Protect-IG2", "description": "Inventory and control of software assets-Allowlist authorized software", "importance": 0, "uuid": "b6772c6b-9654-4467-a149-696f82947075" }, { "code": "2.6-Applications-Protect-IG2", "description": "Inventory and control of software assets-Allowlist authorized libraries", "importance": 0, "uuid": "4a7cc9ba-ae68-41c7-8a96-f4ebbe452acf" }, { "code": "2.7-Applications-Protect-IG3", "description": "Inventory and control of software assets-Allowlist authorized scripts", "importance": 0, "uuid": "26e285a6-3197-413d-9599-fd466286b958" }, { "code": "3.1-Data-Identify-IG1", "description": "Data protection-Establish and maintain a data management process", "importance": 0, "uuid": "514fbadc-c751-4852-9fd6-8351b6054f8d" }, { "code": "3.1-Data-Protect-IG1", "description": "Data protection-Encrypt sensitive data in transit", "importance": 0, "uuid": "a243b1de-67d6-463a-9fa8-c424beda6250" }, { "code": "3.11-Data-Protect-IG2", "description": "Data protection-Encrypt sensitive data at rest", "importance": 0, "uuid": "da4089a1-4a1e-46c2-aeef-8f502b37ade2" }, { "code": "3.12-Network-Protect-IG2", "description": "Data protection-Segment data processing and storage based on sensitivity", "importance": 0, "uuid": "7c72e13e-e088-4e44-9910-c86c3de60d10" }, { "code": "3.13-Data-Protect-IG3", "description": "Data protection-Deploy a data loss prevention solution", "importance": 0, "uuid": "0496fa97-cdcb-4199-bec9-973feb9fe8d2" }, { "code": "3.14-Data-Detect-IG3", "description": "Data protection-Log sensitive data access", "importance": 0, "uuid": "ccf1033b-824a-438d-b12b-a25e3c7d6684" }, { "code": "3.2-Data-Identify-IG1", "description": "Data protection-Establish and maintain a data inventory", "importance": 0, "uuid": "e6452c3e-4246-480d-aa6a-7215203710ad" }, { "code": "3.3-Data-Protect-IG1", "description": "Data protection-Configure data access control lists", "importance": 0, "uuid": "1294ffcd-b674-4643-9991-4e7320390122" }, { "code": "3.4-Data-Protect-IG1", "description": "Data protection-Enforce data retention", "importance": 0, "uuid": "a70a5a30-b5e5-4ea6-acbe-834746a0fed1" }, { "code": "3.5-Data-Protect-IG1", "description": "Data protection-Securely dispose of data", "importance": 0, "uuid": "59984672-7139-45c4-997f-e66feab835a9" }, { "code": "3.6-Devices-Protect-IG1", "description": "Data protection-Encrypt data on end-user devices", "importance": 0, "uuid": "f77bf54d-1cda-4dda-aa3f-cb6629029d8c" }, { "code": "3.7-Data-Identify-IG2", "description": "Data protection-Establish and maintain a data classification scheme", "importance": 0, "uuid": "99eb13c7-2d8d-4d53-8e19-871214d91f39" }, { "code": "3.8-Data-Identify-IG2", "description": "Data protection-Document data flows", "importance": 0, "uuid": "24dc11d3-998b-47ca-b7f4-40310afa3c03" }, { "code": "3.9-Data-Protect-IG2", "description": "Data protection-Encrypt data on removable media", "importance": 0, "uuid": "d796c0d3-8205-4732-a3d1-d7832c8a89d5" }, { "code": "4.1-Applications-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Establish and maintain a secure configuration process", "importance": 0, "uuid": "eeb97c09-6a2c-412c-87b1-b39df7fa3630" }, { "code": "4.1-Devices-Respond-IG1", "description": "Secure configuration of enterprise assets and software-Enforce automatic device lockout on portable end-user devices", "importance": 0, "uuid": "a8f19c86-2de7-4f2a-b444-7a35fedbc9d6" }, { "code": "4.11-Devices-Protect-IG2", "description": "Secure configuration of enterprise assets and software-Enforce remote wipe capability on portable end-user devices", "importance": 0, "uuid": "943a0a0e-82e4-4f32-af2c-4bdded48773f" }, { "code": "4.12-Devices-Protect-IG3", "description": "Secure configuration of enterprise assets and software-Separate enterprise workspaces on mobile end-user devices", "importance": 0, "uuid": "bde651cc-d6ef-4e2b-ab5e-4aed6699b2e6" }, { "code": "4.2-Network-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Establish and maintain a secure configuration process for network infrastructure", "importance": 0, "uuid": "b9766b93-09d4-4b1b-b848-9c03aaeed19b" }, { "code": "4.3-Users-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Configure automatic session locking on enterprise assets", "importance": 0, "uuid": "7c0f8833-55f5-44a8-b244-b3beb4b28e4d" }, { "code": "4.4-Devices-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Implement and manage a firewall on servers", "importance": 0, "uuid": "28c3e828-507b-4b48-b9a5-98cf200725b0" }, { "code": "4.5-Devices-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Implement and manage a firewall on end-user devices", "importance": 0, "uuid": "5b35e2e9-d622-43e2-90d5-9378af88feaa" }, { "code": "4.6-Network-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Securely manage enterprise assets and software", "importance": 0, "uuid": "f33e930d-5109-4554-88ce-ea57c3328884" }, { "code": "4.7-Users-Protect-IG1", "description": "Secure configuration of enterprise assets and software-Manage default accounts on enterprise assets and software", "importance": 0, "uuid": "b964543d-bf6e-49c6-87c9-4d585bcb8b16" }, { "code": "4.8-Devices-Protect-IG2", "description": "Secure configuration of enterprise assets and software-Uninstall or disable unnecessary services on enterprise assets and software", "importance": 0, "uuid": "de1d62d8-b9da-48b7-acd9-317999d9a242" }, { "code": "4.9-Devices-Protect-IG2", "description": "Secure configuration of enterprise assets and software-Configure trusted DNS servers on enterprise assets", "importance": 0, "uuid": "a6d7262a-2da6-4228-8032-50ea496ca8d3" }, { "code": "5.1-Users-Identify-IG1", "description": "Account management-Establish and maintain an inventory of accounts", "importance": 0, "uuid": "79c1bac9-8681-497d-ae56-b5d7320fcc4e" }, { "code": "5.2-Users-Protect-IG1", "description": "Account management-Use unique passwords", "importance": 0, "uuid": "198f625b-65ba-4355-9d12-ca6b4ce63e58" }, { "code": "5.3-Users-Respond-IG1", "description": "Account management-Disable dormant accounts", "importance": 0, "uuid": "9f5b502d-96c2-4568-a7e2-9d24eeb54ea7" }, { "code": "5.4-Users-Protect-IG1", "description": "Account management-Restrict administrator privileges to dedicated administrator accounts", "importance": 0, "uuid": "efd5342b-ddff-42b0-b5d9-302ece0948c4" }, { "code": "5.5-Users-Identify-IG2", "description": "Account management-Establish and maintain an inventory of service accounts", "importance": 0, "uuid": "127d4313-783f-4c3c-ba54-565d8b843dd0" }, { "code": "5.6-Users-Protect-IG2", "description": "Account management-Centralize account management", "importance": 0, "uuid": "9a7f9aac-6cc2-4e4e-8470-9d56e8c38cc2" }, { "code": "6.1-Users-Protect-IG1", "description": "Access control management-Establish an access granting process", "importance": 0, "uuid": "a45dddcc-87b5-4b3e-8bfb-5e84b556fb45" }, { "code": "6.2-Users-Protect-IG1", "description": "Access control management-Establish an access revoking process", "importance": 0, "uuid": "e0100354-04eb-4e4c-91b3-180d5ac0914d" }, { "code": "6.3-Users-Protect-IG1", "description": "Access control management-Require MFA for externally-exposed applications", "importance": 0, "uuid": "5df20f59-7c9a-4f73-b93d-06a8d9a6e305" }, { "code": "6.4-Users-Protect-IG1", "description": "Access control management-Require MFA for remote network access", "importance": 0, "uuid": "3952da07-2c10-4bfb-922a-4bf7a3efd8a5" }, { "code": "6.5-Users-Protect-IG1", "description": "Access control management-Require MFA for administrative access", "importance": 0, "uuid": "feb19850-2fdf-4e3b-b585-1306ec5a6e3e" }, { "code": "6.6-Users-Identify-IG2", "description": "Access control management-Establish and maintain an inventory of authentication and authorization systems", "importance": 0, "uuid": "3fcea4a8-7455-4108-9519-d96201946178" }, { "code": "6.7-Users-Protect-IG2", "description": "Access control management-Centralize access control", "importance": 0, "uuid": "5d4e75d0-b4a9-407e-97fd-531679846792" }, { "code": "6.8-Data-Protect-IG3", "description": "Access control management-Define and maintain role-based access control (RBAC)", "importance": 0, "uuid": "bb855630-0b87-4f53-a47a-3ca2dab1b031" }, { "code": "7.1-Applications-Protect-IG1", "description": "Continuous vulnerability management-Establish and maintain a vulnerability management process", "importance": 0, "uuid": "7aa13de2-dc5f-439b-978c-b5560f996618" }, { "code": "7.2-Applications-Respond-IG1", "description": "Continuous vulnerability management-Establish and maintain a remediation process", "importance": 0, "uuid": "e7ebffb5-60c8-424a-bee1-a3381548fee4" }, { "code": "7.3-Applications-Protect-IG1", "description": "Continuous vulnerability management-Perform automated operating system patch management", "importance": 0, "uuid": "696a813c-bcfd-4232-a5e7-203f15abd40e" }, { "code": "7.4-Applications-Protect-IG1", "description": "Continuous vulnerability management-Perform automated application patch management", "importance": 0, "uuid": "dae71e2c-d17e-43fb-8c0a-08833ffd4c4c" }, { "code": "7.5-Applications-Identify-IG2", "description": "Continuous vulnerability management-Perform automated vulnerability scans of internal enterprise assets", "importance": 0, "uuid": "4bd271b1-7cb9-487c-aa33-9e9a58333539" }, { "code": "7.6-Applications-Identify-IG2", "description": "Continuous vulnerability management-Perform automated vulnerability scans of externally-exposed enterprise assets", "importance": 0, "uuid": "7cfd1b0c-94a2-4758-b560-22559d6ab0aa" }, { "code": "7.7-Applications-Respond-IG2", "description": "Continuous vulnerability management-Remediate detected vulnerabilities", "importance": 0, "uuid": "1b2a0f89-eff4-45f6-a4d2-1162b4f9833d" }, { "code": "8.1-Network-Protect-IG1", "description": "Audit log management-Establish and maintain an audit log management process", "importance": 0, "uuid": "6587f6b6-8117-4880-9a53-a33d1c45ddac" }, { "code": "8.10-Network-Protect-IG2", "description": "Audit log management-Retain audit logs", "importance": 0, "uuid": "d55223d6-9722-4f41-ae68-cd97baaa3efa" }, { "code": "8.11-Network-Detect-IG2", "description": "Audit log management-Conduct audit log reviews", "importance": 0, "uuid": "51fddb77-d00e-49d5-b6d5-8cc9aeaf28bf" }, { "code": "8.12-Data-Detect-IG3", "description": "Audit log management-Collect service provider logs", "importance": 0, "uuid": "388dda2b-99ed-469b-874f-fb34a8e3da75" }, { "code": "8.2-Network-Detect-IG1", "description": "Audit log management-Collect audit logs", "importance": 0, "uuid": "fc1e36ed-edfd-416d-9aa9-3ffe02870e8c" }, { "code": "8.3-Network-Protect-IG1", "description": "Audit log management-Ensure adequate audit log storage", "importance": 0, "uuid": "b787f52d-d2b2-468b-95dc-c3d45cb558be" }, { "code": "8.4-Network-Protect-IG2", "description": "Audit log management-Standardize time synchronization", "importance": 0, "uuid": "592c3e38-4701-4d48-ae0b-0860d60421e9" }, { "code": "8.5-Network-Detect-IG2", "description": "Audit log management-Collect detailed audit logs", "importance": 0, "uuid": "413b6bf4-baa3-460c-ba86-87d8cae5a7f8" }, { "code": "8.6-Network-Detect-IG2", "description": "Audit log management-Collect DNS query audit logs", "importance": 0, "uuid": "65b355d4-380a-48bb-8816-a6f8664efa5f" }, { "code": "8.7-Network-Detect-IG2", "description": "Audit log management-Collect URL request audit logs", "importance": 0, "uuid": "7872331d-07b1-4f5c-90e3-a6b859e24851" }, { "code": "8.8-Devices-Detect-IG2", "description": "Audit log management-Collect command-line audit logs", "importance": 0, "uuid": "43a1cc08-ce70-41a2-8dd9-7570084128b6" }, { "code": "8.9-Network-Detect-IG2", "description": "Audit log management-Centralize audit logs", "importance": 0, "uuid": "809ac4bb-bea5-49bb-9f52-9763acad34a3" }, { "code": "9.1-Applications-Protect-IG1", "description": "Email and web browser protections-Ensure use of only fully supported browsers and email clients", "importance": 0, "uuid": "3c4d4eaa-adb3-4837-b361-7b7537817172" }, { "code": "9.2-Network-Protect-IG1", "description": "Email and web browser protections-Use DNS filtering services", "importance": 0, "uuid": "934174ab-91fc-4792-bdf7-18c69f3e02fe" }, { "code": "9.3-Network-Protect-IG2", "description": "Email and web browser protections-Maintain and enforce network-based url filters", "importance": 0, "uuid": "ba8ae738-a5b1-4ceb-90ea-702a613a7721" }, { "code": "9.4-Applications-Protect-IG2", "description": "Email and web browser protections-Restrict unnecessary or unauthorized browser and email client extensions", "importance": 0, "uuid": "9e4dd002-04af-44ae-806f-ea57cdfde604" }, { "code": "9.5-Network-Protect-IG2", "description": "Email and web browser protections-Implement DMARC", "importance": 0, "uuid": "f58a964d-47a7-47bb-a8c8-95e97f2c874f" }, { "code": "9.6-Network-Protect-IG2", "description": "Email and web browser protections-Block unnecessary file types", "importance": 0, "uuid": "5296d4df-1df0-492d-b5fe-a93dfc255fb1" }, { "code": "9.7-Network-Protect-IG3", "description": "Email and web browser protections-Deploy and maintain email server anti-malware protections", "importance": 0, "uuid": "a236845e-734b-4632-8b21-4c1d2eb1eff1" } ], "version": 1 } 2021-07-07T16:37:16.945580+00:00 https://objects.monarc.lu/object/get/5208 2023-03-31T19:15:40.032427+00:00 Various contributors { "authors": [ "louds" ], "label": "ANSSI - Guide d'hygi\u00e8ne informatique", "language": "FR", "refs": [ "https://www.ssi.gouv.fr/guide/guide-dhygiene-informatique/" ], "uuid": "f40bb2bb-7d03-4f14-b020-413209c37e58", "values": [ { "code": "ANSSI - R1", "description": "Former les \u00e9quipes op\u00e9rationnelles \u00e0 la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information", "importance": 0, "uuid": "96943e84-0372-4686-bfb7-08d249c491df" }, { "code": "ANSSI - R2", "description": "Sensibiliser les utilisateurs aux bonnes pratiques \u00e9l\u00e9mentaires de s\u00e9curit\u00e9 informatique", "importance": 0, "uuid": "1943bea4-8f09-41a2-b10c-026576fcbfbf" }, { "code": "ANSSI - R2+", "description": "Sensibiliser les utilisateurs aux bonnes pratiques \u00e9l\u00e9mentaires de s\u00e9curit\u00e9 informatique (+ actions renforc\u00e9es)", "importance": 0, "uuid": "24b8af98-3a21-4267-92c9-a4edfb007f12" }, { "code": "ANSSI - R3", "description": "Ma\u00eetriser les risques de l\u2019infog\u00e9rance", "importance": 0, "uuid": "1918460a-64e4-493e-a36e-e65823c78b87" }, { "code": "ANSSI - R4", "description": "Identifier les informations et serveurs les plus sensibles et maintenir un sch\u00e9ma du r\u00e9seau", "importance": 0, "uuid": "0003e49c-f3f0-4d32-8772-b839175e853e" }, { "code": "ANSSI - R5", "description": "Disposer d\u2019un inventaire exhaustif des comptes privil\u00e9gi\u00e9s et le maintenir \u00e0 jour", "importance": 0, "uuid": "df6bc227-9f58-40f2-ba30-883b9b08e605" }, { "code": "ANSSI - R6", "description": "Organiser les proc\u00e9dures d\u2019arriv\u00e9e, de d\u00e9part et de changement de fonction des utilisateurs", "importance": 0, "uuid": "a1c92cd0-73bc-4814-ba73-567ecd1585e0" }, { "code": "ANSSI - R6+", "description": "Organiser les proc\u00e9dures d\u2019arriv\u00e9e, de d\u00e9part et de changement de fonction des utilisateurs (+ actions renforc\u00e9es)", "importance": 0, "uuid": "fec3126a-773a-456c-9a61-71bd6e14d84d" }, { "code": "ANSSI - R7", "description": "Autoriser la connexion au r\u00e9seau de l\u2019entit\u00e9 aux seuls \u00e9quipements ma\u00eetris\u00e9s", "importance": 0, "uuid": "0aac52be-2fd5-4957-b27f-b7bed92fa4e6" }, { "code": "ANSSI - R7+", "description": "Autoriser la connexion au r\u00e9seau de l\u2019entit\u00e9 aux seuls \u00e9quipements ma\u00eetris\u00e9s (+ actions renforc\u00e9es)", "importance": 0, "uuid": "1eb57e4e-47ef-4438-91db-184cf004fd04" }, { "code": "ANSSI - R8", "description": "Identifier nomm\u00e9ment chaque personne acc\u00e9dant au syst\u00e8me et distinguer les r\u00f4les utilisateur/administrateur", "importance": 0, "uuid": "4a6536f5-2e2e-4b32-b70b-40b7a5fe8f4a" }, { "code": "ANSSI - R8+", "description": "Identifier nomm\u00e9ment chaque personne acc\u00e9dant au syst\u00e8me et distinguer les r\u00f4les utilisateur/administrateur (+ actions renforc\u00e9es)", "importance": 0, "uuid": "4b1211cd-d373-486e-aba7-e6e4efb9ce8b" }, { "code": "ANSSI - R9", "description": "Attribuer les bons droits sur les ressources sensibles du syst\u00e8me d\u2019information", "importance": 0, "uuid": "3adaf92b-e39b-4430-94ae-e2a0ba5ce458" }, { "code": "ANSSI - R10", "description": "D\u00e9finir et v\u00e9rifier des r\u00e8gles de choix et de dimensionnement des mots de passe", "importance": 0, "uuid": "f6526760-6a38-44bf-9ab0-b40e6ba7e5de" }, { "code": "ANSSI - R11", "description": "Prot\u00e9ger les mots de passe stock\u00e9s sur les syst\u00e8mes", "importance": 0, "uuid": "089de0d4-0a85-4283-aebd-adbd0f08ade0" }, { "code": "ANSSI - R12", "description": "Changer les \u00e9l\u00e9ments d\u2019authentification par d\u00e9faut sur les \u00e9quipements et services", "importance": 0, "uuid": "b4c6914f-4ab0-4120-ac80-2cc654807d9d" }, { "code": "ANSSI - R12+", "description": "Changer les \u00e9l\u00e9ments d\u2019authentification par d\u00e9faut sur les \u00e9quipements et services (+ actions renforc\u00e9es)", "importance": 0, "uuid": "017ff9ef-e136-4d72-8ff4-85143c303fd2" }, { "code": "ANSSI - R13", "description": "Privil\u00e9gier lorsque c\u2019est possible une authentification forte", "importance": 0, "uuid": "ebe721bd-a98f-4da9-8984-19b9d9003bd2" }, { "code": "ANSSI - R13+", "description": "Privil\u00e9gier lorsque c\u2019est possible une authentification forte (+ actions renforc\u00e9es)", "importance": 0, "uuid": "6722c413-a3f4-4b83-9480-7d5e62c39420" }, { "code": "ANSSI - R14", "description": "Mettre en place un niveau de s\u00e9curit\u00e9 minimal sur l\u2019ensemble du parc informatique", "importance": 0, "uuid": "b3928530-1ed9-4843-9392-88de110884eb" }, { "code": "ANSSI - R14+", "description": "Mettre en place un niveau de s\u00e9curit\u00e9 minimal sur l\u2019ensemble du parc informatique (+ actions renforc\u00e9es)", "importance": 0, "uuid": "dc443f85-586f-4ff5-9bc6-754c0ffaa41f" }, { "code": "ANSSI - R15", "description": "Se prot\u00e9ger des menaces relatives \u00e0 l\u2019utilisation de supports amovibles", "importance": 0, "uuid": "73cdfde1-392a-4c72-9fa9-cd2e638ba199" }, { "code": "ANSSI - R15+", "description": "Se prot\u00e9ger des menaces relatives \u00e0 l\u2019utilisation de supports amovibles (+ actions renforc\u00e9es)", "importance": 0, "uuid": "7b161406-9904-44ae-b32c-69ebf4153c58" }, { "code": "ANSSI - R16", "description": "Utiliser un outil de gestion centralis\u00e9e afin d\u2019homog\u00e9n\u00e9iser les politiques de s\u00e9curit\u00e9", "importance": 0, "uuid": "ce0197ed-bb93-4101-9089-3422ae117d50" }, { "code": "ANSSI - R17", "description": "Activer et configurer le parefeu local des postes de travail", "importance": 0, "uuid": "2be22fb0-7683-4bda-b55d-4dad6243eae7" }, { "code": "ANSSI - R17+", "description": "Activer et configurer le parefeu local des postes de travail (+ actions renforc\u00e9es)", "importance": 0, "uuid": "6c4973e7-6284-4d60-b6a5-cc49e2db5495" }, { "code": "ANSSI - R18", "description": "Chiffrer les donn\u00e9es sensibles transmises par voie Internet", "importance": 0, "uuid": "ea6cf889-1259-411d-8384-4e6da8da4f56" }, { "code": "ANSSI - R19", "description": "Segmenter le r\u00e9seau et mettre en place un cloisonnement entre ces zones", "importance": 0, "uuid": "1f0cf6f9-31ab-4a4e-81ff-80ba5c054049" }, { "code": "ANSSI - R20", "description": "S\u2019assurer de la s\u00e9curit\u00e9 des r\u00e9seaux d\u2019acc\u00e8s Wi-Fi et de la s\u00e9paration des usages", "importance": 0, "uuid": "78093341-f859-42e2-b609-b79467f38703" }, { "code": "ANSSI - R21", "description": "Utiliser des protocoles r\u00e9seaux s\u00e9curis\u00e9s d\u00e8s qu\u2019ils existent", "importance": 0, "uuid": "53dbf0fe-aafa-4428-91ca-9f97c11ae586" }, { "code": "ANSSI - R22", "description": "Mettre en place une passerelle d\u2019acc\u00e8s s\u00e9curis\u00e9 \u00e0 Internet", "importance": 0, "uuid": "883ec8cc-e190-4629-afa7-240ee13aeaef" }, { "code": "ANSSI - R22+", "description": "Mettre en place une passerelle d\u2019acc\u00e8s s\u00e9curis\u00e9 \u00e0 Internet (+ actions renforc\u00e9es)", "importance": 0, "uuid": "ea71f94e-e457-4a3f-8bb8-0dff8031e533" }, { "code": "ANSSI - R23", "description": "Cloisonner les services visibles depuis Internet du reste du syst\u00e8me d\u2019information", "importance": 0, "uuid": "d57b895d-25e0-4d73-9b0c-52007e135c7b" }, { "code": "ANSSI - R24", "description": "Prot\u00e9ger sa messagerie professionnelle", "importance": 0, "uuid": "16992d5a-bf1c-41fa-8b8d-0bc1e3c67a06" }, { "code": "ANSSI - R24+", "description": "Prot\u00e9ger sa messagerie professionnelle (+ actions renforc\u00e9es)", "importance": 0, "uuid": "804e4d19-ae4e-4eca-9833-9261947e2fd2" }, { "code": "ANSSI - R25", "description": "S\u00e9curiser les interconnexions r\u00e9seau d\u00e9di\u00e9es avec les partenaires", "importance": 0, "uuid": "da86d087-ab62-4d0d-a0be-3fcaaa07f826" }, { "code": "ANSSI - R25+", "description": "S\u00e9curiser les interconnexions r\u00e9seau d\u00e9di\u00e9es avec les partenaires (+ actions renforc\u00e9es)", "importance": 0, "uuid": "618d4d0a-ea8f-4464-b985-a860e1b619ec" }, { "code": "ANSSI - R26", "description": "Contr\u00f4ler et prot\u00e9ger l\u2019acc\u00e8s aux salles serveurs et aux locaux techniques", "importance": 0, "uuid": "c4311193-8620-4b00-971a-1018b9af774f" }, { "code": "ANSSI - R27", "description": "Interdire l\u2019acc\u00e8s \u00e0 Internet depuis les postes ou serveurs utilis\u00e9s pour l\u2019administration du syst\u00e8me d\u2019information", "importance": 0, "uuid": "f3f2554b-8803-4264-8f31-1c7d5247ce7e" }, { "code": "ANSSI - R27+", "description": "Interdire l\u2019acc\u00e8s \u00e0 Internet depuis les postes ou serveurs utilis\u00e9s pour l\u2019administration du syst\u00e8me d\u2019information (+ actions renforc\u00e9es)", "importance": 0, "uuid": "fa051789-5399-4b83-af5f-aef1034cbaa5" }, { "code": "ANSSI - R28", "description": "Utiliser un r\u00e9seau d\u00e9di\u00e9 et cloisonn\u00e9 pour l\u2019administration du syst\u00e8me d\u2019information", "importance": 0, "uuid": "bdf5eadd-a7c7-4c08-a9a0-7ac0c8b61712" }, { "code": "ANSSI - R28+", "description": "Utiliser un r\u00e9seau d\u00e9di\u00e9 et cloisonn\u00e9 pour l\u2019administration du syst\u00e8me d\u2019information (+ actions renforc\u00e9es)", "importance": 0, "uuid": "e458228d-db44-4144-9e68-7eb2e3307a39" }, { "code": "ANSSI - R29", "description": "Limiter au strict besoin op\u00e9rationnel les droits d\u2019administration sur les postes de travail", "importance": 0, "uuid": "3920d219-8a9a-40f8-8405-ac3c36470776" }, { "code": "ANSSI - R30", "description": "Prendre des mesures de s\u00e9curisation physique des terminaux nomades", "importance": 0, "uuid": "fc18a86d-3f80-41dc-bbac-d9d42f191b37" }, { "code": "ANSSI - R30+", "description": "Prendre des mesures de s\u00e9curisation physique des terminaux nomades (+ actions renforc\u00e9es)", "importance": 0, "uuid": "639a0a49-111e-42f0-a656-c2d8f2c19631" }, { "code": "ANSSI - R31", "description": "Chiffrer les donn\u00e9es sensibles, en particulier sur le mat\u00e9riel potentiellement perdable", "importance": 0, "uuid": "585a4e59-fd13-4983-b879-5889bad060ae" }, { "code": "ANSSI - R32", "description": "S\u00e9curiser la connexion r\u00e9seau des postes utilis\u00e9s en situation de nomadisme", "importance": 0, "uuid": "e69d6c43-94a5-497e-ba2f-58b0f8d2a6f4" }, { "code": "ANSSI - R32+", "description": "S\u00e9curiser la connexion r\u00e9seau des postes utilis\u00e9s en situation de nomadisme (+ actions renforc\u00e9es)", "importance": 0, "uuid": "413aefe3-eff6-4efd-aef3-40b5b3805f6b" }, { "code": "ANSSI - R33", "description": "Adopter des politiques de s\u00e9curit\u00e9 d\u00e9di\u00e9es aux terminaux mobiles", "importance": 0, "uuid": "99f32c0a-e5df-4d94-82a6-ec3e133269ab" }, { "code": "ANSSI - R33+", "description": "Adopter des politiques de s\u00e9curit\u00e9 d\u00e9di\u00e9es aux terminaux mobiles (+ actions renforc\u00e9es)", "importance": 0, "uuid": "8e6641bf-3357-4d23-b2b8-ad787209ba74" }, { "code": "ANSSI - R34", "description": "D\u00e9finir une politique de mise \u00e0 jour des composants du syst\u00e8me d\u2019information", "importance": 0, "uuid": "06754dc6-b2ed-4ed1-a2d1-e3f323740283" }, { "code": "ANSSI - R35", "description": "Anticiper la fin de la maintenance des logiciels et syst\u00e8mes et limiter les adh\u00e9rences logicielles", "importance": 0, "uuid": "2e207439-15f3-468d-a97e-3efc5f25c435" }, { "code": "ANSSI - R36", "description": "Activer et configurer les journaux des composants les plus importants", "importance": 0, "uuid": "fe4f6fde-5389-4e25-98e5-3d64c5dfa19c" }, { "code": "ANSSI - R36+", "description": "Activer et configurer les journaux des composants les plus importants (+ actions renforc\u00e9es)", "importance": 0, "uuid": "f17fb362-56dd-47da-a623-407237f12367" }, { "code": "ANSSI - R37", "description": "D\u00e9finir et appliquer une politique de sauvegarde des composants critiques", "importance": 0, "uuid": "f7cae896-1bdc-442f-b9fc-26f709cbf835" }, { "code": "ANSSI - R37+", "description": "D\u00e9finir et appliquer une politique de sauvegarde des composants critiques (+ actions renforc\u00e9es)", "importance": 0, "uuid": "21646ab7-e7b1-45e4-9456-20eca8462e98" }, { "code": "ANSSI - R38+", "description": "Proc\u00e9der \u00e0 des contr\u00f4les et audits de s\u00e9curit\u00e9 r\u00e9guliers puis appliquer les actions correctives associ\u00e9es", "importance": 0, "uuid": "f44440b6-dc76-4620-bac6-c63d66a2adb9" }, { "code": "ANSSI - R39", "description": "D\u00e9signer un r\u00e9f\u00e9rent en s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information et le faire conna\u00eetre aupr\u00e8s du personnel", "importance": 0, "uuid": "5ca4641e-2dfd-4af3-89e7-0dfe8f39bb1d" }, { "code": "ANSSI - R40", "description": "D\u00e9finir une proc\u00e9dure de gestion des incidents de s\u00e9curit\u00e9", "importance": 0, "uuid": "2da8f2d1-f4b2-44a1-bed5-15cf83600014" }, { "code": "ANSSI - R41+", "description": "Mener une analyse de risques formelle", "importance": 0, "uuid": "7d9853d0-d646-45d1-b59e-58309387bd81" }, { "code": "ANSSI - R42+", "description": "Privil\u00e9gier l\u2019usage de produits et de services qualifi\u00e9s par l\u2019ANSSI", "importance": 0, "uuid": "2f535344-d5fe-47f8-8a73-8463012ce7f5" } ], "version": 0 } 2021-07-08T14:13:43.195734+00:00 https://objects.monarc.lu/object/get/5209 2023-03-31T19:15:40.031879+00:00 Various contributors { "authors": [ "louds" ], "label": "ANSSI - Guideline for a healthy information system", "language": "EN", "refs": [ "https://www.ssi.gouv.fr/en/guide/40-essential-measures-for-a-healthy-network/" ], "uuid": "70ea1b7f-169d-481f-9d97-67e9a50f6719", "values": [ { "code": "ANSSI - R1", "description": "Train the operational teams in information system security", "importance": 0, "uuid": "223e6c30-b964-4998-81a6-9afa4072cb42" }, { "code": "ANSSI - R2", "description": "Raise users\u2019 awareness about basic information security", "importance": 0, "uuid": "a789bdb6-4865-452b-bd62-cc8ed2d13a1c" }, { "code": "ANSSI - R2+", "description": "Raise users\u2019 awareness about basic information security (+ strengthened actions)", "importance": 0, "uuid": "02064c50-de13-4ea9-9e17-319bc2ac7d94" }, { "code": "ANSSI - R3", "description": "Control outsourced services", "importance": 0, "uuid": "e75eb64f-7835-4204-a308-cf6dc9baf3f8" }, { "code": "ANSSI - R4", "description": "Identify the most sensitive information and servers and keep a network diagram", "importance": 0, "uuid": "888be2b9-dc80-4603-abc7-e8ae6f52fb9b" }, { "code": "ANSSI - R5", "description": "Have an exhaustive inventory of privileged accounts and keep it updated", "importance": 0, "uuid": "d8b48af9-7996-4b4f-9ae2-8636ff3ec9c2" }, { "code": "ANSSI - R6", "description": "Organise the procedures relating to users joining, departing and changing positions", "importance": 0, "uuid": "fe9286d8-9a6c-42f9-97f1-9d1093ceef50" }, { "code": "ANSSI - R6+", "description": "Organise the procedures relating to users joining, departing and changing positions (+ strengthened actions)", "importance": 0, "uuid": "07064ab4-9dc7-4175-9d15-4d2fef8b710b" }, { "code": "ANSSI - R7", "description": "Only allow controlled devices to connect to the network of the organization", "importance": 0, "uuid": "145aba5b-93c9-44b6-b9f5-f622f7b830e1" }, { "code": "ANSSI - R7+", "description": "Only allow controlled devices to connect to the network of the organization (+ strengthened actions)", "importance": 0, "uuid": "48f01622-0fed-4736-93ea-19f4876c95f1" }, { "code": "ANSSI - R8", "description": "Identify each individual accessing the system by name and distinguish the user/administrator roles", "importance": 0, "uuid": "e68eaaef-6693-4c5c-8f08-364e67e13571" }, { "code": "ANSSI - R8+", "description": "Identify each individual accessing the system by name and distinguish the user/administrator roles (+ strengthened actions)", "importance": 0, "uuid": "50c68221-dbd1-4632-9fcd-c5718753b8b7" }, { "code": "ANSSI - R9", "description": "Allocate the correct rights to the information system\u2019s sensitive resources", "importance": 0, "uuid": "c2f504b1-58b0-4d37-8d30-3a536ec7f310" }, { "code": "ANSSI - R10", "description": "Set and verify rules for the choice and size of passwords", "importance": 0, "uuid": "31d20164-2e71-4fc5-8b74-1b20cec62135" }, { "code": "ANSSI - R11", "description": "Protect passwords stored on systems", "importance": 0, "uuid": "afc1c8d0-029a-4ab2-a0c1-95b02d00afe9" }, { "code": "ANSSI - R12", "description": "Change the default authentication settings on devices and services", "importance": 0, "uuid": "8b177341-edfb-437c-bf9d-e80bac2564da" }, { "code": "ANSSI - R12+", "description": "Change the default authentication settings on devices and services (+ strengthened actions)", "importance": 0, "uuid": "263d0733-4ebb-4464-9971-2ada65b70bdb" }, { "code": "ANSSI - R13", "description": "Prefer a two-factor authentication when possible", "importance": 0, "uuid": "d549a5f3-06e3-4aaf-8f76-df672a8be633" }, { "code": "ANSSI - R13+", "description": "Prefer a two-factor authentication when possible (+ strengthened actions)", "importance": 0, "uuid": "929c00f4-5f9c-40e1-86cc-de901981aebf" }, { "code": "ANSSI - R14", "description": "Implement a minimum level of security across the whole IT stock", "importance": 0, "uuid": "c97f287f-73c7-4040-bf58-14cc203bb701" }, { "code": "ANSSI - R14+", "description": "Implement a minimum level of security across the whole IT stock (+ strengthened actions)", "importance": 0, "uuid": "04b41edb-fb77-4072-a76d-956a40716515" }, { "code": "ANSSI - R15", "description": "Protect against threats relating to the use of removable media", "importance": 0, "uuid": "8b12b208-e294-4ece-a42c-6f6a21f47c72" }, { "code": "ANSSI - R15+", "description": "Protect against threats relating to the use of removable media (+ strengthened actions)", "importance": 0, "uuid": "0ad578e6-a437-4633-b65a-1e7ee3e8be30" }, { "code": "ANSSI - R16", "description": "Use a centralised management tool to standardise security policies", "importance": 0, "uuid": "85e2d429-6c19-47d1-94d5-73d0ce70a7fe" }, { "code": "ANSSI - R17", "description": "Activate and configure the firewall on workstations", "importance": 0, "uuid": "699cad6f-85b5-44a4-bd2d-a2eee6acacac" }, { "code": "ANSSI - R17+", "description": "Activate and configure the firewall on workstations (+ strengthened actions)", "importance": 0, "uuid": "7df4ae40-45fd-4b03-82b4-d92e0c2069bc" }, { "code": "ANSSI - R18", "description": "Encrypt sensitive data sent through the Internet", "importance": 0, "uuid": "08b28355-6bc7-49d0-b34c-72c0a0aa690f" }, { "code": "ANSSI - R19", "description": "Segment the network and implement a partitioning between these areas", "importance": 0, "uuid": "c70a2f46-1907-41e5-9d66-c62bb290428f" }, { "code": "ANSSI - R20", "description": "Ensure the security of Wi-Fi access networks and that uses are separated", "importance": 0, "uuid": "fa99ac96-1418-4347-88f3-4c2061e0a37d" }, { "code": "ANSSI - R21", "description": "Use secure network protocols when they exist", "importance": 0, "uuid": "5569e6c1-88af-4b50-961d-8e6e90b9cc85" }, { "code": "ANSSI - R22", "description": "Implement a secure access gateway to the Internet", "importance": 0, "uuid": "9823ff67-8899-428c-94d3-06ce13735624" }, { "code": "ANSSI - R22+", "description": "Implement a secure access gateway to the Internet (+ strengthened actions)", "importance": 0, "uuid": "221b51f5-ffeb-4f8a-9d5c-6924cdb632b7" }, { "code": "ANSSI - R23", "description": "Segregate the services visible from the Internet from the rest of the information system", "importance": 0, "uuid": "c1a2a2c6-2823-40f5-a35c-94e3c3244c25" }, { "code": "ANSSI - R24", "description": "Protect your professional email", "importance": 0, "uuid": "87175056-58f9-4d0b-b072-fb07bafd4dc6" }, { "code": "ANSSI - R24+", "description": "Protect your professional email (+ strengthened actions)", "importance": 0, "uuid": "8b1a199d-fbdf-42e3-94e4-8edf0af3aee5" }, { "code": "ANSSI - R25", "description": "Secure the dedicated network interconnections with partners", "importance": 0, "uuid": "2d4fb180-e92c-4d6f-aff2-895a0f386171" }, { "code": "ANSSI - R25+", "description": "Secure the dedicated network interconnections with partners (+ strengthened actions)", "importance": 0, "uuid": "a6d5763d-ef7c-4303-942b-ad8359182c31" }, { "code": "ANSSI - R26", "description": "Control and protect access to the server rooms and technical areas", "importance": 0, "uuid": "d050bb64-1057-4d1f-88ab-d51ba74d25c9" }, { "code": "ANSSI - R27", "description": "Prohibit Internet access from devices or servers used by the information system administration", "importance": 0, "uuid": "da32da25-83d0-4b37-9e59-40e6938e4e47" }, { "code": "ANSSI - R27+", "description": "Prohibit Internet access from devices or servers used by the information system administration (+ strengthened actions)", "importance": 0, "uuid": "db888654-1102-4ad2-abcd-6bc40c0aa053" }, { "code": "ANSSI - R28", "description": "Use a dedicated and separated network for information system administration", "importance": 0, "uuid": "039f1371-3adf-4433-880e-6891e75b598e" }, { "code": "ANSSI - R28+", "description": "Use a dedicated and separated network for information system administration (+ strengthened actions)", "importance": 0, "uuid": "9452a67a-dd41-4ed7-b973-df197d722282" }, { "code": "ANSSI - R29", "description": "Reduce administration rights on workstations to strictly operational needs", "importance": 0, "uuid": "33da8384-f91a-40c2-81e8-3cae0da754ac" }, { "code": "ANSSI - R30", "description": "Take measures to physically secure mobile devices", "importance": 0, "uuid": "78f0174f-3036-44be-83ee-e9074092345b" }, { "code": "ANSSI - R30+", "description": "Take measures to physically secure mobile devices (+ strengthened actions)", "importance": 0, "uuid": "4a46bdc6-9c94-4552-a747-777cd35f3551" }, { "code": "ANSSI - R31", "description": "Encrypt sensitive data , in particular on hardware that can potentially be lost", "importance": 0, "uuid": "00ab5b42-edeb-4e5f-91a4-ee1f5ca544fc" }, { "code": "ANSSI - R32", "description": "Secure the network connection of devices used in a mobile working situation", "importance": 0, "uuid": "e34f7dea-07d0-4457-9ad8-35dc8b57d566" }, { "code": "ANSSI - R32+", "description": "Secure the network connection of devices used in a mobile working situation (+ strengthened actions)", "importance": 0, "uuid": "e7ac108a-4ff8-4ca7-8ec2-7674e871b16e" }, { "code": "ANSSI - R33", "description": "Adopt security policies dedicated to mobile devices", "importance": 0, "uuid": "c63fd77c-edb2-4ade-96d3-c89db095a69a" }, { "code": "ANSSI - R33+", "description": "Adopt security policies dedicated to mobile devices (+ strengthened actions)", "importance": 0, "uuid": "9b70ff0f-cf60-41bd-a405-51a68df25bec" }, { "code": "ANSSI - R34", "description": "Define an update policy for the components of the information system", "importance": 0, "uuid": "8cac85b0-7553-440f-a439-dd4d00d1d49c" }, { "code": "ANSSI - R35", "description": "Anticipate the software and system end of life/maintenance and limit software reliance", "importance": 0, "uuid": "8e1118bc-667b-4598-ace1-deed3945368c" }, { "code": "ANSSI - R36", "description": "Activate and configure the most important component logs", "importance": 0, "uuid": "c1d6de0a-0d7a-4632-a7a9-680b34d9218f" }, { "code": "ANSSI - R36+", "description": "Activate and configure the most important component logs (+ strengthened actions)", "importance": 0, "uuid": "946ebe15-6f21-4342-ac43-3f4ea6607a80" }, { "code": "ANSSI - R37", "description": "Define and apply a backup policy for critical components", "importance": 0, "uuid": "e759976b-9b83-4f81-a35b-c69da63edd06" }, { "code": "ANSSI - R37+", "description": "Define and apply a backup policy for critical components (+ strengthened actions)", "importance": 0, "uuid": "8c21d548-812f-4249-8c74-5bedb2f1a9cf" }, { "code": "ANSSI - R38+", "description": "Undertake regular controls and security audits then apply the associated corrective actions", "importance": 0, "uuid": "0a736d33-55ac-4711-b1e0-ce2ebe761e75" }, { "code": "ANSSI - R39", "description": "Designate a point of contact in information system security and make sure staff are aware of him or her", "importance": 0, "uuid": "140e1184-8547-4429-a881-9ff3f043d7e2" }, { "code": "ANSSI - R40", "description": "Define a security incident management procedure", "importance": 0, "uuid": "38d26ad0-2ccf-429f-b046-ddb03e533bb6" }, { "code": "ANSSI - R41+", "description": "Carry out a formal risk assessment", "importance": 0, "uuid": "d4498025-0240-4033-8a7f-e90c69134c8e" }, { "code": "ANSSI - R42+", "description": "Favour the use of products and services qualified by ANSSI", "importance": 0, "uuid": "a526b314-d2db-44f3-a9c8-7af2320e7d1a" } ], "version": 0 } 2021-07-09T06:49:39.752176+00:00 https://objects.monarc.lu/object/get/5206 2023-03-31T19:15:40.031753+00:00 Various contributors { "object": { "asset": { "amvs": [], "asset": { "code": "INFO", "description": "Sensitive or essential information", "label": "Information", "language": "EN", "type": "Primary", "uuid": "d2023ca5-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [], "vuls": [] }, "children": [], "object": { "label": "Electronic data to protect", "language": "EN", "name": "Data", "scope": "local", "uuid": "96e69fc9-513c-11e9-ac8c-0800277f0571", "version": 1 }, "rolfRisks": [], "rolfTags": [] } } 2021-07-29T07:58:26.397388+00:00 https://objects.monarc.lu/object/get/5211 2023-03-31T19:15:40.031595+00:00 CVE-Search { "Modified": "2021-07-14T18:15:00", "Published": "2021-07-02T22:15:00", "access": { "authentication": "SINGLE", "complexity": "LOW", "vector": "NETWORK" }, "assigner": "secure@microsoft.com", "cvss": 9, "cvss-time": "2021-07-14T18:15:00", "cvss-vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "cwe": "CWE-269", "id": "CVE-2021-34527", "impact": { "availability": "COMPLETE", "confidentiality": "COMPLETE", "integrity": "COMPLETE" }, "last-modified": "2021-07-14T18:15:00", "products": [], "references": [ "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527", "https://www.kb.cert.org/vuls/id/383432" ], "summary": "Windows Print Spooler Remote Code Execution Vulnerability", "vendors": [], "vulnerable_configuration": [ "{\"id\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*\"}", "{\"id\":\"cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*\",\"title\":\"cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*\"}" ], "vulnerable_configuration_cpe_2_2": [], "vulnerable_configuration_stems": [], "vulnerable_product": [ "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*" ], "vulnerable_product_stems": [] } 2021-07-29T08:01:05.621485+00:00 https://objects.monarc.lu/object/get/25 2023-03-31T19:15:40.031217+00:00 MONARC { "description": "MONARC Threats Taxonomy", "expanded": "MONARC Threats", "namespace": "monarc-threat", "predicates": [ { "expanded": "Compromise of functions", "value": "compromise-of-functions" }, { "expanded": "Unauthorised actions", "value": "unauthorised-actions" }, { "expanded": "Compromise of information", "value": "compromise-of-information" }, { "expanded": "Loss of essential services", "value": "loss-of-essential-services" }, { "expanded": "Technical failures", "value": "technical-failures" }, { "expanded": "Physical damage", "value": "physical-damage" } ], "refs": [ "https://monarc.lu" ], "values": [ { "entry": [ { "description": "A person commits an operating error, input error or utilisation error on hardware or software.", "expanded": "Error in use", "value": "error-in-use" }, { "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.", "expanded": "Forging of rights", "value": "forging-of-rights" }, { "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", "expanded": "Eavesdropping", "value": "eavesdropping" }, { "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation.", "expanded": "Denial of actions", "value": "denial-of-actions" }, { "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.", "expanded": "Abuse of rights", "value": "abuse-of-rights" }, { "description": "Absence of qualified or authorised personnel to execute the usual operations.", "expanded": "Breach of personnel availability", "value": "breach-of-personnel-availability" } ], "predicate": "compromise-of-functions" }, { "entry": [ { "description": "Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software.", "expanded": "Fraudulent copying or use of counterfeit software", "value": "fraudulent-copying-or-use-of-counterfeit-software" }, { "description": "Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful.", "expanded": "Corruption of data", "value": "corruption-of-data" }, { "description": "A person carries out information processing that is forbidden by the law or a regulation.", "expanded": "Illegal processing of data", "value": "illegal-processing-of-data" } ], "predicate": "unauthorised-actions" }, { "entry": [ { "description": "Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard.", "expanded": "Remote spying", "value": "remote-spying" }, { "description": "Someone with access to a communication medium or equipment installs an interception or destruction device in it.", "expanded": "Tampering with hardware", "value": "tampering-with-hardware" }, { "description": "Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon).", "expanded": "Interception of compromising interference signals", "value": "interception-of-compromising-interference-signals" }, { "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.", "expanded": "Theft or destruction of media, documents or equipment", "value": "theft-or-destruction-of-media-documents-or-equipment" }, { "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.", "expanded": "Retrieval of recycled or discarded media", "value": "retrieval-of-recycled-or-discarded media" }, { "description": "Unwanted software that is doing operations seeking to harm the company.", "expanded": "Malware infection", "value": "malware-infection" }, { "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", "expanded": "Data from untrustworthy sources", "value": "data-from-untrustworthy-sources" }, { "description": "Person who voluntarily or negligently disclosure information.", "expanded": "Disclosure", "value": "disclosure" } ], "predicate": "compromise-of-information" }, { "entry": [ { "description": "Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network).", "expanded": "Failure of telecommunication equipment", "value": "failure-of-telecommunication-equipment" }, { "description": "Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier's service or from the internal distribution system.", "expanded": "Loss of power supply", "value": "loss-of-power-supply" }, { "description": "Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely.", "expanded": "Failure of air-conditioning", "value": "failure-of-air-conditioning" } ], "predicate": "loss-of-essential-services" }, { "entry": [ { "description": "Design error, installation error or operating error committed during modification causing incorrect execution.", "expanded": "Software malfunction", "value": "software-malfunction" }, { "description": "Logical or physical event causing hardware malfunctions or failures.", "expanded": "Equipment malfunction or failure", "value": "equipment-malfunction-or-failure" }, { "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.", "expanded": "Saturation of the information system", "value": "saturation-of-the-information-system" }, { "description": "Lack of expertise in the system making retrofitting and upgrading impossible", "expanded": "Breach of information system maintainability", "value": "breach-of-information-system-maintainability" } ], "predicate": "technical-failures" }, { "entry": [ { "description": "Event causing destruction of equipment or media.", "expanded": "Destruction of equipment or supports", "value": "destruction-of-equipment-or-supports" }, { "description": "Any situation that could facilitate the conflagration of premises or equipment.", "expanded": "Fire", "value": "fire" }, { "description": "Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)", "expanded": "Water damage", "value": "water-damage" }, { "description": "Any event that can physically destroy the premises", "expanded": "Major accident", "value": "major-accident" }, { "description": "Presence of dust, vapours, corrosive or toxic gases in the ambient air.", "expanded": "Pollution", "value": "pollution" }, { "description": "Any event that can physically ruin the premises", "expanded": "Environmental disaster (fire, flood, dust, dirt, etc.)", "value": "environmental-disaster" } ], "predicate": "physical-damage" } ], "version": 1 } 2021-09-03T09:39:40.034832+00:00 https://objects.monarc.lu/object/get/5226 2023-03-31T19:15:40.030724+00:00 ILNAS-OLAS { "authors": [ "L\u00e9on TREFF" ], "label": "ANSSI-LU - KPI et Recommandations", "language": "FR", "refs": [ "" ], "uuid": "e1fa5a46-c673-4286-b933-2cede3450d6b", "values": [ { "code": "KPI-A26 - Efficacit\u00e9 du cours de sensibilisation li\u00e9 \u00e0 la s\u00e9curit\u00e9 de l'information", "description": "Communiquer \u00e0 l'entit\u00e9 l'importance d'atteindre les objectifs en mati\u00e8re de s\u00e9curit\u00e9 de l'information - Mesur\u00e9 par des examens p\u00e9riodiques", "importance": 0, "uuid": "00faf1ff-9b20-4f24-b23f-cbb76f0678ef" }, { "code": "KPI-A32 - Nombre de comptes d'utilisateurs ayant acc\u00e8s au ressources d'information non-li\u00e9es au r\u00f4le", "description": "S'assurer que les syst\u00e8mes d'information sont prot\u00e9g\u00e9s par le principe du moindre privil\u00e8ge - Mesur\u00e9 par des \u00e9chantillonnages p\u00e9riodiques", "importance": 0, "uuid": "0370a596-e6bd-4862-a9d4-0b32838acb60" }, { "code": "RR-A08 - Impl\u00e9mentation d'un SDLC", "description": "Impl\u00e9mentation des bonnes pratiques de d\u00e9veloppement de logiciels (SDLC = Software Development Life CYcle)", "importance": 0, "uuid": "0d2c0158-b257-49ef-9bce-d57ae706d2e2" }, { "code": "KPI-A18 - Couverture des patches et latence", "description": "Identifier le nombre de jours pendant lesquels les syst\u00e8mes sont laiss\u00e9s vuln\u00e9rables et donc la possibilit\u00e9 d'exploiter les vuln\u00e9rabilit\u00e9s des syst\u00e8mes d'information", "importance": 0, "uuid": "0f8985e5-2d51-4479-8075-e6330be2e67f" }, { "code": "KPI-A02 - Nombre de visites accompagn\u00e9es des externes et fournisseurs, selon les besoins", "description": "S\u2019assurer que les externes et fournisseurs sont accompagn\u00e9s l\u00e0 o\u00f9 c'est n\u00e9cessaire - Mesur\u00e9 par des \u00e9chantillonnages p\u00e9riodiques", "importance": 0, "uuid": "119fd0de-c062-4ac4-ae89-aaf193a03c7f" }, { "code": "RR-A15 - Absence de protection d'informations secr\u00e8tes d'authentification", "description": "Impl\u00e9mentation de politques/proc\u00e9dures/outils pour garantir la protection d'informations secr\u00e8tes d'authentification", "importance": 0, "uuid": "15742beb-5f48-4ff0-95ff-247670b8fcde" }, { "code": "KPI-A09 - Revue des accords de service avec les tiers", "description": "S'assurer que les contrats de maintenance sont toujours \u00e0 jour - Revue annuelle ou en cas de changement du contrat", "importance": 0, "uuid": "1ac6f84e-cf77-4ef5-9011-9f51b34f3424" }, { "code": "KPI-A19 - Nombre de mat\u00e9riel non prot\u00e9g\u00e9 par un antivirus / Nombre total de mat\u00e9riel", "description": "S'assurer que le parc complet est bien prot\u00e9g\u00e9 par un anti-virus - Mesur\u00e9 en nombre de mat\u00e9riel non prot\u00e9g\u00e9 par un antivirus / Nombre total de mat\u00e9riel", "importance": 0, "uuid": "1fd3ae36-6c0f-4a0e-ad42-a7cd0ba7ce59" }, { "code": "KPI-A27 - Couverture des formations sur les mat\u00e9riels ou logiciels utilis\u00e9s", "description": "Contr\u00f4ler que les formations couvrent tous mat\u00e9riels et logiciels - Mesur\u00e9 periodiquement", "importance": 0, "uuid": "20c003e1-cf88-4191-a9da-60b4271b6b9c" }, { "code": "KPI-A15 - Revues r\u00e9guli\u00e8res des droits d'acc\u00e8s", "description": "S'assurer que seulement les personnes ayant les permissions correctes ont acc\u00e8s \u00e0 l'information \u00e0 laquelle elles ont droit - Mesur\u00e9 par des \u00e9chantillonnages p\u00e9riodiques", "importance": 0, "uuid": "25e779b8-1b3d-4974-9fc3-01f950ee6552" }, { "code": "KPI-A13 - Efficacit\u00e9 de la proc\u00e9dure du contr\u00f4le d'acc\u00e8s", "description": "S'assurer que les bons acc\u00e8s sont attribu\u00e9s et adapt\u00e9s dans les plus brefs d\u00e9lais en cas de changement de service/sortie - Mesur\u00e9 p\u00e9riodiquement contre la proc\u00e9dure du contr\u00f4le d'acc\u00e8s", "importance": 0, "uuid": "2841e1ee-fa14-4538-8eb4-3c1bfb97a294" }, { "code": "RR-A09 - Pentest des moyens de communications", "description": "Tester la possibilit\u00e9 d'\u00e9coute passive des moyens de communications", "importance": 0, "uuid": "2bac0fb6-3a26-42eb-80d8-f479475f2786" }, { "code": "RR-A01 Impl\u00e9mentation d'une classification des actifs", "description": "Impl\u00e9menter une classification des actifs - Utiliser documents ENR_8-1_Outil_Inventaire_Sources_Actifs et ENR_8-2_Outil_Classification_Inventaire_Actifs", "importance": 0, "uuid": "50843dd7-b54d-4e04-aa1d-4e626808cc7e" }, { "code": "KPI-A10 - Nombre de personnel strat\u00e9gique qui ont un suppl\u00e9ant", "description": "S'assurer que le personnel strat\u00e9gique a un (des) suppl\u00e9ant(s) pour assurer la continuit\u00e9 des services sous sa responsabilit\u00e9 - Mesur\u00e9 en ratio du personnel strat\u00e9gique avec et sans suppl\u00e9ant", "importance": 0, "uuid": "510c2894-3fbf-402f-9e3d-c0339fca8358" }, { "code": "RR-A05 - Effectuer Pentests", "description": "Effecteuer des tests d'intrusion dans les syst\u00e8mes pour \u00e9valuer les droits des utilisateurs et contournements", "importance": 0, "uuid": "57d2c798-b7e4-41d6-a27a-46a6073e7e22" }, { "code": "KPI-A01 - Nombre d\u2019\u00e9quipements disparus, d\u00e9truits ou vol\u00e9s", "description": "Par des externes - Mesur\u00e9 p\u00e9riodiquement", "importance": 0, "uuid": "5d93b3c0-5ca1-43de-8083-143df5c3ecd9" }, { "code": "RR-A02 - Impl\u00e9mentation d'une gestion de dimensionnement (Capacity Management)", "description": "Impl\u00e9mentation d'une gestion de dimensionnement (Capacity Management)", "importance": 0, "uuid": "5f39ba19-e231-4dac-a1bc-d4e7f5b8363e" }, { "code": "KPI-A06 - Efficacit\u00e9 de la charte de bonne conduite", "description": "S'assurer que la charte de bonne conduite est connue par le personnel - Mesur\u00e9 par le nombre de destinataires ayant re\u00e7u la charte de bonne conduite. Rappeler chaque ann\u00e9e la charte de bonne conduite aux agents.", "importance": 0, "uuid": "6f292235-53b5-4c1a-9083-319b97fc5e71" }, { "code": "KPI-A30 - Qualit\u00e9 de gestion du niveau de service", "description": "S'assurer de la qualit\u00e9 du service - Mesur\u00e9 en nombre de dysfonctionnements/pannes par an", "importance": 0, "uuid": "7329bc6f-8f87-47e1-8fa5-44fd6d34822e" }, { "code": "KPI-A24 - Nombre de mat\u00e9riel mobile entrant \u00e0/sortant de l'entit\u00e9", "description": "S'assurer que le mat\u00e9riel mobile entrant \u00e0/sortant de l'entit\u00e9 est connu et correct \u00e0 tout temps - Mesur\u00e9 par des \u00e9chantillonnages p\u00e9riodiques", "importance": 0, "uuid": "7a191a23-6b75-4ecb-be9a-cea4d4736d1e" }, { "code": "KPI-A23 - Nombre de mat\u00e9riel mobile chiffr\u00e9", "description": "S'assurer que le mat\u00e9riel mobile traitant de l'information sensible est chiffr\u00e9 - Mesur\u00e9 par des \u00e9chantillonnages p\u00e9riodiques", "importance": 0, "uuid": "7b5ed417-850a-45df-a9b4-fcee0f8ff71d" }, { "code": "KPI-A28 - Nombre d'erreurs d'utilisation en g\u00e9n\u00e9ral", "description": "Mesurer le nombre de tickets g\u00e9n\u00e9r\u00e9s \u00e0 cause d'erreurs d'utilisation li\u00e9es \u00e0 l'absence de documentation, r\u00e8gles ou proc\u00e9dures", "importance": 0, "uuid": "81c05eaf-fc19-4ec3-b5d2-6a6268490cb5" }, { "code": "KPI-A22 - Adh\u00e9rence aux SLA's par le fournisseur", "description": "S'assurer que les contrats sont bien suivis/adapt\u00e9s aux besoins de l'entit\u00e9 - Mesur\u00e9 en suivant toutes les interventions par un fournisseur", "importance": 0, "uuid": "84fd0d9b-24d1-4275-9545-a1e0c653a3aa" }, { "code": "KPI-A25 - Temps d'adaptation des permissions", "description": "S'assurer que les proc\u00e9dures d'embauche et de changement de service sont effectifs (permissions) - Mesur\u00e9 en temps \u00e9coul\u00e9 entre demande et impl\u00e9mentation", "importance": 0, "uuid": "8af4cf63-898b-4e6a-89a7-85370b9f7bef" }, { "code": "KPI-A04 - Nombre d\u2019\u00e9quipements disparus, d\u00e9truits ou vol\u00e9s", "description": "Par des internes - Mesur\u00e9 p\u00e9riodiquement", "importance": 0, "uuid": "8b973a45-11d7-424a-a502-b114fbd30558" }, { "code": "RR-A07 - Pentest d\u00e9veloppement", "description": "Effectuer des revues de code et des tests d'intrusion", "importance": 0, "uuid": "930b6b9a-d30f-43ff-8f6d-11c9cad6a0ea" }, { "code": "RR-A10 - Cloisonner les environnements de d\u00e9veloppement, de test et de production", "description": "Diminuer le risque d'erreurs (I) et de divulgation d'information (C)", "importance": 0, "uuid": "957e3193-5261-47ea-aad0-c61093e3b9fa" }, { "code": "KPI-A20 - Proc\u00e9dures li\u00e9es au traitement des syst\u00e8mes d'information", "description": "S'assurer du fonctionnement correct et s\u00e9curis\u00e9 des installations de traitement de l'information - Mesur\u00e9 entre le nombre de processus et le nombre de proc\u00e9dures", "importance": 0, "uuid": "99bc0901-baa8-485a-b722-08bb2540d2b1" }, { "code": "RR-A18 - Minimaliser la possibilit\u00e9 d'administrer le syst\u00e8me \u00e0 distance", "description": "Analyser les syst\u00e8mes ayant la possibilit\u00e9 d\u2019\u00eatre administr\u00e9s \u00e0 distance - Retirer cette possibilit\u00e9 ou, en cas de n\u00e9cessit\u00e9, produire, revoir et suivre de pr\u00e8s l'application des proc\u00e9dures", "importance": 0, "uuid": "a18ded3f-c4af-4c48-a8bc-e8b576da4344" }, { "code": "KPI-A12 - Taux de r\u00e9alisation des revues d'habilitations", "description": "S'assurer que les revues des acc\u00e8s se font comme planifi\u00e9es - Mesur\u00e9 en nombre de revues d\u2019habilitations r\u00e9alis\u00e9es/ Nombre de revues d\u2019habilitations planifi\u00e9es", "importance": 0, "uuid": "a341c0d0-6f80-4e41-b8fa-339b45850a6a" }, { "code": "RR-A06 - Impl\u00e9mentation d'une gestion de backups", "description": "Impl\u00e9menter des bonnes pratiques de stockage des sauvegardes", "importance": 0, "uuid": "a512ebca-5daf-4a4e-ac8f-d26d2cec04fd" }, { "code": "KPI-A29 - Suivi du progr\u00e8s de continuit\u00e9 (BCM)", "description": "Existence, tests et revue du plan de reprise", "importance": 0, "uuid": "ab7535d6-068b-4f9b-bce5-dc5b1fa2e072" }, { "code": "KPI-A21 - Efficacit\u00e9 de la proc\u00e9dure de mise au rebut", "description": "S'assurer que les syst\u00e8mes et supports d'information n'ont plus de donn\u00e9es r\u00e9siduelles pr\u00e9sentes - Mesur\u00e9 periodiquement", "importance": 0, "uuid": "afc62888-4f29-4215-b668-5cc1de8b9f02" }, { "code": "KPI-A08 - Ergonomie des logiciels d'acc\u00e8s", "description": "S'assurer de la facilit\u00e9 d'utilisation des logiciels d'acc\u00e8s - Mesur\u00e9 par le nombre de tickets g\u00e9n\u00e9r\u00e9s \u00e0 cause d'erreurs d'utilisation des logiciels d'acc\u00e8s", "importance": 0, "uuid": "b6028245-2dc3-431d-b710-722911e1d839" }, { "code": "RR-A14 - Adoption/Cr\u00e9ation d'une charte de bonne conduite", "description": "Instaurer une culture autour de la s\u00e9curit\u00e9 de l'information", "importance": 0, "uuid": "c1db8f23-d3e6-428f-a5df-67b7514af5d4" }, { "code": "KPI-A17 - Qualit\u00e9 de gestion du niveau de service", "description": "S'assurer de la qualit\u00e9 du niveau de service - Mesur\u00e9 en nombre de dysfonctionnements/pannes par an", "importance": 0, "uuid": "c4822528-8211-4959-ade2-ebb5458ff8fd" }, { "code": "RR-A17 - Effectuer une \u00e9tude de continuit\u00e9 (BCM)", "description": "Effectuer une \u00e9tude BCM (Business Continuity Management) pour analyser les \u00e9carts et besoins en continuit\u00e9 des services", "importance": 0, "uuid": "c631a084-db8e-4356-a4cd-de7ff06b0856" }, { "code": "KPI-A05 - Nombre de NDA\u2019s sign\u00e9s dans le d\u00e9lai pr\u00e9vu", "description": "S\u2019assurer que les externes et fournisseurs sont au courant des exigences de l\u2019entit\u00e9 - Mesur\u00e9 par des \u00e9chantillonnages p\u00e9riodiques", "importance": 0, "uuid": "ca954180-92b7-49fe-b66c-ca219c15bba8" }, { "code": "RR-A12 - Enlever les droits d'administrateur local", "description": "\u00c9viter que les utilisateurs peuvent installer des programmes eux-m\u00eames", "importance": 0, "uuid": "ccba1e3b-1058-4d67-aec6-d9ee0eea5b10" }, { "code": "KPI-A03 - Revue r\u00e9guli\u00e8re des acc\u00e8s physiques", "description": "S'assurer qu'il y a un suivi stricte des acc\u00e8s physiques - Mesur\u00e9 p\u00e9riodiquement en % de non-conformit\u00e9", "importance": 0, "uuid": "dab1f8e6-12a3-428e-abd4-352fa6e5880f" }, { "code": "KPI-A14 - Conservation mensuelle des journaux", "description": "S\u2019assurer de la r\u00e9ception et revue des journaux d\u2019acc\u00e8s, au moins une fois par mois - Contr\u00f4le ponctuel des syst\u00e8mes pour assurer une gestion d\u2019acc\u00e8s stricte.", "importance": 0, "uuid": "e4cb6ee9-b764-4e18-b3a7-78291c674020" }, { "code": "RR-A04 - D\u00e9placement des actifs critiques", "description": "D\u00e9placement des actifs critiques vers des zones s\u00e9curis\u00e9es", "importance": 0, "uuid": "e7bac196-04c8-4a72-b6b7-3bb6dd3d983a" }, { "code": "RR-A13 - Adoption/Cr\u00e9ation d'une politique de s\u00e9curit\u00e9 de l'information", "description": "Impl\u00e9menter les r\u00e8gles g\u00e9n\u00e9rales de la s\u00e9curit\u00e9 de l'information", "importance": 0, "uuid": "e85b7b66-6cf1-47d8-bda4-b13c9ca4b8bb" }, { "code": "KPI-A16 - Taux de sets de documentation \u00e0 jour", "description": "S'assurer que les sets de documentation sont \u00e0 jour - Prendre un portrait instantan\u00e9 de l'\u00e9tat (en %) des politiques et proc\u00e9dures termin\u00e9es qui appuient les logiciels d'acc\u00e8s", "importance": 0, "uuid": "eb2122db-d3b2-4fe4-af4c-7666f9ca8a15" }, { "code": "KPI-A07 - Nombre de fois que le fournisseur n'a pas respect\u00e9 le SLA", "description": "S'assurer que les contrats sont bien suivis/adapt\u00e9s aux besoins de l'entit\u00e9 - Mesur\u00e9 en suivant toutes les interventions par un fournisseur", "importance": 0, "uuid": "eb76ecb8-3a73-4c66-82f8-4db735965746" }, { "code": "RR-A03 - Impl\u00e9mentation d'une gestion des changements (Change Management)", "description": "Impl\u00e9mentation d'une gestion des changements (Change Management)", "importance": 0, "uuid": "f0080535-125b-4e19-8943-f3a7bd4770a9" }, { "code": "RR-A11 - Appliquer la PSI / charte de bonne conduite", "description": "D\u00e9motiver l'installation d'applications sans contr\u00f4le", "importance": 0, "uuid": "f73ec6ae-4384-412d-b2cd-fb308ac89420" }, { "code": "KPI-A11 - Qualit\u00e9 des backups", "description": "S\u2019assurer de la fonctionnalit\u00e9 et qualit\u00e9 des backups - Mesur\u00e9 par ex\u00e9cution de tests de backups et de restauration de backups", "importance": 0, "uuid": "f89598a0-b77e-47bf-aabc-83f335304848" }, { "code": "RR-A16 - Absence de d\u00e9finition des responsabilit\u00e9s", "description": "Impl\u00e9mentation et approbation d'un tableau RACI", "importance": 0, "uuid": "fd5e7bd0-e54d-49a5-9237-b5f645a1e4ef" }, { "code": "KPI-A31 - Suivi mensuel des journaux", "description": "S\u2019assurer de la r\u00e9ception et revue des journaux d\u2019acc\u00e8s, au moins une fois par mois", "importance": 0, "uuid": "fe7caa31-f67f-41fc-94f5-d2f769e01fb0" } ], "version": 0 } 2021-09-27T12:33:56.614936+00:00 https://objects.monarc.lu/object/get/5218 2023-03-31T19:15:40.030637+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A03_2021-Injection" ], "code": "A03:2021", "description": "Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection. The concept is identical among all interpreters. Source code review is the best method of detecting if applications are vulnerable to injections. Automated testing of all parameters, headers, URL, cookies, JSON, SOAP, and XML data inputs is strongly encouraged. Organizations can include the static source (SAST) and dynamic application test (DAST) tools into the CI/CD pipeline to identify introduced injection flaws before production deployment.", "label": "Injection", "language": "EN", "uuid": "8ecb698f-8f75-4c45-befd-0ab8ff8a611a" } 2021-09-30T12:41:23.492352+00:00 https://objects.monarc.lu/object/get/5225 2023-03-31T19:15:40.030549+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_(SSRF)" ], "code": "A10:2021", "description": "SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network ACL.", "label": "Server-Side Request Forgery (SSRF)", "language": "EN", "uuid": "428b0104-3d21-4d6d-872a-d728db617fdf" } 2021-09-30T12:41:23.506293+00:00 https://objects.monarc.lu/object/get/5224 2023-03-31T19:15:40.030460+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/" ], "code": "A09:2021", "description": "Returning to the OWASP Top 10 2021, this category is to help detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected. Insufficient logging, detection, monitoring, and active response occurs any time.", "label": "Security Logging and Monitoring Failures", "language": "EN", "uuid": "e328e0bf-8d2e-4137-8c4a-79c47355cc85" } 2021-09-30T12:41:23.517272+00:00 https://objects.monarc.lu/object/get/5223 2023-03-31T19:15:40.030370+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/" ], "code": "A08:2021", "description": "Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. For example, where objects or data are encoded or serialized into a structure that an attacker can see and modify is vulnerable to insecure deserialization. Another form of this is where an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs). An insecure CI/CD pipeline can introduce the potential for unauthorized access, malicious code, or system compromise. Lastly, many applications now include auto-update functionality, where updates are downloaded without sufficient integrity verification and applied to the previously trusted application. Attackers could potentially upload their own updates to be distributed and run on all installations.", "label": "Software and Data Integrity Failures", "language": "EN", "uuid": "b6d3b37e-2a87-4050-a75c-d9054e1dae7d" } 2021-09-30T12:41:23.528420+00:00 https://objects.monarc.lu/object/get/5222 2023-03-31T19:15:40.030279+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/" ], "code": "A07:2021", "description": "Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.", "label": "Identification and Authentication Failures", "language": "EN", "uuid": "a3890b18-273e-4fa0-a3df-04da182b7486" } 2021-09-30T12:41:23.539415+00:00 https://objects.monarc.lu/object/get/5221 2023-03-31T19:15:40.030188+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/" ], "code": "A06:2021", "description": "If you do not know the versions of all components you use (both client-side and server-side). This includes components you directly use as well as nested dependencies, etc.", "label": "Vulnerable and Outdated Components", "language": "EN", "uuid": "83c28543-e0f3-47d1-acf7-ee9d913a2caa" } 2021-09-30T12:41:23.548979+00:00 https://objects.monarc.lu/object/get/5220 2023-03-31T19:15:40.030077+00:00 OWASP { "authors": [ "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/" ], "code": "A05:2021", "description": "Missing appropriate security hardening across any part of the application stack or improperly configured permissions on cloud services, etc.", "label": "Security Misconfiguration", "language": "EN", "uuid": "13b700b3-9714-4ff3-be6c-f3ce2f66fbbb" } 2021-09-30T12:41:23.559533+00:00 https://objects.monarc.lu/object/get/5219 2023-03-31T19:15:40.029967+00:00 OWASP { "authors": [ "OWASP project" ], "code": "A04:2021", "description": "Insecure design is a broad category representing many different weaknesses, expressed as \u201cmissing or ineffective control design.\u201d Missing insecure design is where a control is absent. For example, imagine code that should be encrypting sensitive data, but there is no method. Ineffective insecure design is where a threat could be realized, but insufficient domain (business) logic validation prevents the action. For example, imagine domain logic that is supposed to process pandemic tax relief based upon income brackets but does not validate that all inputs are correctly signed and provides a much more significant relief benefit than should be granted.", "label": "Insecure Design", "language": "EN", "uuid": "3164fd8c-4f07-4388-947c-5d0fea29edf8" } 2021-09-30T12:41:23.569473+00:00 https://objects.monarc.lu/object/get/5217 2023-03-31T19:15:40.029814+00:00 OWASP { "authors": [ "OWASP project" ], "code": "A02:2021", "description": "The first thing is to determine the protection needs of data in transit and at rest. For example, passwords, credit card numbers, health records, personal information, and business secrets require extra protection, mainly if that data falls under privacy laws, e.g., EU's General Data Protection Regulation (GDPR), or regulations, e.g., financial data protection such as PCI Data Security Standard (PCI DSS).", "label": "Cryptographic Failures", "language": "EN", "uuid": "f9f579cf-4ca6-411a-a7ed-18a0f5c94e77" } 2021-09-30T12:41:23.579561+00:00 https://objects.monarc.lu/object/get/5216 2023-03-31T19:15:40.028807+00:00 OWASP { "authors": [ "OWASP project" ], "code": "A01:2021", "description": "Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.", "label": "Broken Access Control", "language": "EN", "uuid": "d9f75297-8bc0-4d97-a17e-6a30c089ae05" } 2021-09-30T12:41:23.589072+00:00 https://objects.monarc.lu/object/get/29 2023-03-31T19:15:40.027287+00:00 MONARC { "label": "NIST - ISO/IEC 27002", "refs": [ "https://www.nist.gov/cyberframework/framework" ], "security referentials UUID": [ "fcf78560-3d12-42ba-8f4a-5761ca02ac94", "98ca84fb-db87-11e8-ac77-0800279aaa2b" ], "uuid": "47c88411-1870-4b86-99e9-6e2325a28559", "values": [ { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "892d5462-ee77-4379-ab88-a78f3eff45c1", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "02cc6244-c9d8-4db1-aeb3-a05933207c9d", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "70e202bf-2270-4daf-8fb5-4f6fb10de979", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "2736e702-38ef-439d-9e8b-989ef56f8735", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "2736e702-38ef-439d-9e8b-989ef56f8735", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "e94941eb-31da-40e0-b944-07c43233e7c0", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "e94941eb-31da-40e0-b944-07c43233e7c0", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "771e3059-9eb4-4313-94b4-f0e8fa102498", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" } ], "version": 1 } 2021-10-12T14:36:23.530522+00:00 https://objects.monarc.lu/object/get/32 2023-03-31T19:15:40.024537+00:00 MONARC { "label": "NIST Core - NIST SP 800-53 (Rev.5)", "refs": [ "https://www.nist.gov/cyberframework/framework" ], "security referentials UUID": [ "fcf78560-3d12-42ba-8f4a-5761ca02ac94", "cfd2cd50-95fa-4143-b0e5-794249bacae1" ], "uuid": "39e559bb-2365-4455-b220-517e129992ef", "values": [ { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "515fb4c4-2a45-47b7-9a7a-5878f1bbad9c" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "515fb4c4-2a45-47b7-9a7a-5878f1bbad9c" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "6c55f12d-0f58-4caf-9c27-91c38d3620e3" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "063f894b-5f12-4e99-8277-6e21692c977d" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "control": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c", "match": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2" }, { "control": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "76c33e82-04e2-4ee5-88c6-40939d8349a7" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "63f9f527-2c63-4fda-acda-7ebcf3025873", "match": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "control": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "6d3fbb99-fa7d-4c65-9c5f-928044a5840f" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "b705c1c5-aee2-4cb0-9f55-f045fc627f34" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "6fd6cc79-208a-4f2c-8a05-9adae75fd255" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "468658d8-61b8-4757-8c28-d6017337ea91" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "9bc48f7a-6863-421d-96c5-7e7099ef2415" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "698ebcc9-cf38-49d4-9a7a-dce61bbff968" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "b41dacdb-78d6-4744-bcae-5a46b95cfe04" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "74b14d2d-6320-4ac9-9b74-d93177dd4329" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "7fb408ab-f358-489d-be81-5b9395da78a7" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "bcc51690-d12c-41a8-bd76-6aae187a8afc" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "5b92c7ee-202b-4de8-983c-74937b86b48f" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "c1738677-3cae-4833-97b4-f2f3c04dd5e0" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "3c492512-da9f-4112-a76a-3e5cb0400e6f" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "675a9b3f-8abe-4b6f-948e-b701c2a02a84" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "11fe35fa-d904-4137-9961-307097961e0c" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "96e2a11b-1b39-4903-be42-374102c930df" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "293ebc1c-0452-41f8-ab14-101846241a47" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "468658d8-61b8-4757-8c28-d6017337ea91" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "9bc48f7a-6863-421d-96c5-7e7099ef2415" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "698ebcc9-cf38-49d4-9a7a-dce61bbff968" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "b41dacdb-78d6-4744-bcae-5a46b95cfe04" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "74b14d2d-6320-4ac9-9b74-d93177dd4329" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "7fb408ab-f358-489d-be81-5b9395da78a7" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "bcc51690-d12c-41a8-bd76-6aae187a8afc" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "5b92c7ee-202b-4de8-983c-74937b86b48f" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "c1738677-3cae-4833-97b4-f2f3c04dd5e0" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "3c492512-da9f-4112-a76a-3e5cb0400e6f" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "675a9b3f-8abe-4b6f-948e-b701c2a02a84" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "11fe35fa-d904-4137-9961-307097961e0c" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "96e2a11b-1b39-4903-be42-374102c930df" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "54613df0-e745-4205-a828-827aca596814" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "898d7024-6d3f-4d9a-868f-34ea1e451801" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "ecefd9da-a07c-41c2-9397-017e878bdb67" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "ec1457b8-d116-45a4-8c61-5b8ddba8a2b9" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "2080500f-047a-4695-841f-326310fd6a79" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "d32c4960-9581-4717-9a02-690d61709153" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "83caa43e-7179-4477-8665-66d47d058417" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "9a9f32cf-d951-4909-98fe-c6a936af3913" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "control": "98ce2a28-d424-4436-8c41-2ec0e8d563fa", "match": "08327040-541f-40b4-a1cc-815d9298afe0" }, { "control": "98ce2a28-d424-4436-8c41-2ec0e8d563fa", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "e384f897-1b70-49a5-8491-24c035e1451f", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "7a9f7d35-6714-4182-ae88-d9ff575224a6", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "650ec6f8-fbad-4fe7-a0db-62d3861a5372" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "8b250e6b-4463-4d55-9241-c99db31a838c" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "e499f145-1fad-49e2-9403-f50a2a9801e8" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "69e93c59-0239-4bc8-8d5f-d2c65c706f46" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "e1211579-cdf4-4357-ba8a-3a5c46401837" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "e37e0d76-3ea8-49e4-b65b-a5e2645a902a" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "1bf6a2b8-b728-49a2-953f-0a965d966db1" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "7c68c0c2-fea5-44d1-8580-5170edd92e22" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "17a82de8-0490-4100-a4fb-2ad9af49d594" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "f0b81b68-372d-4ced-9c6b-7d8ae3da799c" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "625e343d-7aa1-46e1-939b-50f5b8f5f5b4" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "e8ed7158-ffc1-44a4-8673-80286ad97b36" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "b3ee40ae-b296-4e88-9033-cb669e98f11c" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "1b2e1483-0a0e-4c84-ad44-42db07d6172f" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "250001c2-f02d-496c-917e-70034724bfd6" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "d44c41d6-5fa9-4fac-9751-a8236a103c35" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "35f0172f-4770-4f69-9aa7-8b48a880c85a" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "cea02331-b15a-42bb-ae5c-826afb449240" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "90b4a207-023d-4ac4-a1dd-c5ca32453de2" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "33d42330-bde6-4964-82c9-fd2eaa07792d" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "2feed753-8333-46b9-b4a0-ffd78e6d5f96" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "33d42330-bde6-4964-82c9-fd2eaa07792d" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "250001c2-f02d-496c-917e-70034724bfd6" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "f8e45f26-413c-4c61-be2c-216ec688ecb1" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "2006d82c-a148-470f-ad3d-339980bb69b9" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "a06fe04e-e834-42c9-8b4f-d998eb493136" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "48e9827d-60b5-4637-89fa-45dfb4231ff7" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "db302cfa-325b-4d4d-a6b3-f85618ca4eb6" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "90b4a207-023d-4ac4-a1dd-c5ca32453de2" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "e37e0d76-3ea8-49e4-b65b-a5e2645a902a" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "17a82de8-0490-4100-a4fb-2ad9af49d594" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "f0b81b68-372d-4ced-9c6b-7d8ae3da799c" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "625e343d-7aa1-46e1-939b-50f5b8f5f5b4" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "6c3aaa6d-9e7c-4dd3-b753-ba11c11ae5a6" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "b6ed1637-26e3-4278-9552-89601f278d8c" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "6726eb21-52f9-4922-a1d6-50c098ddba74" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "a35f7748-5868-46cd-9dea-b4e87fde8311" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "583129dc-d3e3-49c3-8ee9-3fbf18e020de" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "282a9038-ea94-420f-bbaf-fe4abc7addce" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "6726eb21-52f9-4922-a1d6-50c098ddba74" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "b0779c7f-7db2-4af2-ab93-5c000a889408" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "de6195c6-1fc1-423a-a748-785653c9324f" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "6145995f-74e1-4479-ba93-c1cdd9e34f8c" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "f929ec71-03e0-40a2-92eb-4078894a18a2" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "35f0172f-4770-4f69-9aa7-8b48a880c85a" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "cea02331-b15a-42bb-ae5c-826afb449240" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "244cbc08-55d5-46ea-ba28-aec72f16b337" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "012149b7-7c59-4220-83bf-d6879a886f20" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "583129dc-d3e3-49c3-8ee9-3fbf18e020de" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "edd532b7-577e-441b-820c-3b73fbd11c79" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "716c6729-ab0f-4334-a9e6-278dea6a702b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "35964415-2e6b-4a69-b04b-5e0208872f56" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "b4f2c588-db91-4ad4-8122-9d3805a8a54a" }, { "control": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f", "match": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "control": "892d5462-ee77-4379-ab88-a78f3eff45c1", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "892d5462-ee77-4379-ab88-a78f3eff45c1", "match": "b4f2c588-db91-4ad4-8122-9d3805a8a54a" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "4d738f6e-3999-4a07-97f8-552ef2df77f3" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "dce2b6b6-33dd-45b1-9006-e09493aa95e3" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "dfeeec44-4cd4-49f8-8a41-2c03f786f818" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "d0557646-d1eb-4d79-8670-b1cdaf1072be" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "d6871e86-4df5-4d80-8529-3ec214940b69" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "729aa83b-a59b-48a0-b0a0-c592402dcae7" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "6fd6cc79-208a-4f2c-8a05-9adae75fd255" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "650ec6f8-fbad-4fe7-a0db-62d3861a5372" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "95f027c8-c84f-474f-bd23-872f96e00dc9" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "2fd75399-324e-40ed-9a82-80089816f398" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "1f5c3fc5-4d27-4018-9f49-ca7edc61d5b4" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "fc3d8c4c-8ced-4f4a-8ad0-a1ae01b35a21" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "9e1e9b36-aa61-4d54-a07c-2c74c341282c" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "f2787cae-deb0-4090-9ed7-866b15d96df2" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "4d738f6e-3999-4a07-97f8-552ef2df77f3" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "60a84903-025a-40c5-9cf6-dad960e55cf1" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "990ee3a7-3044-4c8f-8387-946a7a9aba76" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "5cf67afa-7a43-4dd4-b1db-dd28862a689c" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "51e4fd6c-0aa8-4604-b13d-bf74c9706922" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "9dda0a30-be3d-4752-867d-bf9570971c52" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "6448f036-bdb2-4f21-8e30-0acf8073215d" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "53ae3aa9-d88e-4f55-a040-375cfe348c48" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "b0779c7f-7db2-4af2-ab93-5c000a889408" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "8047a1c6-e890-4817-982d-04fcdc2820a2" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "d5a60a37-684d-4b4b-b8a2-7d03814ff70d" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "5d4dc43c-9c46-4fc5-969b-02a1421acf42" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "1dfd046a-a422-4089-9fda-c141e865042a" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "b827b7db-76ee-4fda-b193-3004feef59e0" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "5278ff6f-473b-4a2c-8234-1a6a3198c701" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "54802539-1d62-43c3-8f7e-8c7e03087812" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "e1211579-cdf4-4357-ba8a-3a5c46401837" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "aead24db-a196-4daf-a099-60b1d1991d70" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "fd87a967-2217-418d-8378-b0773b7ca356" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "4d28a85e-20d2-4186-995e-de48a90eebb4" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "db5781c8-b759-47de-9862-27b2d3c2b568" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "012149b7-7c59-4220-83bf-d6879a886f20" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "4b7824ea-dc4e-4938-9ebd-36b865f88585" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "7277cac1-5813-4356-b108-72fe5263f8c3" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "83caa43e-7179-4477-8665-66d47d058417" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "9d4a3657-457f-4223-adfe-d0b2df91ffc3" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "508b0a74-cd81-4a65-b2c1-bb4c193adc53" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "be8d5a19-945d-4b26-9499-790193e65b06" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "9368a916-1fac-4dd2-b621-751ef4483a72" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "a8768b25-29ff-4b0a-a61e-89a2dacb2ff8" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "0de44076-cd30-439a-9375-c7c6692da6b2" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "8b250e6b-4463-4d55-9241-c99db31a838c" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "6145995f-74e1-4479-ba93-c1cdd9e34f8c" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "bcc90c0a-8c92-4e75-ba67-a9dd2a64ca9d" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "8314aca6-82c0-4955-a6d3-78f41146ef15" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "b9383590-e160-4840-b6e7-9476aeb6b8c0" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "aff838cd-5392-4620-be39-87c4ae7b6d33" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "52e68421-ebcf-453f-8e42-48813d47dcf6" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "30ccd853-e570-4c61-98d0-4837692d0654" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "ca6dc3b4-45ad-4a17-84c2-06fe7de2936e" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "d447bf80-7c6e-4e16-9f69-a15ed7eafd92" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "43d6e18f-7d4e-43f5-af7f-ea6d07d37299" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "e499f145-1fad-49e2-9403-f50a2a9801e8" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "14555491-0f15-428b-9ecd-836c6307675c" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "70ccf1af-4cad-443a-9dcd-9b49c4b6aec8" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "50272033-eb78-4309-84e0-303320d75b87" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "025d84e9-5612-404e-acf4-5d860c01a73c" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "cc087e48-874b-4953-adcc-96fac3f19306" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "b6ed1637-26e3-4278-9552-89601f278d8c" }, { "control": "02cc6244-c9d8-4db1-aeb3-a05933207c9d", "match": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "control": "02cc6244-c9d8-4db1-aeb3-a05933207c9d", "match": "d0557646-d1eb-4d79-8670-b1cdaf1072be" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "1b2e1483-0a0e-4c84-ad44-42db07d6172f" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "5dad70d6-04e6-4ad0-9c32-c565e40329ad" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "a33021fe-acc7-43cb-9556-8d0ccfe41cf1" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "4797690e-c2e2-4106-878e-14d789fe1b06" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "6938d14b-381c-4077-9505-7c33c62b6e34" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "ac363e88-daae-4198-aa53-f704e103ef02" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "d80f59b0-9c5f-4ca8-b18f-9e07f791e66e" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "a3829b6b-d219-4f77-9da6-528349ddd6e4" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "6eadc9b8-2337-4847-ace5-f68686199ee7" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "d9e23dad-dcf3-4def-86e9-5af6a6d631ce" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "41ba0004-50a7-44bb-9ca4-5f84ce06e4c0" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "f3a16482-f15d-49ea-b206-b3f7400513fd" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "108a06d5-4b5d-4728-9823-d106445d8880" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "be303727-2dc9-4e23-a026-282fa8012ed6" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "714ae5c2-00a0-4163-b949-699dfd3ab8a0" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "f98811b7-6972-4372-96b0-4f13bb8d49d6" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "b5a7b5c7-6c5b-4014-b30c-6fe8325b564c" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "1dfd046a-a422-4089-9fda-c141e865042a" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "b705c1c5-aee2-4cb0-9f55-f045fc627f34" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "5278ff6f-473b-4a2c-8234-1a6a3198c701" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "76c33e82-04e2-4ee5-88c6-40939d8349a7" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "6c55f12d-0f58-4caf-9c27-91c38d3620e3" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "f929ec71-03e0-40a2-92eb-4078894a18a2" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "2fd70998-9247-4efd-923d-276f5c76b3b9" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "ca6dc3b4-45ad-4a17-84c2-06fe7de2936e" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "8ccaf96b-99b1-4677-be72-1e072cc26ebd" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b" }, { "control": "70e202bf-2270-4daf-8fb5-4f6fb10de979", "match": "15dfbe37-4a2d-4df7-b00c-f558524b561c" }, { "control": "70e202bf-2270-4daf-8fb5-4f6fb10de979", "match": "8cf0e5df-fb43-4dd0-a65e-d635d5902ffc" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "6f766bc2-750a-4249-89c9-39cf288143d5" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "d8aa0a75-a5b2-4556-9664-5b1d5ea7419c" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "729aa83b-a59b-48a0-b0a0-c592402dcae7" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "2fd70998-9247-4efd-923d-276f5c76b3b9" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "6922787a-2fcb-4cfe-a3bc-a75e7c49fccd" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "280c9bba-f2e4-401f-911a-cdab227ac433" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "15dfbe37-4a2d-4df7-b00c-f558524b561c" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "8047a1c6-e890-4817-982d-04fcdc2820a2" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "5ba61017-362e-411b-929d-c76c27358660" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "69e93c59-0239-4bc8-8d5f-d2c65c706f46" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "34a2e449-b69d-4f75-a548-8c5faee598b5", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "34a2e449-b69d-4f75-a548-8c5faee598b5", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "34a2e449-b69d-4f75-a548-8c5faee598b5", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf", "match": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a", "match": "8314aca6-82c0-4955-a6d3-78f41146ef15" }, { "control": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7", "match": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "control": "2736e702-38ef-439d-9e8b-989ef56f8735", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "e94941eb-31da-40e0-b944-07c43233e7c0", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "5ba61017-362e-411b-929d-c76c27358660" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" } ], "version": 1 } 2021-10-12T14:54:09.183756+00:00 https://objects.monarc.lu/object/get/35 2023-03-31T19:15:40.024036+00:00 MONARC { "label": "NIS security measures - NIST Core", "refs": [ "https://www.enisa.europa.eu/topics/nis-directive/minimum-security-measures-for-operators-of-essentials-services" ], "security referentials UUID": [ "3f4a2a67-a1f9-46e1-8d71-7f6486217bb7", "fcf78560-3d12-42ba-8f4a-5761ca02ac94" ], "uuid": "9f6e74bb-c643-4654-bc6d-76dcab49c357", "values": [ { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "d2e86e2d-5bec-42a2-b642-69995b6abcf0" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "cc6aad46-1887-4da6-93e3-c707be07b9f5" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "0550c268-534a-4311-920d-84466e4865c4" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "1bad7834-b740-48ff-8450-5792b55614db" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "7c09a9bf-407c-4509-94c0-af8314fc3b86" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "6d0bfd47-88dc-484a-aed8-196eaa12c4db" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "98ce2a28-d424-4436-8c41-2ec0e8d563fa" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "e384f897-1b70-49a5-8491-24c035e1451f" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "7a9f7d35-6714-4182-ae88-d9ff575224a6" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "97331ab3-3365-4fb0-894c-578c460720fa" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "7a4074cc-5b40-486a-9a52-6b49be7f95e6" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "29613b2e-8def-417e-85fa-31aa5ef5de3b" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "4e2499c0-d23d-4977-9e9f-6323af31be24" }, { "control": "d646a78e-68d8-4d60-a01f-455b1a0df4f1", "match": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "01d259f0-ece0-4f7c-91bf-d09844c576cc" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "987e9304-80fd-4470-b8b4-213f41a0a957" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "92a81683-1877-48d3-9d5a-c7c0ddd9852b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "231fc2b1-80c2-450e-9d80-f804f5a8984c" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "acfea27c-c6d5-421a-9ae4-2db82610cc41" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "46555297-7af1-4d59-ac07-6e627aef4dda" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "63f9f527-2c63-4fda-acda-7ebcf3025873" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "30a7a092-3e00-4d33-aec2-66d019c2ff03" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "800fc6f9-e574-4152-89e6-30bae7da4adc" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "f5f8ef4a-25f2-4169-b279-424081fc6125", "match": "a6b301ed-e0c1-467d-8e42-e2796c64b785" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "50fc2488-b730-48ae-abf8-93e60f141404" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "766520fa-3439-4382-babc-eb7d9d6b1f52" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "a6b301ed-e0c1-467d-8e42-e2796c64b785" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "7cd438b8-038b-4f1f-a431-a1a1a83e009c" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "6da92eea-2f74-458f-a643-361df7ea9f2f" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "831f20de-eadb-44a7-82f3-fcb116d8cb69" }, { "control": "efcb645f-ca20-484d-a3b7-6ef98db907ff", "match": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "382fe4f1-9f05-4169-a343-2c961a8cf359" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "f01b50b8-0e54-4f8f-afee-0ec56f788a42" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "a8f83595-0327-4e24-9557-0e8d9b82856f" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "70e202bf-2270-4daf-8fb5-4f6fb10de979" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "54eeaae4-2b82-43ce-9a61-40d453116d8d" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "bbb99e89-ee33-46fc-bc03-1582631210c4" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "48a13f85-a811-43fa-a0e8-89f67fb2743f" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "f9d1a926-5d39-4123-8b83-a94c21ff18e5" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "23e4c883-c358-4b64-8d7e-249c67b7f1f2" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "025611cb-8431-4a9c-a88c-039141472418" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "69f50c12-9eab-4305-be4f-97a2002ccc0c" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "31dc508e-664e-4173-8757-00ec985115c8" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "3f6e72ed-2984-452d-badd-5563acbf0450" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "e6ab0d96-2ced-445d-a19f-97710b2cc346" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "0c7c3558-9c78-4bcc-816b-9123c899b653" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "4fe097cd-e0c0-4698-a209-43ffb553a279" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "b237b4b1-a21a-4122-b4c8-e068ad58ef21" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "2736e702-38ef-439d-9e8b-989ef56f8735" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "e94941eb-31da-40e0-b944-07c43233e7c0" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "0de24c0a-53cb-4481-9b8d-fccc252e4f03" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "34a2e449-b69d-4f75-a548-8c5faee598b5" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "75942c69-3336-4e82-bf59-515aaa6e3513" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "2e411d93-1836-4dbc-baf1-a747d2a9915a" }, { "control": "f87f15fe-0170-4164-90de-091d9519d140", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "control": "f87f15fe-0170-4164-90de-091d9519d140", "match": "e4f85702-5874-4361-beec-45d00b379c5b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "e4f85702-5874-4361-beec-45d00b379c5b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" } ], "version": 1 } 2021-10-12T14:54:58.236716+00:00 https://objects.monarc.lu/object/get/31 2023-03-31T19:15:40.021452+00:00 MONARC { "label": "NIST SP 800-53 (Rev.5) - ISO/IEC 27002", "refs": [ "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft" ], "security referentials UUID": [ "cfd2cd50-95fa-4143-b0e5-794249bacae1", "98ca84fb-db87-11e8-ac77-0800279aaa2b" ], "uuid": "5696c21b-4b52-4230-be0c-89352b8c9baa", "values": [ { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "35f0172f-4770-4f69-9aa7-8b48a880c85a", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "f8e45f26-413c-4c61-be2c-216ec688ecb1", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "2006d82c-a148-470f-ad3d-339980bb69b9", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "a06fe04e-e834-42c9-8b4f-d998eb493136", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "48e9827d-60b5-4637-89fa-45dfb4231ff7", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "48e9827d-60b5-4637-89fa-45dfb4231ff7", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "33d42330-bde6-4964-82c9-fd2eaa07792d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "5dad70d6-04e6-4ad0-9c32-c565e40329ad", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "5dad70d6-04e6-4ad0-9c32-c565e40329ad", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "5dad70d6-04e6-4ad0-9c32-c565e40329ad", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "250001c2-f02d-496c-917e-70034724bfd6", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "250001c2-f02d-496c-917e-70034724bfd6", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "250001c2-f02d-496c-917e-70034724bfd6", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "5d4dc43c-9c46-4fc5-969b-02a1421acf42", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "5d4dc43c-9c46-4fc5-969b-02a1421acf42", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "5d4dc43c-9c46-4fc5-969b-02a1421acf42", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ccd5e72f-92d7-4824-8caa-9a75209849d2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a32e8643-88b7-4fa6-9a25-f67b9236b9d0", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "6145995f-74e1-4479-ba93-c1cdd9e34f8c", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc90c0a-8c92-4e75-ba67-a9dd2a64ca9d", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "b9383590-e160-4840-b6e7-9476aeb6b8c0", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "aff838cd-5392-4620-be39-87c4ae7b6d33", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "aff838cd-5392-4620-be39-87c4ae7b6d33", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "aff838cd-5392-4620-be39-87c4ae7b6d33", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "30ccd853-e570-4c61-98d0-4837692d0654", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "30ccd853-e570-4c61-98d0-4837692d0654", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "30ccd853-e570-4c61-98d0-4837692d0654", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d447bf80-7c6e-4e16-9f69-a15ed7eafd92", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "e499f145-1fad-49e2-9403-f50a2a9801e8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "1efbb7bc-a9df-41b0-af65-c8c7cc593246", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "1efbb7bc-a9df-41b0-af65-c8c7cc593246", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "1efbb7bc-a9df-41b0-af65-c8c7cc593246", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "6c55f12d-0f58-4caf-9c27-91c38d3620e3", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "6c55f12d-0f58-4caf-9c27-91c38d3620e3", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "6c55f12d-0f58-4caf-9c27-91c38d3620e3", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "0af9100d-df42-4d7e-953d-8c1fd56dff85", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5264169d-4e61-40b7-800e-1998f41af781", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "4d738f6e-3999-4a07-97f8-552ef2df77f3", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "4d738f6e-3999-4a07-97f8-552ef2df77f3", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "d0557646-d1eb-4d79-8670-b1cdaf1072be", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "36ae972c-4543-4548-8946-47cb651ed0ef", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "36ae972c-4543-4548-8946-47cb651ed0ef", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "36ae972c-4543-4548-8946-47cb651ed0ef", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "8ccaf96b-99b1-4677-be72-1e072cc26ebd", "match": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "control": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "50310b7b-0a4b-4572-998c-5954f7d6750e", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "4c98569b-ec41-4758-b8a3-5bd75b56d38b", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "4c98569b-ec41-4758-b8a3-5bd75b56d38b", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "60a84903-025a-40c5-9cf6-dad960e55cf1", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "60a84903-025a-40c5-9cf6-dad960e55cf1", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "60a84903-025a-40c5-9cf6-dad960e55cf1", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "1dfd046a-a422-4089-9fda-c141e865042a", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "1dfd046a-a422-4089-9fda-c141e865042a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "1dfd046a-a422-4089-9fda-c141e865042a", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "01096bf7-a45e-40d9-851e-72a6b8d7344a", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "01096bf7-a45e-40d9-851e-72a6b8d7344a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "5ba61017-362e-411b-929d-c76c27358660", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "b705c1c5-aee2-4cb0-9f55-f045fc627f34", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "5278ff6f-473b-4a2c-8234-1a6a3198c701", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "23ab9d48-396c-4f20-9344-e6a6bd2439a2", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "23ab9d48-396c-4f20-9344-e6a6bd2439a2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "1bf6a2b8-b728-49a2-953f-0a965d966db1", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "7c68c0c2-fea5-44d1-8580-5170edd92e22", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "df6812ce-357b-44ae-8979-a663a85fa687", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "df6812ce-357b-44ae-8979-a663a85fa687", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "b41dacdb-78d6-4744-bcae-5a46b95cfe04", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "4123ace0-da01-431c-997c-bd03e3319f36", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "72eed0db-aa5a-4677-899f-b56d01187c6e", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d351c523-45f7-405c-aa9e-eb4289dea021", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "90b76f4c-10ec-4530-a7c8-b3d488d8886d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "67e6c588-aea1-47c7-a34e-e04bf91df582", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "10213f53-5179-42f2-beb6-1364872d983d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "69e93c59-0239-4bc8-8d5f-d2c65c706f46", "match": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "control": "69e93c59-0239-4bc8-8d5f-d2c65c706f46", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "69e93c59-0239-4bc8-8d5f-d2c65c706f46", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "54802539-1d62-43c3-8f7e-8c7e03087812", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c2260bd5-161f-4fb9-8496-0de50c2c3440", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "c2260bd5-161f-4fb9-8496-0de50c2c3440", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e1211579-cdf4-4357-ba8a-3a5c46401837", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "9d4a3657-457f-4223-adfe-d0b2df91ffc3", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "9d4a3657-457f-4223-adfe-d0b2df91ffc3", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "508b0a74-cd81-4a65-b2c1-bb4c193adc53", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "9368a916-1fac-4dd2-b621-751ef4483a72", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "14555491-0f15-428b-9ecd-836c6307675c", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "14555491-0f15-428b-9ecd-836c6307675c", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "14555491-0f15-428b-9ecd-836c6307675c", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "70ccf1af-4cad-443a-9dcd-9b49c4b6aec8", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "50272033-eb78-4309-84e0-303320d75b87", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "50272033-eb78-4309-84e0-303320d75b87", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "50272033-eb78-4309-84e0-303320d75b87", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "cc087e48-874b-4953-adcc-96fac3f19306", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "cc087e48-874b-4953-adcc-96fac3f19306", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "5b92c7ee-202b-4de8-983c-74937b86b48f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ee9525ea-a06f-4862-b6c8-c09fa266ea38", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "dc814dd1-359d-4245-839c-5a1cdd6e1bad", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "f7c64768-dc70-4e4d-b121-58f41bfde7c6", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "f7c64768-dc70-4e4d-b121-58f41bfde7c6", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "f7c64768-dc70-4e4d-b121-58f41bfde7c6", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "06679cfa-1bfd-436a-b99d-698fb275dfdb", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "06679cfa-1bfd-436a-b99d-698fb275dfdb", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "06679cfa-1bfd-436a-b99d-698fb275dfdb", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "e8ed7158-ffc1-44a4-8673-80286ad97b36", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "e8ed7158-ffc1-44a4-8673-80286ad97b36", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "990ee3a7-3044-4c8f-8387-946a7a9aba76", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "6d3fbb99-fa7d-4c65-9c5f-928044a5840f", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "5cf67afa-7a43-4dd4-b1db-dd28862a689c", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "51e4fd6c-0aa8-4604-b13d-bf74c9706922", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "51e4fd6c-0aa8-4604-b13d-bf74c9706922", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "9dda0a30-be3d-4752-867d-bf9570971c52", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "9dda0a30-be3d-4752-867d-bf9570971c52", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "9dda0a30-be3d-4752-867d-bf9570971c52", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "6448f036-bdb2-4f21-8e30-0acf8073215d", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "6448f036-bdb2-4f21-8e30-0acf8073215d", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "6448f036-bdb2-4f21-8e30-0acf8073215d", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "de6195c6-1fc1-423a-a748-785653c9324f", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "de6195c6-1fc1-423a-a748-785653c9324f", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "de6195c6-1fc1-423a-a748-785653c9324f", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "aead24db-a196-4daf-a099-60b1d1991d70", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "aead24db-a196-4daf-a099-60b1d1991d70", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "aead24db-a196-4daf-a099-60b1d1991d70", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "53ae3aa9-d88e-4f55-a040-375cfe348c48", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "53ae3aa9-d88e-4f55-a040-375cfe348c48", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "244cbc08-55d5-46ea-ba28-aec72f16b337", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "244cbc08-55d5-46ea-ba28-aec72f16b337", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "2fd70998-9247-4efd-923d-276f5c76b3b9", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "b3523d09-add6-4b33-aa3e-6f780d83a9d6", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "8047a1c6-e890-4817-982d-04fcdc2820a2", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "8047a1c6-e890-4817-982d-04fcdc2820a2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7f388f12-77ec-47bf-b816-79cb42086b09", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "7f388f12-77ec-47bf-b816-79cb42086b09", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5b9bdfcc-3150-4c4a-8b08-386d9a829585", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "293ebc1c-0452-41f8-ab14-101846241a47", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "898d7024-6d3f-4d9a-868f-34ea1e451801", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "08327040-541f-40b4-a1cc-815d9298afe0", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d5a60a37-684d-4b4b-b8a2-7d03814ff70d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ecefd9da-a07c-41c2-9397-017e878bdb67", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "44b2a62a-6bc7-4474-b618-f1bc15e9798f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ec1457b8-d116-45a4-8c61-5b8ddba8a2b9", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "b395f91d-24a4-4720-8534-3b491bb41002", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "b395f91d-24a4-4720-8534-3b491bb41002", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e1219fd8-9db2-4297-99da-63be2b433aa8", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "e1219fd8-9db2-4297-99da-63be2b433aa8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e25168b6-fb5b-4ae7-a14c-6afc86246348", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "ab16520f-0c45-404d-8852-df2722a96412", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "8e3958aa-59c3-4c3e-9cf0-1283d783ec46", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "8e3958aa-59c3-4c3e-9cf0-1283d783ec46", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3585bbce-5c3b-4a2a-8a53-5c4af9467365", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "41ad2d98-3dc5-4167-a8cf-869b3b53c495", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d7d3d288-cd67-40ea-871a-4aa256262dbf", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a43a957c-c1ce-462f-87b8-bcb962a26991", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9c603ddb-5850-42a9-85bd-641667182bed", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "9c603ddb-5850-42a9-85bd-641667182bed", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "54ca56bb-3a0e-47b9-8cdb-b28976481e54", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "54ca56bb-3a0e-47b9-8cdb-b28976481e54", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e2aa9575-d1f9-440c-a3ae-72f79489dd3c", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ce8a976a-536a-44ea-bb8b-bcf28a6931c8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "15f0293a-cef3-4c58-a6cf-725f0ea044c5", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7f02ee88-5118-467b-bffc-c6176276db0a", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "7f02ee88-5118-467b-bffc-c6176276db0a", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "7f02ee88-5118-467b-bffc-c6176276db0a", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a6ae4db0-5f77-4e60-ae47-fa721623bcdb", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "22faa4a0-2027-4150-8176-c77e84e3f03d", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "4d28a85e-20d2-4186-995e-de48a90eebb4", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "4d28a85e-20d2-4186-995e-de48a90eebb4", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "4d28a85e-20d2-4186-995e-de48a90eebb4", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "db5781c8-b759-47de-9862-27b2d3c2b568", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "db5781c8-b759-47de-9862-27b2d3c2b568", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "012149b7-7c59-4220-83bf-d6879a886f20", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "012149b7-7c59-4220-83bf-d6879a886f20", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "012149b7-7c59-4220-83bf-d6879a886f20", "match": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "control": "54db3434-c9cc-4a09-90a0-7e94aa29ae61", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "54db3434-c9cc-4a09-90a0-7e94aa29ae61", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "4b7824ea-dc4e-4938-9ebd-36b865f88585", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "8a174f26-95ff-41dd-8042-039189065395", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "8a174f26-95ff-41dd-8042-039189065395", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9e62441a-c6d5-4707-a835-6230dc5b0d53", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "f19db716-460e-44f8-a2d2-304cbbe54b73", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "f19db716-460e-44f8-a2d2-304cbbe54b73", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e54190a1-12f2-46d1-b36b-0e7b49b85e43", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a6a327ee-3850-4c6c-8828-03cbe4ac83df", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d32c4960-9581-4717-9a02-690d61709153", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "6fd6cc79-208a-4f2c-8a05-9adae75fd255", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "6fd6cc79-208a-4f2c-8a05-9adae75fd255", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "650ec6f8-fbad-4fe7-a0db-62d3861a5372", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "650ec6f8-fbad-4fe7-a0db-62d3861a5372", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "650ec6f8-fbad-4fe7-a0db-62d3861a5372", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "95f027c8-c84f-474f-bd23-872f96e00dc9", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "95f027c8-c84f-474f-bd23-872f96e00dc9", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "bf85f2a4-2b80-4ae9-b4b5-5c2084c04061", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "7277cac1-5813-4356-b108-72fe5263f8c3", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "09932f73-e48b-4d2b-bced-733f4039902e", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "6726eb21-52f9-4922-a1d6-50c098ddba74", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "d44c41d6-5fa9-4fac-9751-a8236a103c35", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "c2f67a16-dc82-4d43-a71b-63e2143f9b73", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "a35f7748-5868-46cd-9dea-b4e87fde8311", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "a35f7748-5868-46cd-9dea-b4e87fde8311", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "15dfbe37-4a2d-4df7-b00c-f558524b561c", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "fa2d6a81-6a4e-41c7-91da-9024f91a7685", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "8cf0e5df-fb43-4dd0-a65e-d635d5902ffc", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "2fd75399-324e-40ed-9a82-80089816f398", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "039e5e9e-19cf-436b-b4fd-d0cfa4547110", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "bf1d6c37-e1e1-4c78-8055-79a364219193", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "bf1d6c37-e1e1-4c78-8055-79a364219193", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "bf1d6c37-e1e1-4c78-8055-79a364219193", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "bca47b93-453b-47d8-8527-16c4fdd8f6e5", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "bca47b93-453b-47d8-8527-16c4fdd8f6e5", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5c1413f5-14f3-48bc-b371-5fda85e52cb8", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "5c1413f5-14f3-48bc-b371-5fda85e52cb8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" } ], "version": 1 } 2021-10-12T14:56:46.247670+00:00 https://objects.monarc.lu/object/get/34 2023-03-31T19:15:40.020802+00:00 MONARC { "label": "NIS security measures - ISO/IEC 27002", "refs": [ "https://www.enisa.europa.eu/topics/nis-directive/minimum-security-measures-for-operators-of-essentials-services" ], "security referentials UUID": [ "3f4a2a67-a1f9-46e1-8d71-7f6486217bb7", "98ca84fb-db87-11e8-ac77-0800279aaa2b" ], "uuid": "f461053a-ab34-42a6-80cd-83a140b06de1", "values": [ { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "7d1e4532-ddb1-408c-8a9d-ffed0cef3821", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "f5f8ef4a-25f2-4169-b279-424081fc6125", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "f5f8ef4a-25f2-4169-b279-424081fc6125", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "efcb645f-ca20-484d-a3b7-6ef98db907ff", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "efcb645f-ca20-484d-a3b7-6ef98db907ff", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "fd44edba-005b-447c-8612-c0a92cbb0ec6", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "fd44edba-005b-447c-8612-c0a92cbb0ec6", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "7374508b-6114-4219-8834-7b87117fcbf9", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "7374508b-6114-4219-8834-7b87117fcbf9", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "8ead422e-2d73-48e8-82f9-b82fe363d072", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "7374508b-6114-4219-8834-7b87117fcbf9", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "f87f15fe-0170-4164-90de-091d9519d140", "match": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1 } 2021-10-12T15:01:35.953599+00:00 https://objects.monarc.lu/object/get/5214 2023-03-31T19:15:40.020522+00:00 ILNAS-OLAS { "authors": [ "L\u00e9on TREFF" ], "label": "ILNAS 107", "language": "FR", "refs": "https://ilnas.services-publics.lu/ecnor/displayStandard.action?id=222513", "uuid": "c81cfb5e-0786-4778-95c7-44c33b5177de", "values": [ { "category": "Mesures", "code": "L.5.2.2", "label": "R\u00f4les et responsabilit\u00e9s", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "00dfdbd6-6ff9-4763-b39d-e4195843a582" }, { "category": "Mesures", "code": "L.5.2.8", "label": "Protection des donn\u00e9es", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "4658beef-31ed-4529-92f4-763c7ea699c8" }, { "category": "Mesures", "code": "L.5.2.1", "label": "Disponibilit\u00e9 et int\u00e9grit\u00e9 de la documentation relative aux actifs de support", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "4ed219b4-aa8f-4196-a2f9-b5eab0f2252c" }, { "category": "Mesures", "code": "L.5.2.6", "label": "Conditions environnementales", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "798e1bcb-159b-4808-ac29-4abcf32405d2" }, { "category": "Mesures", "code": "L.5.2.9", "label": "Transfert de l'information", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "7f9deeca-75c3-4012-ab81-4254ca6cc0ce" }, { "category": "Mesures", "code": "L.5.2.10", "label": "Continuit\u00e9 des activit\u00e9s", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "9a14a2a0-5855-4ca2-84b9-9af909f0083a" }, { "category": "Mesures", "code": "L.5.2.7", "label": "Stockage des actifs de support", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "9bb10d1d-ad23-48da-837e-ccea19ae6533" }, { "category": "Mesures", "code": "L.5.2.5", "label": "Sauvegarde des actifs de support", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "9e43828d-61d7-4ab7-a606-0b79619a832d" }, { "category": "Mesures", "code": "L.5.2.11", "label": "Conformit\u00e9 des fournisseurs", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "c53a1246-3c60-4470-94df-b17c27058e82" }, { "category": "Mesures", "code": "L.5.2.3", "label": "Gestion des changements", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "ecd468f3-9de5-4123-86ef-2c6d92fdad39" }, { "category": "Mesures", "code": "L.5.2.4", "label": "Gestion des acc\u00e8s", "referential": "c81cfb5e-0786-4778-95c7-44c33b5177de", "referential_label": "ILNAS 107", "uuid": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a" } ], "version": 1, "version_ext": "2020" } 2021-10-12T15:01:35.953612+00:00 https://objects.monarc.lu/object/get/5215 2023-03-31T19:15:40.019528+00:00 ILNAS-OLAS { "label": "ILNAS 107 - ISO/IEC 27002", "refs": [ "" ], "security referentials UUID": [ "c81cfb5e-0786-4778-95c7-44c33b5177de", "98ca84fb-db87-11e8-ac77-0800279aaa2b" ], "uuid": "12708347-a1c6-4c4b-aaa5-05544fbb4c8e", "values": [ { "control": "00dfdbd6-6ff9-4763-b39d-e4195843a582", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "c53a1246-3c60-4470-94df-b17c27058e82", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "c53a1246-3c60-4470-94df-b17c27058e82", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "798e1bcb-159b-4808-ac29-4abcf32405d2", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "4ed219b4-aa8f-4196-a2f9-b5eab0f2252c", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "9a14a2a0-5855-4ca2-84b9-9af909f0083a", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "ecd468f3-9de5-4123-86ef-2c6d92fdad39", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "9e43828d-61d7-4ab7-a606-0b79619a832d", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "ecd468f3-9de5-4123-86ef-2c6d92fdad39", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "9bb10d1d-ad23-48da-837e-ccea19ae6533", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "9bb10d1d-ad23-48da-837e-ccea19ae6533", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "ecd468f3-9de5-4123-86ef-2c6d92fdad39", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "9a14a2a0-5855-4ca2-84b9-9af909f0083a", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "9a14a2a0-5855-4ca2-84b9-9af909f0083a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "9a14a2a0-5855-4ca2-84b9-9af909f0083a", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "4658beef-31ed-4529-92f4-763c7ea699c8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7f9deeca-75c3-4012-ab81-4254ca6cc0ce", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "f22c39eb-7a90-4e01-945d-a9c9ad2b148a", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "9a14a2a0-5855-4ca2-84b9-9af909f0083a", "match": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 0 } 2021-10-12T15:01:35.953619+00:00 https://objects.monarc.lu/object/get/38 2023-03-31T19:15:40.018551+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "ISO/IEC 27002 [2013]", "language": "DE", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Informationssicherheitspolitik", "code": "5.1.1", "label": "Informationssicherheitsrichtlinien", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitspolitik", "code": "5.1.2", "label": "\u00dcberpr\u00fcfung der Informationssicherheitsrichtlinien", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.2.1", "label": "Verantwortlichkeiten der Leitung", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.1", "label": "Informationssicherheitsrollen und -verantwortlichkeiten", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.4", "label": "Vertraulichkeits- oder Geheimhaltungsvereinbarungen", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.3", "label": "Kontakt mit Beh\u00f6rden", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.4", "label": "Kontakt mit speziellen Interessensgruppen", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.2.1", "label": "Unabh\u00e4ngige \u00dcberpr\u00fcfung der Informationssicherheit", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.1.1", "label": "Informationssicherheitsrichtlinie f\u00fcr Lieferantenbeziehungen", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.1.2", "label": "Behandlung von Sicherheit in Lieferantenvereinbarungen", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.1", "label": "Inventarisierung der Werte", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.2", "label": "Zust\u00e4ndigkeit f\u00fcr Werte", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.3", "label": "Zul\u00e4ssiger Gebrauch von Werten", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.2.1", "label": "Klassifizierung von Information", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.2.2", "label": "Kennzeichnung von Information", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.1.1", "label": "Sicherheits\u00fcberpr\u00fcfung", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.1.2", "label": "Besch\u00e4ftigungs- und Vertragsbedingungen", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.2.2", "label": "Informationssicherheitsbewusstsein, -ausbildung und -schulung", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.2.3", "label": "Ma\u00dfregelungsprozess", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.3.1", "label": "Verantwortlichkeiten bei Beendigung oder \u00c4nderung der Besch\u00e4ftigung", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.4", "label": "R\u00fcckgabe von Werten", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.6", "label": "Entzug oder Anpassung von Zugangsrechten", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.1", "label": "Physische Sicherheitsperimeter", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.2", "label": "Physische Zutrittssteuerung", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.3", "label": "Sichern von B\u00fcros, R\u00e4umen und Einrichtungen", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.4", "label": "Schutz vor externen und umweltbedingten Bedrohungen", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.5", "label": "Arbeiten in Sicherheitsbereichen", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.6", "label": "Anlieferungs- und Ladebereiche", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.1", "label": "Platzierung und Schutz von Ger\u00e4ten und Betriebsmitteln", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.2", "label": "Versorgungseinrichtungen", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.3", "label": "Sicherheit der Verkabelung", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.4", "label": "Instandhaltung von Ger\u00e4ten und Betriebsmitteln", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.6", "label": "Sicherheit von Ger\u00e4ten, Betriebsmitteln und Werten au\u00dferhalb der R\u00e4umlichkeiten", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.7", "label": "Sichere Entsorgung oder Wiederverwendung von Ger\u00e4ten und Betriebsmitteln", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.5", "label": "Entfernen von Werten", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.1", "label": "Dokumentierte Betriebsabl\u00e4ufe", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.2", "label": "\u00c4nderungssteuerung", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.2", "label": "Aufgabentrennung", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.4", "label": "Trennung von Entwicklungs-, Test- und Betriebsumgebungen", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.2.1", "label": "\u00dcberwachung und \u00dcberpr\u00fcfung von Lieferantendienstleistungen", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.2.2", "label": "Handhabung der \u00c4nderungen von Lieferantendienstleistungen", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.3", "label": "Kapazit\u00e4tssteuerung", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.9", "label": "Systemabnahmetest", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.2.1", "label": "Ma\u00dfnahmen gegen Schadsoftware", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.3.1", "label": "Sicherung von Information", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.1.1", "label": "Netzwerksteuerungsma\u00dfnahmen", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.1.2", "label": "Sicherheit von Netzwerkdiensten", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.3.1", "label": "Handhabung von Wechseldatentr\u00e4gern", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.3.2", "label": "Entsorgung von Datentr\u00e4gern", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.1", "label": "Richtlinien und Verfahren f\u00fcr die Informations\u00fcbertragung", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.2", "label": "Vereinbarungen zur Informations\u00fcbertragung", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.3.3", "label": "Transport von Datentr\u00e4gern", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.3", "label": "Elektronische Nachrichten\u00fcbermittlung", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.1.2", "label": "Sicherung von Anwendungsdiensten in \u00f6ffentlichen Netzwerken", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.1.3", "label": "Schutz der Transaktionen bei Anwendungsdiensten", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.1", "label": "Ereignisprotokollierung", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.2", "label": "Schutz der Protokollinformation", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.3", "label": "Administratoren- und Bedienerprotokolle", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.4", "label": "Uhrensynchronisation", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.1.1", "label": "Zugangssteuerungsrichtlinie", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.3", "label": "Verwaltung privilegierter Zugangsrechte", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.4", "label": "Verwaltung geheimer Authentisierungsinformation von Benutzern", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.5", "label": "\u00dcberpr\u00fcfung von Benutzerzugangsrechten", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.3.1", "label": "Gebrauch geheimer Authentisierungsinformation", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.8", "label": "Unbeaufsichtigte Benutzerger\u00e4te", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.9", "label": "Richtlinien f\u00fcr eine aufger\u00e4umte Arbeitsumgebung und Bildschirmsperren", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.1.2", "label": "Zugang zu Netzwerken und Netzwerkdiensten", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.1.3", "label": "Trennung in Netzwerken", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.1", "label": "Registrierung und Deregistrierung von Benutzern", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.3", "label": "System zur Verwaltung von Kennw\u00f6rtern", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.4", "label": "Gebrauch von Hilfsprogrammen mit privilegierten Rechten", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.2", "label": "Sichere Anmeldeverfahren", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.1", "label": "Informationszugangsbeschr\u00e4nkung", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.2.1", "label": "Richtlinie zu Mobilger\u00e4ten", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.2.2", "label": "Telearbeit", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.1.1", "label": "Analyse und Spezifikation von Informationssicherheitsanforderungen", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "Kryptografie", "code": "10.1.1", "label": "Richtlinie zum Gebrauch von kryptographischen Ma\u00dfnahmen", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Kryptografie", "code": "10.1.2", "label": "Schl\u00fcsselverwaltung", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.5.1", "label": "Installation von Software auf Systemen im Betrieb", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.3.1", "label": "Schutz von Testdaten", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.5", "label": "Zugangssteuerung f\u00fcr Quellcode von Programmen", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.2", "label": "Verfahren zur Verwaltung von System\u00e4nderungen", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.3", "label": "Technische \u00dcberpr\u00fcfung von Anwendungen nach \u00c4nderungen an der Betriebsplattform", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.4", "label": "Beschr\u00e4nkung von \u00c4nderungen an Softwarepaketen", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.7", "label": "Ausgegliederte Entwicklung", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.6.1", "label": "Handhabung von technischen Schwachstellen", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.2", "label": "Meldung von Informationssicherheitsereignissen", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.3", "label": "Meldung von Schw\u00e4chen in der Informationssicherheit", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.1", "label": "Verantwortlichkeiten und Verfahren", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.6", "label": "Erkenntnisse aus Informationssicherheitsvorf\u00e4llen", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.7", "label": "Sammeln von Beweismaterial", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.5", "label": "Grunds\u00e4tze f\u00fcr die Analyse, Entwicklung und Pflege sicherer Systeme", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.1.1", "label": "Planung zur Aufrechterhaltung der Informationssicherheit", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.1.2", "label": "Umsetzung der Aufrechterhaltung der Informationssicherheit", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.1.3", "label": "\u00dcberpr\u00fcfen und Bewerten der Aufrechterhaltung der Informationssicherheit", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.1", "label": "Bestimmung der anwendbaren Gesetzgebung und der vertraglichen Anforderungen", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.2", "label": "Geistige Eigentumsrechte", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.3", "label": "Schutz von Aufzeichnungen", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.4", "label": "Privatsph\u00e4re und Schutz von personenbezogener Information", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.5", "label": "Regelungen bez\u00fcglich kryptographischer Ma\u00dfnahmen", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.2.2", "label": "Einhaltung von Sicherheitsrichtlinien und -standards", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.2.3", "label": "\u00dcberpr\u00fcfung der Einhaltung von technischen Vorgaben", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.7.1", "label": "Ma\u00dfnahmen f\u00fcr Audits von Informationssystemen", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.5", "label": "Informationssicherheit im Projektmanagement", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.2.3", "label": "Handhabung von Werten", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.2", "label": "Zuteilung von Benutzerzug\u00e4ngen", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.8", "label": "Testen der Systemsicherheit", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.6", "label": "Sichere Entwicklungsumgebung", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.1", "label": "Richtlinie f\u00fcr sichere Entwicklung", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.6.2", "label": "Einschr\u00e4nkungen von Softwareinstallation", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.1.3", "label": "Lieferkette f\u00fcr Informations- und Kommunikationstechnologie", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.4", "label": "Beurteilung von und Entscheidung \u00fcber Informationssicherheitsereignisse", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.5", "label": "Reaktion auf Informationssicherheitsvorf\u00e4lle", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.2.1", "label": "Verf\u00fcgbarkeit von informationsverarbeitenden Einrichtungen", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2022-02-21T11:40:26.844963+00:00 https://objects.monarc.lu/object/get/37 2023-03-31T19:15:40.017565+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "ISO/IEC 27002 [2013]", "language": "FR", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Politiques de s\u00e9curit\u00e9 de l'information", "code": "5.1.1", "label": "Politiques de s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Politiques de s\u00e9curit\u00e9 de l'information", "code": "5.1.2", "label": "Revue des politiques de s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.1", "label": "Responsabilit\u00e9s de la direction", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.1", "label": "Fonctions et responsabilit\u00e9s li\u00e9es \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.4", "label": "Engagements de confidentialit\u00e9 ou de non-divulgation", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.3", "label": "Relations avec les autorit\u00e9s", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.4", "label": "Relations avec des groupes de travail sp\u00e9cialis\u00e9s", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.2.1", "label": "Revue ind\u00e9pendante de la s\u00e9curit\u00e9 de l'information", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.1.1", "label": "Politique de s\u00e9curit\u00e9 de l\u2019information dans les relations avec les fournisseurs", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.1.2", "label": "La s\u00e9curit\u00e9 dans les accords conclus avec les fournisseurs", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.1", "label": "Inventaire des actifs", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.2", "label": "Propri\u00e9t\u00e9 des actifs", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.3", "label": "Utilisation correcte des actifs", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.2.1", "label": "Classification des informations", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.2.2", "label": "Marquage des informations", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.1.1", "label": "S\u00e9lection des candidats", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.1.2", "label": "Termes et conditions d'embauche", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.2", "label": "Sensibilisation, qualification et formations en mati\u00e8re de s\u00e9curit\u00e9 de l'information", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.3", "label": "Processus disciplinaire", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.3.1", "label": "Ach\u00e8vement ou modification des responsabilit\u00e9s associ\u00e9es au contrat de travail", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.4", "label": "Restitution des actifs", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.6", "label": "Suppression ou adaptation des droits d\u2019acc\u00e8s", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.1", "label": "P\u00e9rim\u00e8tre de s\u00e9curit\u00e9 physique", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.2", "label": "Contr\u00f4les physiques des acc\u00e8s", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.3", "label": "S\u00e9curisation des bureaux, des salles et des \u00e9quipements", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.4", "label": "Protection contre les menaces ext\u00e9rieures et environnementales", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.5", "label": "Travail dans les zones s\u00e9curis\u00e9es", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.6", "label": "Zones de livraison et de chargement", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.1", "label": "Emplacement et protection du mat\u00e9riel", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.2", "label": "Services g\u00e9n\u00e9raux", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.3", "label": "S\u00e9curit\u00e9 du c\u00e2blage", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.4", "label": "Maintenance du mat\u00e9riel", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.6", "label": "S\u00e9curit\u00e9 du mat\u00e9riel et des actifs hors des locaux", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.7", "label": "Mise au rebut ou recyclage s\u00e9curis\u00e9(e) du mat\u00e9riel", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.5", "label": "Sortie des actifs", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.1", "label": "Proc\u00e9dures d\u2019exploitation document\u00e9es", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.2", "label": "Gestion des changements", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.2", "label": "S\u00e9paration des t\u00e2ches", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.4", "label": "S\u00e9paration des environnements de d\u00e9veloppement, de test et d\u2019exploitation", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.2.1", "label": "Surveillance et revue des services des fournisseurs", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.2.2", "label": "Gestion des changements apport\u00e9s dans les services des fournisseurs", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.3", "label": "Dimensionnement", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.9", "label": "Test de conformit\u00e9 du syst\u00e8me", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.2.1", "label": "Mesures contre les logiciels malveillants", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.3.1", "label": "Sauvegarde des informations", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.1.1", "label": "Contr\u00f4le des r\u00e9seaux", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.1.2", "label": "S\u00e9curit\u00e9 des services de r\u00e9seau", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.3.1", "label": "Gestion des supports amovibles", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.3.2", "label": "Mise au rebut des supports", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.1", "label": "Politiques et proc\u00e9dures de transfert de l\u2019information", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.2", "label": "Accords en mati\u00e8re de transfert d\u2019information", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.3.3", "label": "Transfert physique des supports", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.3", "label": "Messagerie \u00e9lectronique", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.2", "label": "S\u00e9curisation des services d\u2019application sur les r\u00e9seaux publics", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.3", "label": "Protection des transactions li\u00e9es aux services d\u2019application", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.1", "label": "Journalisation des \u00e9v\u00e9nements", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.2", "label": "Protection de l\u2019information journalis\u00e9e", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.3", "label": "Journaux administrateur et op\u00e9rateur", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.4", "label": "Synchronisation des horloges", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.1.1", "label": "Politique de contr\u00f4le d\u2019acc\u00e8s", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.3", "label": "Gestion des privil\u00e8ges d\u2019acc\u00e8s", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.4", "label": "Gestion des informations secr\u00e8tes d\u2019authentification des utilisateurs", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.5", "label": "Revue des droits d\u2019acc\u00e8s utilisateur", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.3.1", "label": "Utilisation d\u2019informations secr\u00e8tes d\u2019authentification", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.8", "label": "Mat\u00e9riel utilisateur laiss\u00e9 sans surveillance", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.9", "label": "Politique du bureau propre et de l\u2019\u00e9cran vide", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.1.2", "label": "Acc\u00e8s aux r\u00e9seaux et aux services en r\u00e9seau", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.1.3", "label": "Cloisonnement des r\u00e9seaux", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.1", "label": "Enregistrement et d\u00e9sinscription des utilisateurs", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.3", "label": "Syst\u00e8me de gestion des mots de passe", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.4", "label": "Utilisation de programmes utilitaires \u00e0 privil\u00e8ges", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.2", "label": "S\u00e9curiser les proc\u00e9dures de connexion", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.1", "label": "Restriction d\u2019acc\u00e8s \u00e0 l\u2019information", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.2.1", "label": "Politique en mati\u00e8re d'appareils mobiles", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.2.2", "label": "T\u00e9l\u00e9travail", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.1", "label": "Analyse et sp\u00e9cification des exigences de s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptographie", "code": "10.1.1", "label": "Politique d\u2019utilisation des mesures cryptographiques", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptographie", "code": "10.1.2", "label": "Gestion des cl\u00e9s", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.5.1", "label": "Installation de logiciels sur des syst\u00e8mes en exploitation", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.3.1", "label": "Protection des donn\u00e9es de test", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.5", "label": "Contr\u00f4le d\u2019acc\u00e8s au code source des programmes", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.2", "label": "Proc\u00e9dures de contr\u00f4le des changements apport\u00e9s au syst\u00e8me", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.3", "label": "Revue technique des applications apr\u00e8s changement apport\u00e9 \u00e0 la plateforme d\u2019exploitation", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.4", "label": "Restrictions relatives aux changements apport\u00e9s aux progiciels", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.7", "label": "D\u00e9veloppement externalis\u00e9", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.6.1", "label": "Gestion des vuln\u00e9rabilit\u00e9s techniques", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.2", "label": "Signalement des \u00e9v\u00e9nements li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.3", "label": "Signalement des failles li\u00e9es \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.1", "label": "Responsabilit\u00e9s et proc\u00e9dures", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.6", "label": "Tirer des enseignements des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.7", "label": "Recueil de preuves", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.5", "label": "Principes d\u2019ing\u00e9nierie de la s\u00e9curit\u00e9 des syst\u00e8mes", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.1.1", "label": "Organisation de la continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.1.2", "label": "Mise en oeuvre de la continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.1.3", "label": "V\u00e9rifier, revoir et \u00e9valuer la continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.1", "label": "Identification de la l\u00e9gislation et des exigences contractuelles applicables", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.2", "label": "Droits de propri\u00e9t\u00e9 intellectuelle", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.3", "label": "Protection des enregistrements", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.4", "label": "Protection de la vie priv\u00e9e et protection des donn\u00e9es \u00e0 caract\u00e8re personnel", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.5", "label": "R\u00e9glementation relative aux mesures cryptographiques", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.2.2", "label": "Conformit\u00e9 avec les politiques et les normes de s\u00e9curit\u00e9", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.2.3", "label": "Examen de la conformit\u00e9 technique", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.7.1", "label": "Mesures relatives \u00e0 l\u2019audit des syst\u00e8mes d\u2019information", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.5", "label": "La s\u00e9curit\u00e9 de l\u2019information dans la gestion de projet", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.2.3", "label": "Manipulation des actifs", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.2", "label": "Ma\u00eetrise de la gestion des acc\u00e8s utilisateur", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.8", "label": "Phase de test de la s\u00e9curit\u00e9 du syst\u00e8me", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.6", "label": "Environnement de d\u00e9veloppement s\u00e9curis\u00e9", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.1", "label": "Politique de d\u00e9veloppement s\u00e9curis\u00e9", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.6.2", "label": "Restrictions li\u00e9es \u00e0 l\u2019installation de logiciels", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.1.3", "label": "Chaine d\u2019approvisionnement informatique", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.4", "label": "Appr\u00e9ciation des \u00e9v\u00e9nements li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information et prise de d\u00e9cision", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.5", "label": "R\u00e9ponse aux incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.2.1", "label": "Disponibilit\u00e9 des moyens de traitement de l\u2019information", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2022-02-21T11:40:47.184025+00:00 https://objects.monarc.lu/object/get/39 2023-03-31T19:15:40.016546+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "ISO/IEC 27002 [2013]", "language": "NL", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Informatiebeveiligingsbeleid", "code": "5.1.1", "label": "Informatiebeveiligingsbeleidslijnen", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsbeleid", "code": "5.1.2", "label": "Beoordeling van de informatiebeveiligingsbeleidslijnen", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.2.1", "label": "Verantwoordelijkheden van de directie", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.1", "label": "Functies en verantwoordelijkheden i.v.m. informatiebeveiliging", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.4", "label": "Verplichtingen inzake vertrouwelijkheid en niet-verspreiding", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.3", "label": "Relaties met de overheden", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.4", "label": "Relaties met gespecialiseerde werkgroepen", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.2.1", "label": "Onafhankelijke beoordeling van de informatiebeveiligingsbeleidslijnen", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.1.1", "label": "Informatiebeveiligingsbeleid in de relaties met leveranciers", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.1.2", "label": "Veiligheid in de met leveranciers gesloten akkoorden", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.1", "label": "Inventaris van de activa", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.2", "label": "Eigendom van de activa", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.3", "label": "Correct gebruik van de activa", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.2.1", "label": "Classificatie van de informatie", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.2.2", "label": "Markering van de informatie", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.1.1", "label": "Selectie van de kandidaten", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.1.2", "label": "Rekruteringsvoorwaarden", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.2.2", "label": "Sensibilisering, kwalificatie en opleidingen inzake informatiebeveiliging", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.2.3", "label": "Disciplinair proces", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.3.1", "label": "Voltooiing of wijziging van de verantwoordelijkheden die samenhangen met het arbeidscontract", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.4", "label": "Teruggave van de activa", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.6", "label": "Opheffing of aanpassing van de toegangsrechten", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.1", "label": "Fysieke veiligheidsperimeter", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.2", "label": "Fysieke toegangscontroles", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.3", "label": "Beveiliging van de kantoren, de lokalen en de uitrustingen", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.4", "label": "Beveiliging tegen externe en milieubedreigingen", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.5", "label": "Werk in de beveiligde zones", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.6", "label": "Leverings- en laad- en loszones", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.1", "label": "Plaats en bescherming van de hardware", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.2", "label": "Algemene diensten", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.3", "label": "Veiligheid van de bekabeling", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.4", "label": "Onderhoud van de hardware", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.6", "label": "Veiligheid van de hardware en de activa buiten de bedrijfsruimten", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.7", "label": "Veilige afdanking of recyclage van de hardware", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.5", "label": "Afdanking van de activa", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.1", "label": "Gedocumenteerde exploitatieprocedures", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.2", "label": "Beheer van verandering (change management)", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.2", "label": "Scheiding van de taken", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.4", "label": "Scheiding van de ontwikkelings-, test- en exploitatieomgevingen", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.2.1", "label": "Toezicht op en beoordeling van de diensten van de leveranciers", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.2.2", "label": "Beheer van de wijzigingen aangebracht in de diensten van de leveranciers", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.3", "label": "Dimensionering", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.9", "label": "Systeemconformiteitstest", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.2.1", "label": "Maatregelen tegen malware", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.3.1", "label": "Back-up van de informatie", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.1.1", "label": "Controle van de netwerken", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.1.2", "label": "Veiligheid van de netwerkdiensten", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.3.1", "label": "Beheer van de draagbare informatiedragers", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.3.2", "label": "Afdanking van informatiedragers", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.1", "label": "Beleid en procedures op het vlak van informatiedoorgifte", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.2", "label": "Akkoorden op het vlak van informatiedoorgifte", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.3.3", "label": "Fysieke doorgifte van informatiedragers", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.3", "label": "E-mail", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.1.2", "label": "Beveiliging van de toepassingsdiensten op de openbare communicatienetwerken", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.1.3", "label": "Bescherming van de transacties i.v.m. de toepassingsdiensten", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.1", "label": "Loggen van evenementen", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.2", "label": "Beveiliging van de gelogde informatie", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.3", "label": "Administrator- en operatorlogboeken", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.4", "label": "Synchronisatie van de klokken", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.1.1", "label": "Toegangscontrolebeleid", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.3", "label": "Beheer van de toegangsrechten", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.4", "label": "Beheer van de geheime gebruikersauthenticatiegegevens", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.5", "label": "Beoordeling van de gebruikerstoegangsrechten", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.3.1", "label": "Gebruik van geheime authenticatiegegevens", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.8", "label": "Onbewaakt achtergelaten gebruikershardware", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.9", "label": "Clean desk- en leeg-schermbeleid", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.1.2", "label": "Toegang tot de netwerken en de netwerkdiensten", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.1.3", "label": "Scheiding van de netwerken", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.1", "label": "Registratie en uitschrijving van de gebruikers", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.3", "label": "Wachtwoordbeheerssysteem", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.4", "label": "Gebruik van utility-programma\u2019s met bevoegdheden", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.2", "label": "Beveiligen van de verbindingsprocedures", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.1", "label": "Beperking van de toegang tot de informatie", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.2.1", "label": "Beleid inzake mobiele toestellen", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.2.2", "label": "Telewerk", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.1.1", "label": "Analyse en specificatie van de eisen inzake informatiebeveiliging", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptografie", "code": "10.1.1", "label": "Beleid inzake het gebruik van cryptografische maatregelen", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptografie", "code": "10.1.2", "label": "Beheer van de sleutels", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.5.1", "label": "Installatie van software op werkende systemen", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.3.1", "label": "Beveiliging van de testgegevens", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.5", "label": "Controle van de toegang tot de broncode van de programma\u2019s", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.2", "label": "Procedures voor de controle van de aan het systeem aangebrachte wijzigingen", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.3", "label": "Technische beoordeling van de toepassingen na het aanbrengen van wijzigingen aan het besturingsplatform", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.4", "label": "Beperkingen op het vlak van het aanbrengen van wijzigingen aan softwarepakketten.", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.7", "label": "Geoutsourcete ontwikkeling ", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.6.1", "label": "Beheer van de technische kwetsbaarheden", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.2", "label": "Signalering van de gebeurtenissen i.v.m. informatiebeveiliging", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.3", "label": "Signalering van fouten i.v.m. informatiebeveiliging", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.1", "label": "Verantwoordelijkheden en procedures", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.6", "label": "Lessen trekken uit incidenten i.v.m. informatiebeveiliging", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.7", "label": "Verzameling van bewijzen", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.5", "label": "Engineeringbeginselen van systeembeveiliging", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.1.1", "label": "Organisatie van de continu\u00efteit van de informatiebeveiliging", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.1.2", "label": "Implementatie van de continu\u00efteit van de informatiebeveiliging", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.1.3", "label": "Verifi\u00ebren, herzien en evalueren van de continu\u00efteit van de informatiebeveiliging", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.1", "label": "Identificatie van de wetgeving en de geldende contractuele eisen", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.2", "label": "Intellectuele eigendomsrechten", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.3", "label": "Bescherming van de opnamen", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.4", "label": "Bescherming van het priv\u00e9leven en bescherming van persoonlijke gegevens", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.5", "label": "Voorschriften op het vlak van cryptografische maatregelen", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.2.2", "label": "Conformiteit met het veiligheidsbeleid en de veiligheidsnormen", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.2.3", "label": "Onderzoek van de technische conformiteit", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.7.1", "label": "Maatregelen betreffende de audit van de informatiesystemen", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.5", "label": "Informatiebeveiliging in projectmanagement", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.2.3", "label": "Manipulatie van de activa", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.2", "label": "Beheersing van het gebruikerstoegangsbeheer", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.8", "label": "Testfase van systeembeveiliging", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.6", "label": "Beveiligde ontwikkelingsomgeving", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.1", "label": "Beveiligd ontwikkelingsbeleid", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.6.2", "label": "Beperkingen inzake de installatie van software", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.1.3", "label": "IT-bevoorradingsketen", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.4", "label": "Beoordeling van de gebeurtenissen i.v.m. informatiebeveiliging en besluitvorming", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.5", "label": "Reactie op incidenten i.v.m. informatiebeveiliging", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.2.1", "label": "Beschikbaarheid van de informatieverwerkingsmiddelen", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2022-02-21T11:41:18.995587+00:00 https://objects.monarc.lu/object/get/28 2023-03-31T19:15:40.015615+00:00 MONARC { "label": "ISO/IEC 27002 [2013]", "language": "EN", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Information security policies", "code": "5.1.1", "label": "Policies for information security", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security policies", "code": "5.1.2", "label": "Review of the policies for information security", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.1", "label": "Information security roles and responsibilities", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.2", "label": "Segregation of duties", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.3", "label": "Contact with authorities", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.4", "label": "Contact with special interest groups", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.5", "label": "Information Security in Project Management", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.2.1", "label": "Mobile device policy", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.2.2", "label": "Teleworking", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.1.1", "label": "Screening", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.1.2", "label": "Terms and conditions of employment", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.2.1", "label": "Management responsibilities", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.2.2", "label": "Information security awareness, education and training", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.2.3", "label": "Disciplinary process", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.3.1", "label": "Termination or change of employment responsibilities", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.1", "label": "Inventory of Assets", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.2", "label": "Ownership of assets", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.3", "label": "Acceptable use of assets", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.4", "label": "Return of assets", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.2.1", "label": "Classification guidelines", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.2.2", "label": "Labelling of information", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.2.3", "label": "Handling of assets", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.3.1", "label": "Management of removeable media", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.3.2", "label": "Disposal of media", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.3.3", "label": "Physical Media transfer", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.1.1", "label": "Access control policy", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.1.2", "label": "Access to networks and network services", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.1", "label": "User registration and deregistration", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.2", "label": "User access provisioning", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.3", "label": "Management of privileged access rights", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.4", "label": "Management of secret authentication information of users", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.5", "label": "Review of user access rights", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.6", "label": "Removal or adjustment of access rights", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.3.1", "label": "Use of secret authentication information", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.1", "label": "Information access restriction", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.2", "label": "Secure log-on procedures", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.3", "label": "Password management system", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.4", "label": "Use of privileged utility programs", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.5", "label": "Access control to program source code", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptography", "code": "10.1.1", "label": "Policy on the use of cryptographic controls", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptography", "code": "10.1.2", "label": "Key management", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.1", "label": "Physical security perimeter", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.2", "label": "Physical entry controls", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.3", "label": "Securing offices, rooms and facilities", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.4", "label": "Protecting against external and environmental attacks", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.5", "label": "Working in secure areas", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.6", "label": "Delivery and loading areas", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.1", "label": "Equipment siting and protection", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.2", "label": "Supporting utilities", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.3", "label": "Cabling Security", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.4", "label": "Equipment maintenance", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.5", "label": "Security of equipment off-premises", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.6", "label": "Security of equipment and assets off-premises", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.7", "label": "Secure disposal or re-use of equipment", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.8", "label": "Unattended user equipment", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.9", "label": "Clear desk and clear screen policy", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.1", "label": "Documented operating procedures", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.2", "label": "Change management", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.3", "label": "Capacity management", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.4", "label": "Separation of development, testing and operational environments", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.2.1", "label": "Controls against malicious code", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.3.1", "label": "Information Backup", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.1", "label": "Event logging", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.2", "label": "Protection of log information", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.3", "label": "Administrator and operator logs", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.4", "label": "Clock synchronisation", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.5.1", "label": "Installation of software on operational systems", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.6.1", "label": "Management of technical vulnerabilities", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.6.2", "label": "Restrictions on software installation", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.7.1", "label": "Information systems audit controls", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.1.1", "label": "Network controls", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.1.2", "label": "Security of network services", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.1.3", "label": "Segregation in networks", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.1", "label": "Information transfer policies and procedures", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.2", "label": "Agreements on information transfer", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.3", "label": "Electronic messaging", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.4", "label": "Confidentiality or non-disclosure agreements", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.1.1", "label": "Information security requirements analysis and specification", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.1.2", "label": "Securing application services on public networks", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.1.3", "label": "Protecting application services transactions", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.1", "label": "Secure development policy", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.2", "label": "System change control procedures", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.3", "label": "Technical review of applications after operating platform changes", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.4", "label": "Restrictions on changes to software packages", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.5", "label": "Secure system engineering principles", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.6", "label": "Secure development environment", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.7", "label": "Outsourced software development", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.8", "label": "System security testing", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.9", "label": "System acceptance testing", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.3.1", "label": "Protection of test data", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.1.1", "label": "Information security policy for supplier relationships", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.1.2", "label": "Addressing security within supplier agreements", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.1.3", "label": "Informaiton and communication technology supply chain", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.2.1", "label": "Monitoring and review of supplier services", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.2.2", "label": "Managing changes to supplier services", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.1", "label": "Responsibilities and procedures", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.2", "label": "Reporting information security events", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.3", "label": "Reporting information security weaknesses", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.4", "label": "Assessment of and decision on information security events", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.5", "label": "Response in information security incidents", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.6", "label": "Learning from information security incidents", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.7", "label": "Collection of evidence", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.1.1", "label": "Planning information security continuity", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.1.2", "label": "Implementing information security continuity", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.1.3", "label": "Verify, review and evaluate information security continuity", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.2.1", "label": "Availability of information processing facilities", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.1", "label": "Identification of applicable legislation", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.2", "label": "Intellectual Property Rights", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.3", "label": "Protection of records", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.4", "label": "Privacy and protection of personally identifiable information", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.5", "label": "Regulation of cryptographic controls", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.2.1", "label": "Independent review of information security", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.2.2", "label": "Compliance with security policies and standards", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.2.3", "label": "Technical compliance review", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2022-02-21T12:45:14.000538+00:00 https://objects.monarc.lu/object/get/5228 2023-03-31T19:15:40.014929+00:00 MONARC { "label": "ISO/IEC 27002 [2013] - ISO/IEC 27002 [2022]", "refs": [ "https://www.iso.org/standard/75652.html" ], "security referentials UUID": [ "98ca84fb-db87-11e8-ac77-0800279aaa2b", "831acc76-2bcc-4376-836a-f6b0ee6df568" ], "uuid": "dee86397-a961-4598-a22c-2b7b20dc9675", "values": [ { "control": "ac5590c1-5e43-4a29-87fb-5ba7416a0831", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "ac5590c1-5e43-4a29-87fb-5ba7416a0831", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "957e0fb3-f06e-4ef5-b152-f1045b3a576f", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "e283f5ed-3a64-4bed-b479-35e4cd8173e6", "match": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "control": "7a5c4510-1d09-481b-822d-2d58745d390b", "match": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "control": "33aa534c-482a-4503-919c-635ac65d084e", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "41d38a42-6f44-4561-b0a2-801095d4eec9", "match": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "control": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "0a23f517-b172-47b2-bc0a-0f693d2900b0", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "48ecb62f-f73d-4c65-a8e4-2fa831346a70", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "48ecb62f-f73d-4c65-a8e4-2fa831346a70", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "95882551-578c-4c0d-afe8-1dff2b251da4", "match": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "control": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "9e7bdc0e-1603-4545-a2cc-0650fe035e37", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "83389b64-b080-4625-8e81-05174311e2d8", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "9acaadb0-2f58-4d9b-963b-7671ed0471a6", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "e4ef6822-7f1f-46f8-9700-37cde17e81b8", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "fb24425c-10df-4bc3-9b48-d72b952b92b5", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "c26bedb1-42f5-4154-8cea-b923b1103cfe", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "26fbd0ef-28da-4930-850f-8519da290fd4", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "14667423-4f22-49dd-a0fc-bbf3c25597d3", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "474fedbd-0b89-436c-ac04-41c21d6e7420", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "07285d43-9ee2-406b-a9fa-3ad36650054b", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "cb371cfa-e8d4-4a83-af29-2f8982929268", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "14667423-4f22-49dd-a0fc-bbf3c25597d3", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "a3897661-541e-4c4c-9844-2981d8288ec6", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "fc66f113-3f02-4354-8610-879b5467971a", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "00e9c4c9-c718-4834-a312-c08abb03838c", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "096b291e-bded-40aa-a3f7-492bcc5dcf4c", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "1167decd-0e55-4359-8fb2-599c490d89fa", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "866a0676-f2bd-4499-ba25-cd6f9466969a", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "6ea4f43d-0d12-4edf-8191-bf469f25e252", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "00383120-11a9-4b95-bfb9-47b3d4975bcb", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "307d39d8-d31f-4b55-8a0e-9632cd0e380a", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "307d39d8-d31f-4b55-8a0e-9632cd0e380a", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "e8d6402b-f022-494b-b289-3d5d98368e8e", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "991f8c55-2da0-4dbf-b604-cbadc8df8389", "match": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "control": "f331b956-c83b-47b6-a563-09222b1ae7a0", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "e2e52a80-4222-4f57-b471-92ce90a83ed7", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "47ad87a1-dd3e-443e-8d82-2ec782979637", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "1167decd-0e55-4359-8fb2-599c490d89fa", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "1167decd-0e55-4359-8fb2-599c490d89fa", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "1fbd96df-158c-47a2-8dc5-a22c6f915a79", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "1fbd96df-158c-47a2-8dc5-a22c6f915a79", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "1167decd-0e55-4359-8fb2-599c490d89fa", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "1fbd96df-158c-47a2-8dc5-a22c6f915a79", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "8298dbd1-c18e-4f03-bb63-4867bfeaf716", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "8298dbd1-c18e-4f03-bb63-4867bfeaf716", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "6e2ed592-c992-4076-b9ec-b7e9a78a7029", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "6e2ed592-c992-4076-b9ec-b7e9a78a7029", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "6e2ed592-c992-4076-b9ec-b7e9a78a7029", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "de075220-6acf-4ca7-837b-713b1f87f5f3", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "8890016c-2883-4771-b346-2e8ec19ff2dd", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "c26bedb1-42f5-4154-8cea-b923b1103cfe", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "069bd61a-62a9-4158-b5f9-59e4ee0c8614", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "de075220-6acf-4ca7-837b-713b1f87f5f3", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "6c305573-67ac-488e-882a-8e94e6373355", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "9389f178-57cb-4b52-b464-5b983d10ae90", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "1d9e4229-e86e-4cb1-8e63-fd30711040dd", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "276430e7-47c5-461b-a5c4-7b46dae11759", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "45d81142-d8b8-45c5-811b-8a636c404af8", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "5773b0a9-8687-4802-9f19-2d1fba45e6a5", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5", "match": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "control": "b56726a8-3883-4893-ae75-2ba555411148", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "866a0676-f2bd-4499-ba25-cd6f9466969a", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "866a0676-f2bd-4499-ba25-cd6f9466969a", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "866a0676-f2bd-4499-ba25-cd6f9466969a", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "d5f93f4a-eac7-4200-b90b-c02db54c76f4", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "ed627a92-cb52-472a-aa2e-b981f8b12de5", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "ed627a92-cb52-472a-aa2e-b981f8b12de5", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "1c03c68f-29a0-4606-b99d-072491f53e96", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "432a79d3-45e9-477e-b63a-ab7566bb8590", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "497618e9-e495-42b6-b04e-21801f9c01f7", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "a197825e-e8f5-47f5-851d-66105a6fc3b2", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "a197825e-e8f5-47f5-851d-66105a6fc3b2", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "a197825e-e8f5-47f5-851d-66105a6fc3b2", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd", "match": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "control": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "3ff683de-9ca5-482d-8423-06d4d8e315a3", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "3ff683de-9ca5-482d-8423-06d4d8e315a3", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "744146f1-5a14-43c0-b675-8c2649486f64", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "45d81142-d8b8-45c5-811b-8a636c404af8", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "95882551-578c-4c0d-afe8-1dff2b251da4", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "c26bedb1-42f5-4154-8cea-b923b1103cfe", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "991f8c55-2da0-4dbf-b604-cbadc8df8389", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "00383120-11a9-4b95-bfb9-47b3d4975bcb", "match": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "control": "3ddf1641-0529-44d2-8a23-b5811555cdd2", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "5773b0a9-8687-4802-9f19-2d1fba45e6a5", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "0aa214a8-51a6-45df-a279-03f04ea5c19e", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "865ca2d0-30e8-47f2-9f25-4256943a0d72", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4", "match": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 0 } 2022-02-21T13:50:17.977517+00:00 https://objects.monarc.lu/object/get/5104 2023-03-31T19:15:40.014727+00:00 MONARC [ { "controller": { "contact": "16, boulevard d\u2019Avranches L-1160 Luxembourg (+352) 274 00 98 601 info@securitymadein.lu", "name": "Security made in L\u00ebtzebuerg g.i.e." }, "name": "Gestion utilisateurs cloud (my.monarc.lu)", "personal_data": [ { "data_categories": [ { "name": "nom" }, { "name": "e-mail" }, { "name": "pr\u00e9nom" } ], "data_subject": "utilisateurs", "description": "Le nom et pr\u00e9nom sont utilis\u00e9s pour identifier les actions de l'utilisateurs sur l'outil. L'adresse mail est n\u00e9cessaire pour reinialiser le mot de passe et s'authentifier dans l'outil", "retention_period": 0, "retention_period_description": "Jusqu'\u00e0 que l'utilisateur supprime son compte ou apr\u00e8s une inactivit\u00e9 de deux ans", "retention_period_mode": "day(s)" } ], "processors": [ { "activities": "Backup H\u00e9bergement", "contact": "4 Rue d'Arlon, 8399 Windhof (+352) 26 10 30 61 info@conostix.com", "name": "CONOSTIX S.A.", "representative": { "contact": "4 Rue d'Arlon, 8399 Windhof (+352) 26 10 30 61 info@conostix.com", "name": "Yves de Pril" }, "security_measures": "Datacenter Tiers IV" } ], "purposes": "G\u00e9rer l'authentification des utilisateurs sur le cloud my.monarc.lu", "recipients": [ { "description": "L'\u00e9quipe CASES g\u00e8re la cr\u00e9ation et suppression des nouveaux utilisateurs", "name": "CASES", "type": "internal" } ], "representative": { "contact": "16, boulevard d\u2019Avranches L-1160 Luxembourg (+352) 274 00 98 601 info@securitymadein.lu", "name": "Pascal Steichen" }, "security_measures": "Backup Chiffrement Control d'acc\u00e8s" } ] 2022-05-17T09:39:22.418853+00:00 https://objects.monarc.lu/object/get/5212 2023-03-31T19:15:40.013714+00:00 CVE-Search { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2021-34527" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Windows Print Spooler Remote Code Execution Vulnerability" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527", "refsource": "MISC", "tags": [ "Mitigation", "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527" }, { "name": "VU#383432", "refsource": "CERT-VN", "tags": [], "url": "https://www.kb.cert.org/vuls/id/383432" } ] } } 2022-08-03T11:32:08.580789+00:00 https://objects.monarc.lu/object/get/5138 2023-03-31T19:15:40.012455+00:00 MONARC { "object": { "asset": { "amvs": [], "asset": { "code": "CONT", "description": "Conteneur d'actifs", "label": "Conteneur", "language": "FR", "type": "Primary", "uuid": "d2023c8f-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [], "vuls": [] }, "children": [ { "asset": { "amvs": [ { "asset": "4447ebac-6831-4617-a653-4aedfe235faf", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "26c8f378-14a7-4dda-885e-4e371ce0ed99", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_ACTUATORS", "description": "", "label": "IoT - Actionneurs", "language": "FR", "type": "Secondary", "uuid": "4447ebac-6831-4617-a653-4aedfe235faf", "version": 1 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "R\u00e9ception et exploitation dans le syst\u00e8me d'information de l'organisme de donn\u00e9es erron\u00e9es ou de mat\u00e9riels non adapt\u00e9s provenant de sources ext\u00e9rieures.", "i": true, "label": "Information sans garantie de l'origine", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "Le syst\u00e8me permet l'\u00e9mission et la r\u00e9ception d'information sans authentification des \u00e9metteurs ni des destinataires", "language": "FR", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Actionneur", "language": "FR", "name": "Actionneur", "scope": "local", "uuid": "5581f4e4-75ea-4fe0-ac43-a4d8311ab6bf", "version": 1 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "threat": "b402d5af-4576-11e9-9173-0800277f0571", "uuid": "d1140297-6b68-4ccf-9716-665c0b3d4306", "vulnerability": "69fc0555-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_DEVICE", "description": "Partie physique de l'objet connect\u00e9", "label": "IoT - Partie physique de l'objet connect\u00e9", "language": "FR", "type": "Secondary", "uuid": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MD36", "description": "Le mat\u00e9riel est accessible par des personnes \u00e9trang\u00e8res en interne ou en externe. Il est possible de le d\u00e9t\u00e9riorer ou de le voler.", "i": false, "label": "", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5af-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1183", "description": "Des personnes non autoris\u00e9es peuvent acc\u00e9der \u00e0 l'information sans barri\u00e8res physiques ?Acc\u00e8s facile ? Locaux publics ? Passage ou couloir \u00e0 proximit\u00e9 ?", "label": "L'acc\u00e8s est possible pour des personnes n'ayant aucun motif de service", "language": "FR", "mode": 0, "uuid": "69fc0555-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Device", "language": "FR", "name": "Device", "scope": "local", "uuid": "59617857-43b1-4660-b571-3f75fa22a1ae", "version": 1 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb547-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5ea-4576-11e9-9173-0800277f0571", "uuid": "7f9fb55e-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0627-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb58d-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "d2522441-1a7b-456f-8b4b-8f2d6b586632", "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_OS", "description": "Syst\u00e8me d'exploitation ou middleware de l'objet connect\u00e9", "label": "IoT - Syst\u00e8me d'exploitation", "language": "FR", "type": "Secondary", "uuid": "d2023de2-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MA15", "description": "Erreur de conception, erreur d'installation ou n\u00e9gligence d'exploitation commise lors de modification provoquant une ex\u00e9cution non-conforme.", "i": true, "label": "Dysfonctionnement logiciel", "language": "FR", "theme": "D\u00e9faillances techniques", "uuid": "b402d513-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA17", "description": "Personne poss\u00e9dant des droits privil\u00e9gi\u00e9s (administrateur de r\u00e9seaux, personnel informaticien...) et pouvant modifier les caract\u00e9ristiques d'exploitation des ressources.", "i": true, "label": "Abus de droits", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA13", "description": "Logiciel non d\u00e9sir\u00e9 executant des op\u00e9rations cherchant \u00e0 nuire \u00e0 l'organisme.", "i": true, "label": "Infection par un malware", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1172", "description": "Y a-t-il des accords contractuels formels avec les tiers principaux ?Existe-t-il des r\u00e8gles d'intervention ? Nom de personnes ? D\u00e9lais ?", "label": "Pas d'accord de services avec les tiers (internes ou externes)", "language": "FR", "mode": 0, "uuid": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "code": "1224", "description": "Liaison maintenue en permanence\u00c9changes en clair Absence de compte-rendu", "label": "La t\u00e9l\u00e9maintenance n'est pas g\u00e9r\u00e9e correctement par le fournisseur", "language": "FR", "mode": 0, "uuid": "69fc0627-4591-11e9-9173-0800277f0571" }, { "code": "1213", "description": "La gestion des changements sur les logiciels ou sur le syst\u00e8me d'information est elle correcte ?Planification des changements ? Estimation des charges ? Tests avant mise en production ?", "label": "Pr\u00e9sences de lacunes dans la gestion des changements ou la maintenance des logiciels", "language": "FR", "mode": 0, "uuid": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "code": "1178", "description": "Existe-t-il une proc\u00e9dure ? Formelle ?Quelle est la p\u00e9riodicit\u00e9 d'application ? Qui est le responsable ?Des tests sont-ils effectu\u00e9s ? Avant ? Apr\u00e8s ?", "label": "La gestion des mises \u00e0 jour (patch) comporte des lacunes", "language": "FR", "mode": 0, "uuid": "69fc051f-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Syst\u00e8me d'exploitation", "language": "FR", "name": "Syst\u00e8me d'exploitation", "scope": "local", "uuid": "4b31e8dd-24d8-4780-aa62-d5f4fff53760", "version": 1 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d5df-4576-11e9-9173-0800277f0571", "uuid": "02c8ec95-756a-447b-916b-312b29c2e43c", "vulnerability": "69fc0101-4591-11e9-9173-0800277f0571" }, { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "4896c568-6eb2-4454-9d80-bad8f8106a0f", "vulnerability": "69fc0952-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_NETWORK_INTERFACE", "description": "IOT - Interface r\u00e9seau", "label": "IoT - Interface r\u00e9seau", "language": "FR", "type": "Secondary", "uuid": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MDA16", "description": "Personne ou ressource de type mat\u00e9riel, logiciel ou r\u00e9seau simulant un besoin de ressource intense en provoquant un parasitage intense et continu de la ressource.", "i": false, "label": "Saturation du syst\u00e8me informatique", "language": "FR", "theme": "D\u00e9faillances techniques", "uuid": "b402d5df-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Personne \u00e9tant connect\u00e9e aux \u00e9quipements ou aux supports de communication ou plac\u00e9e dans le p\u00e9rim\u00e8tre de couverture d'\u00e9mission d'une communication.", "i": false, "label": "\u00c9coute passive", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1070", "description": "", "label": "Mauvais dimensionnement des ressources (ex.: trop d'utilisateurs par rapport aux nombres possibles de connexions et \u00e0 la bande passante)", "language": "FR", "mode": 0, "uuid": "69fc0101-4591-11e9-9173-0800277f0571" }, { "code": "210", "description": "", "label": "Mat\u00e9riel disposant d'interface de communication \u00e9coutable (infra rouge, 802.11, Bluetooth...)", "language": "FR", "mode": 0, "uuid": "69fc0952-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Interfaces de communication", "language": "FR", "name": "Interface de communication", "scope": "local", "uuid": "926e6d32-9bca-4675-b817-b572f5947072", "version": 1 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d5c9-4576-11e9-9173-0800277f0571", "uuid": "5cf11c67-0843-4dec-bb0e-c649d97a2bc4", "vulnerability": "69fc057e-4591-11e9-9173-0800277f0571" }, { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d620-4576-11e9-9173-0800277f0571", "uuid": "a162b328-c313-4464-80ba-f1db359d7655", "vulnerability": "69fc0f0d-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_STORAGE_LOCAL", "description": "El\u00e9ments sauvegard\u00e9s en local sur l'objet connect\u00e9", "label": "IoT - Storage local", "language": "FR", "type": "Secondary", "uuid": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "version": 1 }, "measures": [], "threats": [ { "a": false, "c": true, "code": "MDA12", "description": "R\u00e9cup\u00e9ration de supports \u00e9lectroniques (disques durs, disquettes, cartouches de sauvegarde, cl\u00e9s USB, disquettes ZIP, disques durs amovibles...) ou papier (listing, \u00e9ditions incompl\u00e8tes, messages...) destin\u00e9s au recyclage et contenant des informations r\u00e9c", "i": false, "label": "R\u00e9cup\u00e9ration de supports recycl\u00e9s ou mis au rebut", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" }, { "a": true, "c": false, "code": "MDA29", "description": "Ev\u00e8nement provoquant la destruction d\u2019un mat\u00e9riel ou d'un support.", "i": false, "label": "Destruction de mat\u00e9riel ou de supports", "language": "FR", "theme": "Sinistres physiques", "uuid": "b402d620-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1191", "description": "Existe-t-il une proc\u00e9dure formelle ?Est-elle respect\u00e9e ?La chaine de mise au rebut est-elle correcte ?", "label": "La mise au rebut n'est pas correctement assur\u00e9e", "language": "FR", "mode": 0, "uuid": "69fc057e-4591-11e9-9173-0800277f0571" }, { "code": "283", "description": "", "label": "Absence de sauvegarde des donn\u00e9es contenues sur les supports", "language": "FR", "mode": 0, "uuid": "69fc0f0d-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Storage local", "language": "FR", "name": "Storage local", "scope": "local", "uuid": "7da319ff-851c-414f-bb76-50cfc48254b5", "version": 1 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d4e0-4576-11e9-9173-0800277f0571", "uuid": "1631becd-9756-46f3-b23d-a3d93bac3fab", "vulnerability": "69fc0515-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb735-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb74c-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb763-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb77a-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc061d-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d58f-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7a9-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc1924-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7ca-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0560-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_APP", "description": "Application du device IOT", "label": "IoT - Application utilisateur", "language": "FR", "type": "Secondary", "uuid": "d2023dd3-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MA11", "description": "Personne commettant une erreur de manipulation, de saisie, d'utilisation de mat\u00e9riels ou logiciels.", "i": true, "label": "Erreur d'utilisation", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d4e0-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MDA20", "description": "Personne qui, volontairement ou par n\u00e9gligence, diffuse de l'information .", "i": false, "label": "Divulgation d'information", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d600-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MD14", "description": "Personne se faisant passer pour une autre de mani\u00e8re \u00e0 utiliser ces privil\u00e8ges d'acc\u00e8s au syst\u00e8me d'information, d\u00e9sinformer le destinataire, r\u00e9aliser une fraude\u2026", "i": true, "label": "Usurpation de droits", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d530-4576-11e9-9173-0800277f0571" }, { "a": false, "c": false, "code": "MD24", "description": "Une personne ou une entit\u00e9 renie sa participation \u00e0 un \u00e9change avec un tiers ou \u00e0 la r\u00e9alisation d'une op\u00e9ration.", "i": true, "label": "Reniement d'actions", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d58f-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Personne \u00e9tant connect\u00e9e aux \u00e9quipements ou aux supports de communication ou plac\u00e9e dans le p\u00e9rim\u00e8tre de couverture d'\u00e9mission d'une communication.", "i": false, "label": "\u00c9coute passive", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1177", "description": "L'ergonomie du logiciel pose-t-elle des probl\u00e8mes ?Est-il complexe \u00e0 comprendre ou \u00e0 utiliser ?Le temps de formation ou d'adaptation est-il long ? Existe-t-il des cas d'erreurs connus ?", "label": "Outils ou programmes non adapt\u00e9s \u00e0 l'utilisation ou non ergonomiques", "language": "FR", "mode": 0, "uuid": "69fc0515-4591-11e9-9173-0800277f0571" }, { "code": "1168", "description": "Est-ce que toutes les autorisations sont donn\u00e9es en respectant ce principe ?", "label": "Le principe de besoin d'en conna\u00eetre n'est pas respect\u00e9", "language": "FR", "mode": 0, "uuid": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "code": "1166", "description": "Y a-t-il une proc\u00e9dure formelle ?Qui autorise les acc\u00e8s ?Le principe de 4 yeux est-il respect\u00e9 ?", "label": "La gestion des autorisations comporte des failles", "language": "FR", "mode": 0, "uuid": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "code": "1167", "description": "Y a-t-il une politique de mots de passe ?Bonnes pratiques (longueur, complexit\u00e9, changement ...) ?Y a-t-il un compte par personne ?Y a-t-il des comptes partag\u00e9s ?", "label": "L'authentification des utilisateurs n'est pas assur\u00e9e", "language": "FR", "mode": 0, "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "code": "1221", "description": "Y a-t-il possibilit\u00e9 d'exporter les donn\u00e9es ?\u00c9galement en format structur\u00e9 (XLS, CSV, XML, etc.) ?", "label": "Les droits de l'utilisateur permettent l\u2019export de l'information", "language": "FR", "mode": 0, "uuid": "69fc061d-4591-11e9-9173-0800277f0571" }, { "code": "50", "description": "Y a-t-il des logs ?Sont-ils suffisants au regard des contr\u00f4les \u00e0 effectuer ?", "label": "Absence de conservation des traces des activit\u00e9s", "language": "FR", "mode": 0, "uuid": "69fc1924-4591-11e9-9173-0800277f0571" }, { "code": "1184", "description": "Le moyen de communication est-il chiffr\u00e9 ?Le moyen de communication est-il accessible par des tiers ?", "label": "Utilisation d'un moyen de communication non s\u00e9curis\u00e9", "language": "FR", "mode": 0, "uuid": "69fc0560-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Application", "language": "FR", "name": "Application", "scope": "local", "uuid": "cbfb813a-3e9c-415c-9ece-9c2bd7c781b7", "version": 1 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "fa281f62-931c-47dd-82b6-976e543a2168", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "15715227-f575-462b-b467-236532cddbb6", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_SENSORS", "description": "", "label": "IoT - Capteur", "language": "FR", "type": "Secondary", "uuid": "fa281f62-931c-47dd-82b6-976e543a2168", "version": 1 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "R\u00e9ception et exploitation dans le syst\u00e8me d'information de l'organisme de donn\u00e9es erron\u00e9es ou de mat\u00e9riels non adapt\u00e9s provenant de sources ext\u00e9rieures.", "i": true, "label": "Information sans garantie de l'origine", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "Le syst\u00e8me permet l'\u00e9mission et la r\u00e9ception d'information sans authentification des \u00e9metteurs ni des destinataires", "language": "FR", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Capteur", "language": "FR", "name": "Capteur", "scope": "local", "uuid": "e1473c38-42fc-4124-8b66-595ed18c1db2", "version": 1 }, "rolfRisks": [], "rolfTags": [] } ], "object": { "label": "Objet connect\u00e9", "language": "FR", "name": "Objet connect\u00e9", "scope": "local", "uuid": "0ceec4ea-73c0-4055-bcf1-819346ffdd0b", "version": 1 }, "rolfRisks": [], "rolfTags": [] } } 2022-08-03T11:33:57.667923+00:00 https://objects.monarc.lu/object/get/5139 2023-03-31T19:15:40.011293+00:00 MONARC { "object": { "asset": { "amvs": [], "asset": { "code": "CONT", "description": "Asset container", "label": "Container", "language": "EN", "type": "Primary", "uuid": "d2023c8f-44d1-11e9-a78c-0800277f0571", "version": 0 }, "measures": [], "threats": [], "vuls": [] }, "children": [ { "asset": { "amvs": [ { "asset": "4447ebac-6831-4617-a653-4aedfe235faf", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "26c8f378-14a7-4dda-885e-4e371ce0ed99", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_ACTUATORS", "description": "", "label": "IoT - Actuators", "language": "EN", "type": "Secondary", "uuid": "4447ebac-6831-4617-a653-4aedfe235faf", "version": 0 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", "i": true, "label": "Data from untrustworthy sources", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "The system allows information to be sent and received without authentication of the senders or recipients", "language": "EN", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Actuator", "language": "EN", "name": "Actuator", "scope": "local", "uuid": "5581f4e4-75ea-4fe0-ac43-a4d8311ab6bf", "version": 0 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "threat": "b402d5af-4576-11e9-9173-0800277f0571", "uuid": "d1140297-6b68-4ccf-9716-665c0b3d4306", "vulnerability": "69fc0555-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_DEVICE", "description": "", "label": "IoT - Physical part of the IoT", "language": "EN", "type": "Secondary", "uuid": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MD36", "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.", "i": false, "label": "Theft or destruction of media, documents or equipment", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5af-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1183", "description": "Can unauthorised persons access information without physical barriers?Is it easy to access? Are the premises public? Is there a passage or corridor nearby?", "label": "Persons without a service reason can gain access", "language": "EN", "mode": 0, "uuid": "69fc0555-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Device", "language": "EN", "name": "Device", "scope": "local", "uuid": "59617857-43b1-4660-b571-3f75fa22a1ae", "version": 0 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb547-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5ea-4576-11e9-9173-0800277f0571", "uuid": "7f9fb55e-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0627-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb58d-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "d2522441-1a7b-456f-8b4b-8f2d6b586632", "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_MAINTENANCE", "description": "Software maintenance", "label": "Software maintenance", "language": "EN", "type": "Secondary", "uuid": "d2023de2-44d1-11e9-a78c-0800277f0571", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MA15", "description": "Design error, installation error or operating error committed during modification causing incorrect execution.", "i": true, "label": "Software malfunction", "language": "EN", "theme": "Technical failures", "uuid": "b402d513-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA17", "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.", "i": true, "label": "Abuse of rights", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA13", "description": "Unwanted software that is doing operations seeking to harm the company.", "i": true, "label": "Malware infection", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1172", "description": "Are there formal contractual agreements with the main third parties?Are there intervention rules? People's names? Timeframes?", "label": "No SLAs with third parties (internal or external)", "language": "EN", "mode": 0, "uuid": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "code": "1224", "description": "Link permanently maintainedUnencrypted exchangesNo record", "label": "The supplier does not manage remote maintenance properly", "language": "EN", "mode": 0, "uuid": "69fc0627-4591-11e9-9173-0800277f0571" }, { "code": "1213", "description": "Is change management for software or the IT system correct?Is there planning for changes? Cost estimates? Tests before production begins?", "label": "Problems in change management or software maintenance", "language": "EN", "mode": 0, "uuid": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "code": "1178", "description": "Is there a procedure? Is it formal?How frequently is it implemented? Who is in charge?Are tests performed? Before? After?", "label": "Update management (patches) is flawed", "language": "EN", "mode": 0, "uuid": "69fc051f-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Operating system", "language": "EN", "name": "Operating system", "scope": "local", "uuid": "4b31e8dd-24d8-4780-aa62-d5f4fff53760", "version": 0 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d5df-4576-11e9-9173-0800277f0571", "uuid": "02c8ec95-756a-447b-916b-312b29c2e43c", "vulnerability": "69fc0101-4591-11e9-9173-0800277f0571" }, { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "4896c568-6eb2-4454-9d80-bad8f8106a0f", "vulnerability": "69fc0952-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_NETWORK_INTERFACE", "description": "IoT - Network interface", "label": "IoT - Interface r\u00e9seau", "language": "EN", "type": "Secondary", "uuid": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MDA16", "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.", "i": false, "label": "Saturation of the information system", "language": "EN", "theme": "Technical failures", "uuid": "b402d5df-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", "i": false, "label": "Eavesdropping", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1070", "description": "", "label": "Incorrect sizing of resources (e.g. too many users for the number of connections possible and the passband)", "language": "EN", "mode": 0, "uuid": "69fc0101-4591-11e9-9173-0800277f0571" }, { "code": "210", "description": "", "label": "Equipment with a communication interface that can be eavesdropped (infrared, 802.11, Bluetooth, etc.)", "language": "EN", "mode": 0, "uuid": "69fc0952-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Communication interface", "language": "EN", "name": "Communication interface", "scope": "local", "uuid": "926e6d32-9bca-4675-b817-b572f5947072", "version": 0 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d5c9-4576-11e9-9173-0800277f0571", "uuid": "5cf11c67-0843-4dec-bb0e-c649d97a2bc4", "vulnerability": "69fc057e-4591-11e9-9173-0800277f0571" }, { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d620-4576-11e9-9173-0800277f0571", "uuid": "a162b328-c313-4464-80ba-f1db359d7655", "vulnerability": "69fc0f0d-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_STORAGE_LOCAL", "description": "", "label": "IoT - Local Storage", "language": "EN", "type": "Secondary", "uuid": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "version": 0 }, "measures": [], "threats": [ { "a": false, "c": true, "code": "MDA12", "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.", "i": false, "label": "Retrieval of recycled or discarded media", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" }, { "a": true, "c": false, "code": "MDA29", "description": "Event causing destruction of equipment or media.", "i": false, "label": "Destruction of equipment or supports", "language": "EN", "theme": "Physical damage", "uuid": "b402d620-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1191", "description": "Is there a formal procedure?Is it followed?Is the disposal line correct?", "label": "Disposal is not carried out properly", "language": "EN", "mode": 0, "uuid": "69fc057e-4591-11e9-9173-0800277f0571" }, { "code": "283", "description": "", "label": "No back-up of data contained on the media", "language": "EN", "mode": 0, "uuid": "69fc0f0d-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Local storage", "language": "EN", "name": "Local storage", "scope": "local", "uuid": "7da319ff-851c-414f-bb76-50cfc48254b5", "version": 0 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d4e0-4576-11e9-9173-0800277f0571", "uuid": "1631becd-9756-46f3-b23d-a3d93bac3fab", "vulnerability": "69fc0515-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb735-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb74c-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb763-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb77a-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc061d-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d58f-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7a9-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc1924-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7ca-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0560-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_LOGICIEL", "description": "Business application", "label": "Software", "language": "EN", "type": "Secondary", "uuid": "d2023dd3-44d1-11e9-a78c-0800277f0571", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MA11", "description": "A person commits an operating error, input error or utilisation error on hardware or software.", "i": true, "label": "Error in use", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d4e0-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MDA20", "description": "Person who voluntarily or negligently disclosure information.", "i": false, "label": "Disclosure", "language": "EN", "theme": "Compromise of information", "uuid": "b402d600-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MD14", "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.", "i": true, "label": "Forging of rights", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d530-4576-11e9-9173-0800277f0571" }, { "a": false, "c": false, "code": "MD24", "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation.", "i": true, "label": "Denial of actions", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d58f-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", "i": false, "label": "Eavesdropping", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1177", "description": "Does the software's design cause users problems?Is it complicated to understand or use?Does training or adaptation take a long time? Are there any known errors?", "label": "Tools or programs are not adapted for use or are not ergonomic", "language": "EN", "mode": 0, "uuid": "69fc0515-4591-11e9-9173-0800277f0571" }, { "code": "1168", "description": "Are all authorisations granted in compliance with this principle?", "label": "The need-to-know principle is not respected", "language": "EN", "mode": 0, "uuid": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "code": "1166", "description": "Is there a formal procedure?Who authorises access?Is the four-eyes principle followed?", "label": "Authorisation management is flawed", "language": "EN", "mode": 0, "uuid": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "code": "1167", "description": "Is there a password policy?Are there good practices (length, complexity, change, etc.)?Is there one account per person?Are there shared accounts?", "label": "User authentication is not ensured", "language": "EN", "mode": 0, "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "code": "1221", "description": "Can data be exported?Also in a structured format (XLS, CSV, XML, etc.)?", "label": "User rights allow information to be exported", "language": "EN", "mode": 0, "uuid": "69fc061d-4591-11e9-9173-0800277f0571" }, { "code": "50", "description": "Are there logs?Are they sufficient in terms of the checks to be carried out?", "label": "No storage of activity tracks", "language": "EN", "mode": 0, "uuid": "69fc1924-4591-11e9-9173-0800277f0571" }, { "code": "1184", "description": "Is the method of communication encrypted?Could third parties access the method of communication?", "label": "Use of an unsecured method of communication", "language": "EN", "mode": 0, "uuid": "69fc0560-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Application", "language": "EN", "name": "Application", "scope": "local", "uuid": "cbfb813a-3e9c-415c-9ece-9c2bd7c781b7", "version": 0 }, "rolfRisks": [], "rolfTags": [] }, { "asset": { "amvs": [ { "asset": "fa281f62-931c-47dd-82b6-976e543a2168", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "15715227-f575-462b-b467-236532cddbb6", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_SENSORS", "description": "", "label": "IoT - Sensor", "language": "EN", "type": "Secondary", "uuid": "fa281f62-931c-47dd-82b6-976e543a2168", "version": 0 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", "i": true, "label": "Data from untrustworthy sources", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "The system allows information to be sent and received without authentication of the senders or recipients", "language": "EN", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Sensor", "language": "EN", "name": "Sensor", "scope": "local", "uuid": "e1473c38-42fc-4124-8b66-595ed18c1db2", "version": 0 }, "rolfRisks": [], "rolfTags": [] } ], "object": { "label": "IoT", "language": "EN", "name": "IoT", "scope": "local", "uuid": "0ceec4ea-73c0-4055-bcf1-819346ffdd0b", "version": 0 }, "rolfRisks": [], "rolfTags": [] } } 2022-08-03T11:34:34.109411+00:00 https://objects.monarc.lu/object/get/132 2023-03-31T19:15:40.011078+00:00 MONARC { "code": "1102", "description": "", "label": "The system allows asynchronous operation of certain parts or commands of the operating system to be exploited (e.g. automatic opening of attachments)", "language": "EN", "uuid": "69fc024f-4591-11e9-9173-0800277f0571" } 2022-08-03T11:56:47.382993+00:00 https://objects.monarc.lu/object/get/5234 2023-03-31T19:15:40.010431+00:00 Various contributors { "label": "ISO 27017 - ISO/IEC 27002 [2022]", "security referentials UUID": [ "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "831acc76-2bcc-4376-836a-f6b0ee6df568" ], "uuid": "292a1fb7-e86c-4e29-9b10-34efc98f553e", "values": [ { "control": "\ufeff256e6e9e-cd8b-440a-843b-264e85d582f7", "match": "00383120-11a9-4b95-bfb9-47b3d4975bcb" }, { "control": "64c2a025-e7bf-4ac3-9ab2-431910fff804", "match": "00383120-11a9-4b95-bfb9-47b3d4975bcb" }, { "control": "2f9175dc-3c0e-48d6-b1cb-687009bbf392", "match": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd" }, { "control": "d41b6bc1-82a4-4791-b276-dbbb8d833a33", "match": "00e9c4c9-c718-4834-a312-c08abb03838c" }, { "control": "f34f88d5-7e52-4516-a734-096a09ef1d9b", "match": "069bd61a-62a9-4158-b5f9-59e4ee0c8614" }, { "control": "34ac073d-80ad-4503-b748-bcbad097ea26", "match": "07285d43-9ee2-406b-a9fa-3ad36650054b" }, { "control": "4ab927a0-835d-4122-8377-ed08c418b1c5", "match": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1" }, { "control": "3b7c3fa7-d143-483c-9c26-4908a55979d5", "match": "096b291e-bded-40aa-a3f7-492bcc5dcf4c" }, { "control": "ff7435b8-55f6-46bb-ae61-ddb09c731348", "match": "0a23f517-b172-47b2-bc0a-0f693d2900b0" }, { "control": "66d299d8-e55f-42d7-997b-e5f69392ed82", "match": "0aa214a8-51a6-45df-a279-03f04ea5c19e" }, { "control": "2327176c-b127-4ad3-a1a9-710467ea246f", "match": "1167decd-0e55-4359-8fb2-599c490d89fa" }, { "control": "55f40782-51f0-4e9a-9cae-3898190144c4", "match": "1167decd-0e55-4359-8fb2-599c490d89fa" }, { "control": "bae65eff-a2eb-4da1-899c-539f30f94963", "match": "1167decd-0e55-4359-8fb2-599c490d89fa" }, { "control": "f36660f5-1485-4aca-9757-1dd5399e9cee", "match": "1167decd-0e55-4359-8fb2-599c490d89fa" }, { "control": "b5005f3e-bdc7-4367-8f96-46dd795399c3", "match": "14667423-4f22-49dd-a0fc-bbf3c25597d3" }, { "control": "b98389fe-8024-4d51-90bb-869962c97898", "match": "14667423-4f22-49dd-a0fc-bbf3c25597d3" }, { "control": "62b6663e-768e-4eb3-8c2e-d170f84588d7", "match": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9" }, { "control": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598", "match": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9" }, { "control": "854a7ad0-7db7-4d8c-8374-3be5c36aa026", "match": "1c03c68f-29a0-4606-b99d-072491f53e96" }, { "control": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac", "match": "1d9e4229-e86e-4cb1-8e63-fd30711040dd" }, { "control": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb", "match": "1fbd96df-158c-47a2-8dc5-a22c6f915a79" }, { "control": "bd05d07c-d272-4c55-a4ff-72c6218148d0", "match": "1fbd96df-158c-47a2-8dc5-a22c6f915a79" }, { "control": "e186f19e-8174-4a21-bbb6-1018f32dc714", "match": "1fbd96df-158c-47a2-8dc5-a22c6f915a79" }, { "control": "2ed059b3-7ea4-465e-b20e-f6180b218505", "match": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40" }, { "control": "21c24fcd-374d-408a-9682-eac7e8c3ebf2", "match": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f" }, { "control": "fe98e1f0-175f-4fd8-8530-ac183707c54c", "match": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f" }, { "control": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3", "match": "26fbd0ef-28da-4930-850f-8519da290fd4" }, { "control": "c55c6391-56a2-44de-be4f-a23770cec2fb", "match": "276430e7-47c5-461b-a5c4-7b46dae11759" }, { "control": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7", "match": "307d39d8-d31f-4b55-8a0e-9632cd0e380a" }, { "control": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6", "match": "307d39d8-d31f-4b55-8a0e-9632cd0e380a" }, { "control": "317394d2-538d-42e6-ac3d-f7a54b867ec4", "match": "33aa534c-482a-4503-919c-635ac65d084e" }, { "control": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee", "match": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5" }, { "control": "975cc456-ba0c-4a33-8b65-cbf798f5d979", "match": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd" }, { "control": "07c05b75-2e57-4fd0-9ab7-d7d87742477b", "match": "3ddf1641-0529-44d2-8a23-b5811555cdd2" }, { "control": "9d2bc87a-ceae-463a-a44d-7c60bed5324d", "match": "3ff683de-9ca5-482d-8423-06d4d8e315a3" }, { "control": "d439ae3a-6cee-4f59-91f7-8562266e4d65", "match": "3ff683de-9ca5-482d-8423-06d4d8e315a3" }, { "control": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a", "match": "41d38a42-6f44-4561-b0a2-801095d4eec9" }, { "control": "1703d350-59d5-4510-bf45-d538e4c076a0", "match": "432a79d3-45e9-477e-b63a-ab7566bb8590" }, { "control": "81b8f773-4488-495e-a48e-337be46602cb", "match": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33" }, { "control": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b", "match": "45d81142-d8b8-45c5-811b-8a636c404af8" }, { "control": "4c660684-7259-461d-9eb8-f9c82ca42c98", "match": "45d81142-d8b8-45c5-811b-8a636c404af8" }, { "control": "f44dad64-71cd-447f-a9da-56a1d9f297e4", "match": "474fedbd-0b89-436c-ac04-41c21d6e7420" }, { "control": "d5367603-b1f9-4df6-a188-7ea3b6c28533", "match": "47ad87a1-dd3e-443e-8d82-2ec782979637" }, { "control": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46", "match": "48ecb62f-f73d-4c65-a8e4-2fa831346a70" }, { "control": "d278ad4c-0e81-4008-b7c2-dc52895c5eff", "match": "48ecb62f-f73d-4c65-a8e4-2fa831346a70" }, { "control": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0", "match": "497618e9-e495-42b6-b04e-21801f9c01f7" }, { "control": "f0048224-5868-4d00-a32f-20725cd9752d", "match": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3" }, { "control": "77e30376-3b61-4675-95dc-329c7c2186b8", "match": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1" }, { "control": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933", "match": "5773b0a9-8687-4802-9f19-2d1fba45e6a5" }, { "control": "f34f797f-5c32-4b52-9836-7d103d1a129a", "match": "5773b0a9-8687-4802-9f19-2d1fba45e6a5" }, { "control": "b811e64d-cda4-4416-baec-9f6beda1dd87", "match": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6" }, { "control": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45", "match": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9" }, { "control": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f", "match": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4" }, { "control": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315", "match": "6c305573-67ac-488e-882a-8e94e6373355" }, { "control": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af", "match": "6e2ed592-c992-4076-b9ec-b7e9a78a7029" }, { "control": "cdccb912-7aa9-4542-96fc-2507e9e89b29", "match": "6e2ed592-c992-4076-b9ec-b7e9a78a7029" }, { "control": "de5bec22-ea67-4e67-8d37-52303895c67f", "match": "6e2ed592-c992-4076-b9ec-b7e9a78a7029" }, { "control": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0", "match": "6ea4f43d-0d12-4edf-8191-bf469f25e252" }, { "control": "8b53cd63-6c1a-4a7e-9437-fd908941bcca", "match": "744146f1-5a14-43c0-b675-8c2649486f64" }, { "control": "61bf6872-052b-468c-83b5-ea70d4530629", "match": "7a5c4510-1d09-481b-822d-2d58745d390b" }, { "control": "d8bda302-9c55-4ec0-964b-db63640c12ee", "match": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5" }, { "control": "e9bdd53f-e094-4084-9e40-adeced6d445b", "match": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1" }, { "control": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab", "match": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1" }, { "control": "3c138556-2201-4b36-8907-f6c0f57d420b", "match": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3" }, { "control": "46678a0c-cd66-4610-8687-0d25afe68c1d", "match": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3" }, { "control": "fe3e4943-3440-4818-903d-664972cfb466", "match": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3" }, { "control": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d", "match": "8298dbd1-c18e-4f03-bb63-4867bfeaf716" }, { "control": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1", "match": "8298dbd1-c18e-4f03-bb63-4867bfeaf716" }, { "control": "d96e8662-872e-44ac-a9d5-9229507a5a80", "match": "83389b64-b080-4625-8e81-05174311e2d8" }, { "control": "ab2d3a44-e28b-4f3d-8efa-8038faccd318", "match": "865ca2d0-30e8-47f2-9f25-4256943a0d72" }, { "control": "027c0996-57fa-44d3-85cd-6ea667923174", "match": "866a0676-f2bd-4499-ba25-cd6f9466969a" }, { "control": "54885438-8b8a-4fae-8f23-e8901ec621b4", "match": "866a0676-f2bd-4499-ba25-cd6f9466969a" }, { "control": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d", "match": "866a0676-f2bd-4499-ba25-cd6f9466969a" }, { "control": "cc06514a-bc04-4528-b7bf-3ac296b16dd1", "match": "866a0676-f2bd-4499-ba25-cd6f9466969a" }, { "control": "2c59fe2c-5312-4f3e-b960-4fd843031af7", "match": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7" }, { "control": "cb1f54b6-05b5-4e68-88c3-b943e4952141", "match": "8890016c-2883-4771-b346-2e8ec19ff2dd" }, { "control": "553e228a-15dd-430c-a35b-604b9fccd629", "match": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d" }, { "control": "b5bb6249-a936-4828-9251-c8d4e3ea1f12", "match": "9389f178-57cb-4b52-b464-5b983d10ae90" }, { "control": "100d29a6-1441-4de6-a05a-594c8b1c7243", "match": "957e0fb3-f06e-4ef5-b152-f1045b3a576f" }, { "control": "4dabfd52-4369-4999-9091-6a346703e981", "match": "95882551-578c-4c0d-afe8-1dff2b251da4" }, { "control": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9", "match": "95882551-578c-4c0d-afe8-1dff2b251da4" }, { "control": "82890d01-c97f-4388-b182-e3838afa9ee2", "match": "991f8c55-2da0-4dbf-b604-cbadc8df8389" }, { "control": "ce1b8c19-d3cf-4070-b239-9471272c1faf", "match": "991f8c55-2da0-4dbf-b604-cbadc8df8389" }, { "control": "9ab263ad-4a10-4817-a993-93fff2444c61", "match": "9acaadb0-2f58-4d9b-963b-7671ed0471a6" }, { "control": "d063c875-6442-495b-9118-97906030ceef", "match": "9e7bdc0e-1603-4545-a2cc-0650fe035e37" }, { "control": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88", "match": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8" }, { "control": "66adb661-6e13-41f6-8a50-b894b3ed9e5b", "match": "a197825e-e8f5-47f5-851d-66105a6fc3b2" }, { "control": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7", "match": "a197825e-e8f5-47f5-851d-66105a6fc3b2" }, { "control": "81dc65f7-92e2-4516-9a0c-d1b474d547ba", "match": "a197825e-e8f5-47f5-851d-66105a6fc3b2" }, { "control": "12844c4c-d0c9-4441-9467-9da5b15dd18b", "match": "a3897661-541e-4c4c-9844-2981d8288ec6" }, { "control": "498b0cc7-fbe3-40fb-9b61-1b6db629027f", "match": "ac5590c1-5e43-4a29-87fb-5ba7416a0831" }, { "control": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977", "match": "ac5590c1-5e43-4a29-87fb-5ba7416a0831" }, { "control": "71839786-0214-4608-80be-2555ee0334aa", "match": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d" }, { "control": "9c912ab0-7023-46d5-9376-798a8b81ba6e", "match": "b56726a8-3883-4893-ae75-2ba555411148" }, { "control": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2", "match": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680" }, { "control": "55677739-524b-4167-a2e1-1dc5356e4764", "match": "c26bedb1-42f5-4154-8cea-b923b1103cfe" }, { "control": "680335b4-1efb-4257-ae7c-17de32670edd", "match": "c26bedb1-42f5-4154-8cea-b923b1103cfe" }, { "control": "be07fc69-14fc-4c94-8626-083983f204f7", "match": "c26bedb1-42f5-4154-8cea-b923b1103cfe" }, { "control": "cb40e300-60d1-4ae8-88e8-338e536ddbdb", "match": "c26bedb1-42f5-4154-8cea-b923b1103cfe" }, { "control": "4ed3205f-9921-432b-9a8b-3e400598e0ff", "match": "cb371cfa-e8d4-4a83-af29-2f8982929268" }, { "control": "21a6dbb4-8365-4b48-8421-ea10458695ee", "match": "d5f93f4a-eac7-4200-b90b-c02db54c76f4" }, { "control": "1100bd1a-cfd4-4450-9192-5bd85ef107e2", "match": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2" }, { "control": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e", "match": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5" }, { "control": "12c2d158-c0d2-448f-b36e-9f17e1cc230f", "match": "de075220-6acf-4ca7-837b-713b1f87f5f3" }, { "control": "680335b4-1efb-4257-ae7c-17de32670edd", "match": "de075220-6acf-4ca7-837b-713b1f87f5f3" }, { "control": "d8a9d846-b938-4f74-8f4c-f35f120209be", "match": "de075220-6acf-4ca7-837b-713b1f87f5f3" }, { "control": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a", "match": "e283f5ed-3a64-4bed-b479-35e4cd8173e6" }, { "control": "6769d72a-c19a-4af1-814b-e58ecce6bb34", "match": "e2e52a80-4222-4f57-b471-92ce90a83ed7" }, { "control": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8", "match": "e4ef6822-7f1f-46f8-9700-37cde17e81b8" }, { "control": "7fadb5eb-5597-44f2-b323-88fa75a0e08e", "match": "e8d6402b-f022-494b-b289-3d5d98368e8e" }, { "control": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea", "match": "ed627a92-cb52-472a-aa2e-b981f8b12de5" }, { "control": "c7ad8338-7659-4783-af2b-55f35e3ccfdf", "match": "ed627a92-cb52-472a-aa2e-b981f8b12de5" }, { "control": "f4cc92f8-58e8-4129-b48e-d118a94496ab", "match": "f331b956-c83b-47b6-a563-09222b1ae7a0" }, { "control": "6c082aee-3c87-423e-9a46-4467cc6dc823", "match": "fb24425c-10df-4bc3-9b48-d72b952b92b5" }, { "control": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25", "match": "fc66f113-3f02-4354-8610-879b5467971a" } ], "version": 1 } 2022-08-03T12:25:48.118511+00:00 https://objects.monarc.lu/object/get/5233 2023-03-31T19:15:40.009215+00:00 Various contributors { "authors": [ "Jeremy Dannenmuller" ], "label": "ISO 27017", "language": "EN", "refs": "https://www.iso.org/fr/standard/43757.html", "uuid": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "values": [ { "category": "Security in development and support processes", "code": "14.2.2", "label": "System change control procedures", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "027c0996-57fa-44d3-85cd-6ea667923174" }, { "category": "Supplier service delivery management", "code": "15.2.2", "label": "Managing chages to supplier services", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "03c9db14-f91d-4c4e-a4a1-18e7709d9fd7" }, { "category": "Security in development and support processes", "code": "14.2.1", "label": "Secure development policy", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "07c05b75-2e57-4fd0-9ab7-d7d87742477b" }, { "category": "Termination and change of employment", "code": "7.3.1", "label": "Termination or change of employment responsabilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "0afb0635-1b85-4e2a-b0cf-5cdad6a23fd8" }, { "category": "Secure areas", "code": "11.1.1", "label": "Physical security perimeter", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "0fe351eb-d64b-4c74-b05b-bdfda6b9c4d3" }, { "category": "During employment", "code": "7.2.1", "label": "Management responsabilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "100d29a6-1441-4de6-a05a-594c8b1c7243" }, { "category": "Logging and monitoring", "code": "12.4.4", "label": "Clock synchronization", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "1100bd1a-cfd4-4450-9192-5bd85ef107e2" }, { "category": "Equipment", "code": "11.2.1", "label": "Equipment siting and protection", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "12844c4c-d0c9-4441-9467-9da5b15dd18b" }, { "category": "Business requirements of access control", "code": "9.1.1", "label": "Access control policy", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "12c2d158-c0d2-448f-b36e-9f17e1cc230f" }, { "category": "Management of information security incidents and improvements", "code": "16.1.7", "label": "Collection of evidence", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "1703d350-59d5-4510-bf45-d538e4c076a0" }, { "category": "Security requirements of information systems", "code": "14.1.1", "label": "Information security requirements analysis and specification", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "1de9d538-a7c3-4817-8c44-3ffbdfc9f12b" }, { "category": "Security in development and support processes", "code": "14.2.7", "label": "Outsourced development", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "21a6dbb4-8365-4b48-8421-ea10458695ee" }, { "category": "Equipment", "code": "11.2.8", "label": "Unattended user equipment", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "21c24fcd-374d-408a-9682-eac7e8c3ebf2" }, { "category": "Media handling", "code": "8.3.1", "label": "Management or removable media", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2327176c-b127-4ad3-a1a9-710467ea246f" }, { "category": "Security in development and support processes", "code": "14.2.6", "label": "Secure development environment", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "256e6e9e-cd8b-440a-843b-264e85d582f7" }, { "category": "Information security in supplier relationships", "code": "15.1.3", "label": "Information and communication technology supply chain", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2c59fe2c-5312-4f3e-b960-4fd843031af7" }, { "category": "Operational procedures and responsibilities", "code": "CLD.12.1.5", "label": "Administrator's operational security", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2df8b9c3-b6f4-4484-a9b3-5e6f33ad1038" }, { "category": "Network security management", "code": "13.1.3", "label": "Segregation in networks", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2e10ce2d-1c5c-41f6-a8a9-f1f7f3b07315" }, { "category": "Relationship between cloud service customer and cloud service provider", "code": "CLD.6.3.1", "label": "Shared roles and responsibilities within a cloud computing environment", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2e43ca82-0b18-4dbd-916c-b2fc102bf662" }, { "category": "Information security in supplier relationships", "code": "15.1.1", "label": "Information security policy for supplier relationships", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2ed059b3-7ea4-465e-b20e-f6180b218505" }, { "category": "Information classification", "code": "8.2.2", "label": "Labelling of information", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "2f9175dc-3c0e-48d6-b1cb-687009bbf392" }, { "category": "Internal organization", "code": "6.1.4", "label": "Contact with special interest groups", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "317394d2-538d-42e6-ac3d-f7a54b867ec4" }, { "category": "Secure areas", "code": "11.1.4", "label": "Protecting against external and environmental threats", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "34ac073d-80ad-4503-b748-bcbad097ea26" }, { "category": "Access control of cloud service customer data in shared virtual environment", "code": "CLD.9.5.2", "label": "Virtual machine hardening", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "34fa0af1-02c7-46c0-b38f-30db3f27bf46" }, { "category": "Compliance with legal and contractual requirements", "code": "18.1.3", "label": "Protection of records", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "38527fcd-9eef-4f31-9ff1-551c9cb1ea88" }, { "category": "Network security management", "code": "13.1.1", "label": "Network controls", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "3ad14be8-e76e-4c06-bb5c-6722361ee1ee" }, { "category": "Responsibility for assets", "code": "CLD.8.1.5", "label": "Removal of cloud service customer assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "3ae82816-ae78-4a6c-889e-07bdb84da4e4" }, { "category": "Equipment", "code": "11.2.4", "label": "Equipment maintenance", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "3b7c3fa7-d143-483c-9c26-4908a55979d5" }, { "category": "User access management", "code": "9.2.4", "label": "Management of secret authentication information of users", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "3c138556-2201-4b36-8907-f6c0f57d420b" }, { "category": "Logging and monitoring", "code": "CLD.12.4.5", "label": "Monitoring of Cloud Services", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "439a4491-65aa-4990-b6e4-6e10af836373" }, { "category": "Responsibility for assets", "code": "8.1.1", "label": "Inventory of assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "44dddcc0-257a-4f2b-94d5-1b63a25a6e46" }, { "category": "System and application access control", "code": "9.4.3", "label": "Password management system", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "46678a0c-cd66-4610-8687-0d25afe68c1d" }, { "category": "Information security policies", "code": "5.1.1", "label": "Policies for information security", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "498b0cc7-fbe3-40fb-9b61-1b6db629027f" }, { "category": "Management of information security incidents and improvements", "code": "16.1.1", "label": "Responsabilities and procedures", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "4ab927a0-835d-4122-8377-ed08c418b1c5" }, { "category": "Internal organization", "code": "6.1.5", "label": "Information security in project management", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "4c660684-7259-461d-9eb8-f9c82ca42c98" }, { "category": "Control of operational software", "code": "12.5.1", "label": "Installation of software on operational systems", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "4d2882a6-5a63-404c-bbe7-2f2ea08ff933" }, { "category": "Information classification", "code": "8.2.3", "label": "Handling of assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "4dabfd52-4369-4999-9091-6a346703e981" }, { "category": "Secure areas", "code": "11.1.5", "label": "Working in secure areas", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "4ed3205f-9921-432b-9a8b-3e400598e0ff" }, { "category": "Internal organization", "code": "6.1.1", "label": "Information security roles and responsabilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "515aacb3-f1c1-4bb2-95fa-1cb29713b03e" }, { "category": "Security in development and support processes", "code": "14.2.3", "label": "Technical review of applications after operating platform changes", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "54885438-8b8a-4fae-8f23-e8901ec621b4" }, { "category": "System and application access control", "code": "9.4.1", "label": "Information access restriction", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "553e228a-15dd-430c-a35b-604b9fccd629" }, { "category": "User access management", "code": "9.2.2", "label": "User access provisioning", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "55677739-524b-4167-a2e1-1dc5356e4764" }, { "category": "Equipment", "code": "11.2.5", "label": "Removal of assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "55f40782-51f0-4e9a-9cae-3898190144c4" }, { "category": "Supplier service delivery management", "code": "15.2.1", "label": "Monitoring and review of supplier services", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "58566e59-9ce2-4ded-b2bb-20a7e1c4a5c6" }, { "category": "Information transfer", "code": "13.2.4", "label": "Confidentiality or non-disclosure agreements", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "5b239f2c-162d-4fa1-9e98-9fdf54426a8a" }, { "category": "Responsibility for assets", "code": "8.1.3", "label": "The acceptable use of assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "5ddefc67-2c51-4a11-b1e2-3ca2eaaf02b9" }, { "category": "Internal organization", "code": "6.1.3", "label": "Contact with authorities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "61bf6872-052b-468c-83b5-ea70d4530629" }, { "category": "Cryptographic controls", "code": "10.1.2", "label": "Key management", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "62b6663e-768e-4eb3-8c2e-d170f84588d7" }, { "category": "Operational procedures and responsibilities", "code": "12.1.4", "label": "Separation of development, testing and operational environments", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "64c2a025-e7bf-4ac3-9ab2-431910fff804" }, { "category": "Information security continuity", "code": "17.1.1", "label": "Planning information security continuity", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "66adb661-6e13-41f6-8a50-b894b3ed9e5b" }, { "category": "Management of information security incidents and improvements", "code": "16.1.4", "label": "Assessment of and decision on information security events", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "66d299d8-e55f-42d7-997b-e5f69392ed82" }, { "category": "Backup", "code": "12.3.1", "label": "Information backup", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "6769d72a-c19a-4af1-814b-e58ecce6bb34" }, { "category": "System and application access control", "code": "9.4.2", "label": "Secure log-on procedures", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "678b1392-7cab-49c2-a5f5-9f7884e0d9ac" }, { "category": "User access management", "code": "9.2.1", "label": "User registration and deregistration", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "680335b4-1efb-4257-ae7c-17de32670edd" }, { "category": "Internal organization", "code": "6.1.2", "label": "Segregtion of duties", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "682075b0-f0b6-4d2f-b4ad-8e93569bafa0" }, { "category": "Information security continuity", "code": "17.1.3", "label": "Verify, review and evaluate information security continuity", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "68f40f2c-d0c9-405e-b56e-fca2a63cb7e7" }, { "category": "Security requirements of information systems", "code": "14.1.3", "label": "Protecting application services transactions", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "6a1b60fb-5c46-40d1-b0b8-5494b1d00b8d" }, { "category": "Network security management", "code": "CLD.13.1.4", "label": "Alignment of security management for virtual and physical networks", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "6a972973-2dec-4c54-ac8f-d4e1e06dcc63" }, { "category": "Equipment", "code": "11.2.2", "label": "Supporting utilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "6ade5e75-9f3a-4b23-b3aa-301908f5bc25" }, { "category": "Responsibility for assets", "code": "8.1.4", "label": "Return of assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "6c082aee-3c87-423e-9a46-4467cc6dc823" }, { "category": "Technical vulnerability management", "code": "12.6.1", "label": "Management of technical vulnerabilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "71839786-0214-4608-80be-2555ee0334aa" }, { "category": "Information classification", "code": "8.2.1", "label": "Classification of information", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "77e30376-3b61-4675-95dc-329c7c2186b8" }, { "category": "Operational procedures and responsibilities", "code": "12.1.3", "label": "Capacity management", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "7fadb5eb-5597-44f2-b323-88fa75a0e08e" }, { "category": "Equipment", "code": "11.2.7", "label": "Secure disposal or reuse of equipment", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "81b8f773-4488-495e-a48e-337be46602cb" }, { "category": "Information security continuity", "code": "17.1.2", "label": "Implementing information security continuity", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "81dc65f7-92e2-4516-9a0c-d1b474d547ba" }, { "category": "Security in development and support processes", "code": "14.2.8", "label": "System security testing", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "82890d01-c97f-4388-b182-e3838afa9ee2" }, { "category": "Management of information security incidents and improvements", "code": "16.1.6", "label": "Learning from information security incidents", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "854a7ad0-7db7-4d8c-8374-3be5c36aa026" }, { "category": "Information systems audit considerations", "code": "12.7.1", "label": "Information systems audit controls", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "8b53cd63-6c1a-4a7e-9437-fd908941bcca" }, { "category": "During employment", "code": "7.2.2", "label": "Information security awareness, education and training", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "8c3b6fe5-ce53-4b61-9ca4-5f7850c169b2" }, { "category": "Logging and monitoring", "code": "12.4.3", "label": "Administrator and operator logs", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "8e969c8d-e7a3-41e1-b425-3e678c3ae2af" }, { "category": "Compliance with legal and contractual requirements", "code": "18.1.2", "label": "Intellectual property rights", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "975cc456-ba0c-4a33-8b65-cbf798f5d979" }, { "category": "Redundancies", "code": "17.2.1", "label": "Availability of information processing facilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "98255bf6-65b8-45b1-b5bf-d1da91d0d36f" }, { "category": "Cryptographic controls", "code": "10.1.1", "label": "Policy on the use of cryptographic controls", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "99d6328e-f0f6-41ee-b8e3-e9ba7e8e4598" }, { "category": "During employment", "code": "7.2.3", "label": "Disciplinary process", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "9ab263ad-4a10-4817-a993-93fff2444c61" }, { "category": "System and application access control", "code": "9.4.5", "label": "Access control to program source code", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "9c912ab0-7023-46d5-9376-798a8b81ba6e" }, { "category": "Information security reviews", "code": "18.2.2", "label": "Compliance with security policies and standards", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "9d2bc87a-ceae-463a-a44d-7c60bed5324d" }, { "category": "Management of information security incidents and improvements", "code": "16.1.2", "label": "Reporting information security events", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "9d8e4c20-d33c-4a15-9dd9-8f1f215450ea" }, { "category": "Operational procedures and responsibilities", "code": "12.1.2", "label": "Change management", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "a6f3e7d1-9f4c-43a1-8406-7c96bfcc409d" }, { "category": "Management of information security incidents and improvements", "code": "16.1.5", "label": "Response to information security incidents", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "ab2d3a44-e28b-4f3d-8efa-8038faccd318" }, { "category": "Security requirements of information systems", "code": "14.1.2", "label": "Securing applications services on public networks", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "b2548a30-85d7-4c8f-8dd6-16272ff3b5a1" }, { "category": "Secure areas", "code": "11.1.2", "label": "Physical entry controls", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "b5005f3e-bdc7-4367-8f96-46dd795399c3" }, { "category": "System and application access control", "code": "9.4.4", "label": "Use of privileged utility programs", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "b5bb6249-a936-4828-9251-c8d4e3ea1f12" }, { "category": "Equipment", "code": "11.2.6", "label": "Security of equipment and assets off-premises", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "b811e64d-cda4-4416-baec-9f6beda1dd87" }, { "category": "Secure areas", "code": "11.1.6", "label": "Delivery and loading areas", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "b98389fe-8024-4d51-90bb-869962c97898" }, { "category": "Media handling", "code": "8.3.2", "label": "Disposal of media", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "bae65eff-a2eb-4da1-899c-539f30f94963" }, { "category": "Information transfer", "code": "13.2.1", "label": "Information transfer policies and procedures", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "bb0c3df6-e3f4-4684-b0c7-2beadada7aeb" }, { "category": "Information transfer", "code": "13.2.2", "label": "Agreements on information transfer", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "bd05d07c-d272-4c55-a4ff-72c6218148d0" }, { "category": "User access management", "code": "9.2.5", "label": "Review of user access rights", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "be07fc69-14fc-4c94-8626-083983f204f7" }, { "category": "Access control of cloud service customer data in shared virtual environment", "code": "CLD.9.5.1", "label": "Segregation in virtual computing environments", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "be604ecc-3dee-4e29-b1b7-d63d58f54748" }, { "category": "Mobile devices and teleworking", "code": "6.2.2", "label": "Teleworking", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "c55c6391-56a2-44de-be4f-a23770cec2fb" }, { "category": "Management of information security incidents and improvements", "code": "16.1.3", "label": "Reporting information security weakness", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "c7ad8338-7659-4783-af2b-55f35e3ccfdf" }, { "category": "User access management", "code": "9.2.3", "label": "Management of privileged access rights", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "cb1f54b6-05b5-4e68-88c3-b943e4952141" }, { "category": "User access management", "code": "9.2.6", "label": "Removal or adjustment of access rights", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "cb40e300-60d1-4ae8-88e8-338e536ddbdb" }, { "category": "Security in development and support processes", "code": "14.2.4", "label": "Restrictions on changes to software packages", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "cc06514a-bc04-4528-b7bf-3ac296b16dd1" }, { "category": "Logging and monitoring", "code": "12.4.2", "label": "Protection of log information", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "cdccb912-7aa9-4542-96fc-2507e9e89b29" }, { "category": "Security in development and support processes", "code": "14.2.9", "label": "System acceptance testing", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "ce1b8c19-d3cf-4070-b239-9471272c1faf" }, { "category": "Prior to empoyment", "code": "7.1.1", "label": "Screening", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d063c875-6442-495b-9118-97906030ceef" }, { "category": "Security in development and support processes", "code": "14.2.5", "label": "Secure system engineering principles", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d181a7ba-55fd-40ef-a1c5-a32348e2d4c0" }, { "category": "Responsibility for assets", "code": "8.1.2", "label": "Owernship of assets", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d278ad4c-0e81-4008-b7c2-dc52895c5eff" }, { "category": "Equipment", "code": "11.2.3", "label": "Cabling security", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d41b6bc1-82a4-4791-b276-dbbb8d833a33" }, { "category": "Information security reviews", "code": "18.2.3", "label": "Technical compliance review", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d439ae3a-6cee-4f59-91f7-8562266e4d65" }, { "category": "Network security management", "code": "13.1.2", "label": "Security of network services", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d5367603-b1f9-4df6-a188-7ea3b6c28533" }, { "category": "Information security reviews", "code": "18.2.1", "label": "Independant review of information security", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d5908953-79d7-4ad8-ac0e-b4e11ba74c8a" }, { "category": "Business requirements of access control", "code": "9.1.2", "label": "Access to networks and network services", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d8a9d846-b938-4f74-8f4c-f35f120209be" }, { "category": "Test data", "code": "14.3.1", "label": "Protection of test data", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d8bda302-9c55-4ec0-964b-db63640c12ee" }, { "category": "Prior to empoyment", "code": "7.1.2", "label": "Terms and conditions of employment", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "d96e8662-872e-44ac-a9d5-9229507a5a80" }, { "category": "Compliance with legal and contractual requirements", "code": "18.1.4", "label": "Privacy and protection of personally identifiable information", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "ddcabe58-0ffb-4021-a5f5-1b71fbbe8d45" }, { "category": "Logging and monitoring", "code": "12.4.1", "label": "Event logging", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "de5bec22-ea67-4e67-8d37-52303895c67f" }, { "category": "Information transfer", "code": "13.2.3", "label": "Electronic messaging", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "e186f19e-8174-4a21-bbb6-1018f32dc714" }, { "category": "Compliance with legal and contractual requirements", "code": "18.1.5", "label": "Regulation of cryptographic controls", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "e9bdd53f-e094-4084-9e40-adeced6d445b" }, { "category": "Operational procedures and responsibilities", "code": "12.1.1", "label": "Documented operating procedures", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f0048224-5868-4d00-a32f-20725cd9752d" }, { "category": "Technical vulnerability management", "code": "12.6.2", "label": "Restrictions on software installation", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f34f797f-5c32-4b52-9836-7d103d1a129a" }, { "category": "Equipment", "code": "11.2.9", "label": "Clear desk and clear screen policy", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f34f88d5-7e52-4516-a734-096a09ef1d9b" }, { "category": "Media handling", "code": "8.3.3", "label": "Physical media transfer", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f36660f5-1485-4aca-9757-1dd5399e9cee" }, { "category": "Secure areas", "code": "11.1.3", "label": "Securing offices, rooms and facilities", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f44dad64-71cd-447f-a9da-56a1d9f297e4" }, { "category": "Protection from malware", "code": "12.2.1", "label": "Controls against malware", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f4cc92f8-58e8-4129-b48e-d118a94496ab" }, { "category": "Information security policies", "code": "5.1.2", "label": "Review of the policies for information security", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "f9614eeb-7fb2-4901-8834-f9ecf5a1c977" }, { "category": "Compliance with legal and contractual requirements", "code": "18.1.1", "label": "Identification of applicable legislation and contractual requirements", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "fc109da0-3bf5-4f8e-8df8-1dd4d45b8dab" }, { "category": "User responsabilities", "code": "9.3.1", "label": "Use of secret authentication information", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "fe3e4943-3440-4818-903d-664972cfb466" }, { "category": "Mobile devices and teleworking", "code": "6.2.1", "label": "Mobile device policy", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "fe98e1f0-175f-4fd8-8530-ac183707c54c" }, { "category": "Information security in supplier relationships", "code": "15.1.2", "label": "Addressing security within supplier agreements", "referential": "9a73a15e-bb36-434e-a2fe-c3ac1b7ed9a2", "referential_label": "ISO 27017", "uuid": "ff7435b8-55f6-46bb-ae61-ddb09c731348" } ], "version": 1 } 2022-08-03T13:11:25.452983+00:00 https://objects.monarc.lu/object/get/5238 2023-03-31T19:15:40.008366+00:00 Various contributors { "authors": [ "Jeremy Dannenmuller" ], "label": "PCI DSS 4.0", "language": "EN", "refs": "https://listings.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf", "uuid": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "values": [ { "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", "code": "5.4", "label": "5.4 Anti-phishing mechanisms protect users against phishing attacks.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "033ed95f-0444-4200-a229-d36ba8d320ac" }, { "category": "Requirement 11: Test Security of Systems and Networks Regularly.", "code": "11.1", "label": "11.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "042cc126-c21a-42c2-a003-fe0184ddbfec" }, { "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", "code": "6.4", "label": "6.4 Public-facing web applications are protected against attacks.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "046b9fca-955e-4d7f-bfca-ae6a0cf92f01" }, { "category": "Requirement 1: Install and maintain Network Security Controls", "code": "1.1", "label": "1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "09262d8f-9fa8-48bc-90a6-b5dd76f6f5a6" }, { "category": "Requirement 1: Install and maintain Network Security Controls", "code": "1.3", "label": "1.3 Network access to and from the cardholder data environment is restricted.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "0a26e736-1827-4572-9165-617b4d4a5edd" }, { "category": "Requirement 2: Apply Secure Configurations to All System Components.", "code": "2.2", "label": "2.2 System components are configured and managed securely.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "109bd9fe-1bbd-45f0-91da-27758cfacb1f" }, { "category": "A2 - Additional PCI DSS Requirements for Entities Using SSL/Early TLS for Card-Present POS POI Terminal Connections", "code": "A.2.1", "label": "A2.1 POI terminals using SSL and/or early TLS are confirmed as not susceptible to known SSL/TLS exploits.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "11bd5603-6d95-45b2-b166-2977810e693b" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.2", "label": "3.2 Storage of account data is kept to a minimum.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "13643f1d-5127-4338-8747-b9b1a5153553" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.2", "label": "10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity. and the forensic analysis of events.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "1570bd71-c8bd-4839-a833-20a4d9c78c19" }, { "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", "code": "6.2", "label": "6.2 Bespoke and custom software are developed securely.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "166b54f6-039c-47ee-b53c-a4c441054ef3" }, { "category": "Requirement 11: Test Security of Systems and Networks Regularly.", "code": "11.2", "label": "11.2 Wireless access points are identified and monitored. and unauthorized wireless access points are addressed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "198e86b1-88fd-4ca2-920b-abe3188d2161" }, { "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", "code": "9.2", "label": "9.2 Physical access controls manage entry into facilities and systems containing cardholder data.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "29116643-2936-45ae-b095-c32472c5c5fc" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.1", "label": "10.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "291753d9-bdb7-4284-82cd-86639dd5051c" }, { "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", "code": "8.4", "label": "8.4 Multi-factor authentication (MFA) is implemented to secure access into the CDE", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "2b3ceaf1-acd1-4a25-9920-9365a0edecc6" }, { "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", "code": "5.2", "label": "5.2 Malicious software (malware) is prevented. or detected and addressed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "367f079c-235c-415f-acfa-cfc8fcbf57e3" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.6", "label": "3.6 Cryptographic keys used to protect stored account data are secured.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "36db6005-d2cc-4406-a441-71cf2918935a" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.7", "label": "12.7 Personnel are screened to reduce risks from insider threats.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "37e791d6-5a76-4bf6-a8dc-ed2951acca43" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.5", "label": "12.5 PCI DSS scope is documented and validated.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "382b37cb-0b20-4d93-8297-156cbb7a0257" }, { "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", "code": "9.4", "label": "9.4 Media with cardholder data is securely stored. accessed. distributed. and destroyed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "3b9336b9-d7b6-4ea6-bcba-920f9a6ced43" }, { "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.", "code": "4.2", "label": "4.2 PAN is protected with strong cryptography during transmission", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "3b988763-bff2-4cee-b1b2-5cea61e9dcf8" }, { "category": "Requirement 11: Test Security of Systems and Networks Regularly.", "code": "11.5", "label": "11.5 Network intrusions and unexpected file changes are detected and responded to.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "3d7419df-8a0b-4ec0-902f-89f90e77bdc1" }, { "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", "code": "6.5", "label": "6.5 Changes to all system components are managed securely.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "435fad54-ccb7-4f4f-b8fe-5b75af1bf4ea" }, { "category": "A3 - Designated Entities Supplemental Validation (DESV)", "code": "A3.3", "label": "A3.3 PCI DSS is incorporated into business-as-usual (BAU) activities.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "438c70bf-7e0c-477d-97ae-31578185da58" }, { "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", "code": "7.1", "label": "7.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "43ec094e-fe4c-4355-b4f4-5e7281016cec" }, { "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", "code": "5.1", "label": "5.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "471b054e-61a2-4a72-830b-13843ed09146" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.1", "label": "12.1 A comprehensive information security policy that governs and provides direction for protection of the entity\u2019s information assets is known and current.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "478a985a-4bad-42a5-b34e-45d5db543d63" }, { "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss", "code": "A1.1", "label": "A1.1 Multi-tenant service providers protect and separate all customer environments and data.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "49c69882-50a8-4bb7-b56a-e9471d7943d1" }, { "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", "code": "8.1", "label": "8.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "4c8a94b0-1f2c-4a10-a279-6ee20397543e" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.4", "label": "10.4 Audit logs are reviewed to identify anomalies or suspicious activity.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "536ee90b-6041-4e7f-b445-0fde74e24338" }, { "category": "A3 - Designated Entities Supplemental Validation (DESV)", "code": "A3.1", "label": "A3.1 A PCI DSS compliance program is implemented.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "5b43004f-9e3d-42f3-a321-f482d68ff54d" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.9", "label": "12.9 Third-party service providers (TPSPs) support their customers\u2019 PCI DSS compliance.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "5bf20465-8283-4b0f-82fa-ff2fa4f5b6e8" }, { "category": "Requirement 1: Install and maintain Network Security Controls", "code": "1.4", "label": "1.4 Network connections between trusted and untrusted networks are controlled.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "5d8988d4-09b2-416d-b58a-970597fc4397" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.1", "label": "3.1 Processes and mechanisms for protecting stored account data are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "6ad4ac2b-74e8-4ff2-9d39-f6becb2e124f" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.6", "label": "10.6 Time-synchronization mechanisms support consistent time settings across all systems.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "6eca23a9-8def-4bd9-8ece-b0666a2f4368" }, { "category": "Requirement 2: Apply Secure Configurations to All System Components.", "code": "2.1", "label": "2.1 Processes and mechanisms for applying secure configurations to all system components are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "6f8d5129-c4df-49d4-9728-05d78632814b" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.6", "label": "12.6 Security awareness education is an ongoing activity.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "71787501-c169-411d-9778-e2cfc5e5736b" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.7", "label": "3.7 Where cryptography is used to protect stored account data. key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "842b0d6d-2577-4ab4-9b8f-c19679c8d473" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.7", "label": "10.7 Failures of critical security control systems are detected. reported. and responded to promptly.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "8500ef96-773c-4616-b5c8-62145ef3def8" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.3", "label": "12.3 Risks to the cardholder data environment are formally identified. evaluated. and managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "8553ef88-3cf6-419d-951b-60d9f0bfa59e" }, { "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", "code": "7.2", "label": "7.2 Access to system components and data is appropriately defined and assigned.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "898f18b0-f44b-4417-be6a-ce77e4291870" }, { "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", "code": "9.1", "label": "9.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "8ecf814d-8ead-4774-aa4c-9a0f447de93e" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.5", "label": "10.5 Audit log history is retained and available for analysis.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "91456cd4-47b4-49a8-9ac7-e10c94deb909" }, { "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", "code": "10.3", "label": "10.3 Audit logs are protected from destruction and unauthorized modifications.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "9545f6f7-1959-4972-828e-c002fb7c5e3f" }, { "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", "code": "7.3", "label": "7.3 Access to system components and data is managed via an access control system(s).", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "9bd5a560-6770-4620-8a87-3df344593a05" }, { "category": "Requirement 11: Test Security of Systems and Networks Regularly.", "code": "11.6", "label": "11.6 Unauthorized changes on payment pages are detected and responded to.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "9e9b1e73-bb3f-4dac-b85e-51b0a28a746a" }, { "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", "code": "8.6", "label": "8.6 Use of application and system accounts and associated authentication factors is strictly managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "9f0dec80-eec7-49a8-bbbd-9d1af3c3bd47" }, { "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", "code": "8.2", "label": "8.2 User identification and related accounts for users and administrators are strictly managed throughout an account\u2019s lifecycle.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "a77319f3-1eec-4789-8756-b2df9270901b" }, { "category": "Requirement 2: Apply Secure Configurations to All System Components.", "code": "2.3", "label": "2.3 Wireless environments are configured and managed securely.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "aa8d0ac1-cb2a-4e0f-bcaa-d2763497f676" }, { "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.", "code": "4.1", "label": "4.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open. public networks are defined and documented.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "af758496-f659-442b-be1a-cd11dbc05de8" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.4", "label": "3.4 Access to displays of full PAN and ability to copy cardholder data are restricted.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "b0a9f97c-0ecc-4ebf-865e-2a7efdb3b52b" }, { "category": "Requirement 11: Test Security of Systems and Networks Regularly.", "code": "11.3", "label": "11.3 External and internal vulnerabilities are regularly identified. prioritized. and addressed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "b1d5619d-525a-4bc9-9919-4a16efb68f81" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.3", "label": "3.3 Sensitive authentication data (SAD) is not stored after authorization.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "b8b5e383-cb55-43fc-b3ea-9a89b4e0ab10" }, { "category": "A3 - Designated Entities Supplemental Validation (DESV)", "code": "A3.4", "label": "A3.4 Logical access to the cardholder data environment is controlled and managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "be27bba6-21a1-416b-8258-cb9c232dc471" }, { "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", "code": "8.3", "label": "8.3 Strong authentication for users and administrators is established and managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "be64acf7-9530-4008-84d0-3a47086c9c27" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.10", "label": "12.10 Suspected and confirmed security incidents that could impact the CDE are responded to immediately.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "be9c173b-84c8-4b07-a71c-be8b1a44da6d" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.8", "label": "12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "be9d8fae-7af6-4555-812c-c587b43a8c2a" }, { "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", "code": "6.1", "label": "6.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "c059d4de-2980-46c8-bb74-b68b9e1053e4" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.4", "label": "12.4 PCI DSS compliance is managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "ca690618-be96-4a4b-ae7e-b55ad2c50241" }, { "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", "code": "8.5", "label": "8.5 Multi-factor authentication (MFA) systems are configured to prevent misuse.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "ca745f8a-b78a-4031-b669-9f80f3aca137" }, { "category": "Requirement 11: Test Security of Systems and Networks Regularly.", "code": "11.4", "label": "11.4 External and internal penetration testing is regularly performed. and exploitable vulnerabilities and security weaknesses are corrected.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "ce87911e-ef45-44ec-8584-b63dbb0d3b10" }, { "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", "code": "6.3", "label": "6.3 Security vulnerabilities are identified and addressed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "d33fbe7b-ca98-4cd7-805c-c25d2f54196d" }, { "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", "code": "5.3", "label": "5.3 Anti-malware mechanisms and processes are active. maintained. and monitored.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "de7526f0-bfdf-46a0-b6cd-bea9fb3ad41f" }, { "category": "Requirement 1: Install and maintain Network Security Controls", "code": "1.2", "label": "1.2 Network security controls (NSCs) are configured and maintained.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "df9c7366-838e-4107-951b-b7e1c8cfe80b" }, { "category": "A3 - Designated Entities Supplemental Validation (DESV)", "code": "A3.2", "label": "A3.2 PCI DSS scope is documented and validated.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "e1da88c4-6a4b-4e80-a8e8-1927bfb3f985" }, { "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", "code": "12.2", "label": "12.2 Acceptable use policies for end-user technologies are defined and implemented.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "e3c4b267-059e-4591-8e66-d8241bdeb589" }, { "category": "Requirement 3: Protect Stored Account Data.", "code": "3.5", "label": "3.5 Primary account number (PAN) is secured wherever it is stored.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "e69ac6c5-0858-4bc1-813c-6b58b7f26add" }, { "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss", "code": "A1.2", "label": "A1.2 Multi-tenant service providers facilitate logging and incident response for all customers.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "e8e297ed-23f7-4903-be2d-0726a26031cd" }, { "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", "code": "9.5", "label": "9.5 Point of interaction (POI) devices are protected from tampering and unauthorized substitution.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "ec550cfe-4f7e-4b0c-91ee-7ed3846db76a" }, { "category": "Requirement 1: Install and maintain Network Security Controls", "code": "1.5", "label": "1.5 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "efdaa881-863d-470a-b6fb-32b32a671145" }, { "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", "code": "9.3", "label": "9.3 Physical access for personnel and visitors is authorized and managed.", "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", "referential_label": "PCI DSS 4.0", "uuid": "fa1e1209-7b93-43e9-bace-461cbcf0f639" } ], "version": 1 } 2022-08-09T06:03:26.116327+00:00 https://objects.monarc.lu/object/get/5227 2023-03-31T19:15:40.007439+00:00 MONARC { "authors": [ "CASES Team" ], "label": "ISO/IEC 27002 [2022]", "language": "EN", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "831acc76-2bcc-4376-836a-f6b0ee6df568", "values": [ { "category": "Organizational controls", "code": "5.1", "label": "Policies for information security", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "ac5590c1-5e43-4a29-87fb-5ba7416a0831" }, { "category": "Organizational controls", "code": "5.2", "label": "Information security roles and responsibilities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "dcdebb24-3cf2-4c27-bb01-4cd04118e6f5" }, { "category": "Organizational controls", "code": "5.3", "label": "Segregation of duties", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "6ea4f43d-0d12-4edf-8191-bf469f25e252" }, { "category": "Organizational controls", "code": "5.4", "label": "Management responsibilities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "957e0fb3-f06e-4ef5-b152-f1045b3a576f" }, { "category": "Organizational controls", "code": "5.5", "label": "Contact with authorities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "7a5c4510-1d09-481b-822d-2d58745d390b" }, { "category": "Organizational controls", "code": "5.6", "label": "Contact with special interest groups", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "33aa534c-482a-4503-919c-635ac65d084e" }, { "category": "Organizational controls", "code": "5.7", "label": "Threat intelligence", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "dca62889-6240-406e-8c94-5f418e7e004e" }, { "category": "Organizational controls", "code": "5.8", "label": "Information security in project management", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "45d81142-d8b8-45c5-811b-8a636c404af8" }, { "category": "Organizational controls", "code": "5.9", "label": "Inventory of information and other associated assets", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "48ecb62f-f73d-4c65-a8e4-2fa831346a70" }, { "category": "Organizational controls", "code": "5.10", "label": "Acceptable use of information and other associated assets", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "95882551-578c-4c0d-afe8-1dff2b251da4" }, { "category": "Organizational controls", "code": "5.11", "label": "Return of assets", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "fb24425c-10df-4bc3-9b48-d72b952b92b5" }, { "category": "Organizational controls", "code": "5.12", "label": "Classification of information", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "4ca57d37-8fc9-4d15-b6a7-64416a520ac1" }, { "category": "Organizational controls", "code": "5.13", "label": "Labelling of information", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "006fc402-2bba-4bcb-85b6-7bb9de4c54cd" }, { "category": "Organizational controls", "code": "5.14", "label": "Information transfer", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "1fbd96df-158c-47a2-8dc5-a22c6f915a79" }, { "category": "Organizational controls", "code": "5.15", "label": "Access control", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "de075220-6acf-4ca7-837b-713b1f87f5f3" }, { "category": "Organizational controls", "code": "5.16", "label": "Identity management", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "d2cb623e-3cc6-46fd-bbe7-3239e5fa2626" }, { "category": "Organizational controls", "code": "5.17", "label": "Authentication information", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "7fe8f85a-6c22-4680-b076-88d74ba5c4e3" }, { "category": "Organizational controls", "code": "5.18", "label": "Access rights", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "c26bedb1-42f5-4154-8cea-b923b1103cfe" }, { "category": "Organizational controls", "code": "5.19", "label": "Information security in supplier relationships", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "239e3bca-0b4b-4692-9ba1-9e2a73d6cc40" }, { "category": "Organizational controls", "code": "5.20", "label": "Addressing information security within supplier agreements", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "0a23f517-b172-47b2-bc0a-0f693d2900b0" }, { "category": "Organizational controls", "code": "5.21", "label": "Managing information security in the ICT supply chain", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "86fdcdd5-2d94-43ad-aab1-ccc64b3e42f7" }, { "category": "Organizational controls", "code": "5.22", "label": "Monitoring, review and change management of supplier services", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "307d39d8-d31f-4b55-8a0e-9632cd0e380a" }, { "category": "Organizational controls", "code": "5.23", "label": "Information security for use of cloud services", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "e706a0d1-b2ce-4488-b8ae-905f88ab7e4d" }, { "category": "Organizational controls", "code": "5.24", "label": "Information security incident management planning and preparation", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "07e0fb5e-7b82-4f85-b7c7-d22b205436b1" }, { "category": "Organizational controls", "code": "5.25", "label": "Assessment and decision on information security events", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "0aa214a8-51a6-45df-a279-03f04ea5c19e" }, { "category": "Organizational controls", "code": "5.26", "label": "Response to information security incidents", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "865ca2d0-30e8-47f2-9f25-4256943a0d72" }, { "category": "Organizational controls", "code": "5.27", "label": "Learning from information security incidents", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "1c03c68f-29a0-4606-b99d-072491f53e96" }, { "category": "Organizational controls", "code": "5.28", "label": "Collection of evidence", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "432a79d3-45e9-477e-b63a-ab7566bb8590" }, { "category": "Organizational controls", "code": "5.29", "label": "Information security during disruption", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "a197825e-e8f5-47f5-851d-66105a6fc3b2" }, { "category": "Organizational controls", "code": "5.30", "label": "ICT readiness for business continuity", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "4ca07c19-4442-41b8-81ef-bd105af640c8" }, { "category": "Organizational controls", "code": "5.31", "label": "Legal, statutory, regulatory and contractual requirements", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "7f58e55e-17f5-4dca-a7e5-4566192fa8f1" }, { "category": "Organizational controls", "code": "5.32", "label": "Intellectual property rights", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "3d347675-c00a-4fa2-a0af-a5b66cbd8edd" }, { "category": "Organizational controls", "code": "5.33", "label": "Protection of records", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "9f8e81c8-8a90-4b5e-bcf1-ff2e8b4384e8" }, { "category": "Organizational controls", "code": "5.34", "label": "Privacy and protection of PII", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "6a6b0a5f-4e3a-4845-94cc-890aee7f19d9" }, { "category": "Organizational controls", "code": "5.35", "label": "Independent review of information security", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "41d38a42-6f44-4561-b0a2-801095d4eec9" }, { "category": "Organizational controls", "code": "5.36", "label": "Compliance with policies, rules and standards for information security", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "3ff683de-9ca5-482d-8423-06d4d8e315a3" }, { "category": "Organizational controls", "code": "5.37", "label": "Documented operating procedures", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "4c41ffb8-fbf4-48b7-9e16-52293fbcc3c3" }, { "category": "People controls", "code": "6.1", "label": "Screening", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "9e7bdc0e-1603-4545-a2cc-0650fe035e37" }, { "category": "People controls", "code": "6.2", "label": "Terms and conditions of employment", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "83389b64-b080-4625-8e81-05174311e2d8" }, { "category": "People controls", "code": "6.3", "label": "Information security awareness, education and training", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "bb6eac6b-129a-4ea8-8c26-3df5e05d9680" }, { "category": "People controls", "code": "6.4", "label": "Disciplinary process", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "9acaadb0-2f58-4d9b-963b-7671ed0471a6" }, { "category": "People controls", "code": "6.5", "label": "Responsibilities after termination or change of employment", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "e4ef6822-7f1f-46f8-9700-37cde17e81b8" }, { "category": "People controls", "code": "6.6", "label": "Confidentiality or non-disclosure agreements", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "e283f5ed-3a64-4bed-b479-35e4cd8173e6" }, { "category": "People controls", "code": "6.7", "label": "Remote working", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "276430e7-47c5-461b-a5c4-7b46dae11759" }, { "category": "People controls", "code": "6.8", "label": "Information security event reporting", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "ed627a92-cb52-472a-aa2e-b981f8b12de5" }, { "category": "Physical controls", "code": "7.1", "label": "Physical security perimeters", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "26fbd0ef-28da-4930-850f-8519da290fd4" }, { "category": "Physical controls", "code": "7.2", "label": "Physical entry", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "14667423-4f22-49dd-a0fc-bbf3c25597d3" }, { "category": "Physical controls", "code": "7.3", "label": "Securing offices, rooms and facilities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "474fedbd-0b89-436c-ac04-41c21d6e7420" }, { "category": "Physical controls", "code": "7.4", "label": "Physical security monitoring", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "f439e26f-cec6-41cb-8c86-1b6c0f112ebf" }, { "category": "Physical controls", "code": "7.5", "label": "Protecting against physical and environmental threats", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "07285d43-9ee2-406b-a9fa-3ad36650054b" }, { "category": "Physical controls", "code": "7.6", "label": "Working in secure areas", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "cb371cfa-e8d4-4a83-af29-2f8982929268" }, { "category": "Physical controls", "code": "7.7", "label": "Clear desk and clear screen", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "069bd61a-62a9-4158-b5f9-59e4ee0c8614" }, { "category": "Physical controls", "code": "7.8", "label": "Equipment siting and protection", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "a3897661-541e-4c4c-9844-2981d8288ec6" }, { "category": "Physical controls", "code": "7.9", "label": "Security of assets off-premises", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "68c2f82b-83a3-4aaf-9bce-c57b3f537fa6" }, { "category": "Physical controls", "code": "7.10", "label": "Storage media", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "1167decd-0e55-4359-8fb2-599c490d89fa" }, { "category": "Physical controls", "code": "7.11", "label": "Supporting utilities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "fc66f113-3f02-4354-8610-879b5467971a" }, { "category": "Physical controls", "code": "7.12", "label": "Cabling security", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "00e9c4c9-c718-4834-a312-c08abb03838c" }, { "category": "Physical controls", "code": "7.13", "label": "Equipment maintenance", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "096b291e-bded-40aa-a3f7-492bcc5dcf4c" }, { "category": "Physical controls", "code": "7.14", "label": "Secure disposal or re-use of equipment", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "43e73ea3-8fcd-455c-b05e-c5d8a747ec33" }, { "category": "Technological controls", "code": "8.1", "label": "User endpoint devices", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "26f82aa2-2a5b-49d9-92dd-53a2d98d743f" }, { "category": "Technological controls", "code": "8.2", "label": "Privileged access rights", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "8890016c-2883-4771-b346-2e8ec19ff2dd" }, { "category": "Technological controls", "code": "8.3", "label": "Information access restriction", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "8eda18e5-8a5e-404a-9f2b-1880fa0e400d" }, { "category": "Technological controls", "code": "8.4", "label": "Access to source code", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "b56726a8-3883-4893-ae75-2ba555411148" }, { "category": "Technological controls", "code": "8.5", "label": "Secure authentication", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "1d9e4229-e86e-4cb1-8e63-fd30711040dd" }, { "category": "Technological controls", "code": "8.6", "label": "Capacity management", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "e8d6402b-f022-494b-b289-3d5d98368e8e" }, { "category": "Technological controls", "code": "8.7", "label": "Protection against malware", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "f331b956-c83b-47b6-a563-09222b1ae7a0" }, { "category": "Technological controls", "code": "8.8", "label": "Management of technical vulnerabilities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "b2fc0199-a3a8-4386-88d1-0f3b776c3e5d" }, { "category": "Technological controls", "code": "8.9", "label": "Configuration management", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "6f4468c5-06a6-4248-a82b-ef86601d6dd9" }, { "category": "Technological controls", "code": "8.10", "label": "Information deletion", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "af8efe54-1e09-44e8-818d-22dc5446b234" }, { "category": "Technological controls", "code": "8.11", "label": "Data masking", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "082e34b9-5811-485b-a81a-761e79918ebc" }, { "category": "Technological controls", "code": "8.12", "label": "Data leakage prevention", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "c24dd798-1284-440e-82d3-78ef0d149ae6" }, { "category": "Technological controls", "code": "8.13", "label": "Information backup", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "e2e52a80-4222-4f57-b471-92ce90a83ed7" }, { "category": "Technological controls", "code": "8.14", "label": "Redundancy of information processing facilities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "6a76bfdb-843e-4aa2-8cd7-f738f68845e4" }, { "category": "Technological controls", "code": "8.15", "label": "Logging", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "6e2ed592-c992-4076-b9ec-b7e9a78a7029" }, { "category": "Technological controls", "code": "8.16", "label": "Monitoring activities", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "ba719d1a-81a3-485c-b9b5-fb6332fd3aff" }, { "category": "Technological controls", "code": "8.17", "label": "Clock synchronization", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "dab5cccf-c67d-45b0-a3d4-89ef9f51a2f2" }, { "category": "Technological controls", "code": "8.18", "label": "Use of privileged utility programs", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "9389f178-57cb-4b52-b464-5b983d10ae90" }, { "category": "Technological controls", "code": "8.19", "label": "Installation of software on operational systems", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "5773b0a9-8687-4802-9f19-2d1fba45e6a5" }, { "category": "Technological controls", "code": "8.20", "label": "Networks security", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "3cfb677a-cc3c-437d-aabf-c0ad88d740a5" }, { "category": "Technological controls", "code": "8.21", "label": "Security of network services", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "47ad87a1-dd3e-443e-8d82-2ec782979637" }, { "category": "Technological controls", "code": "8.22", "label": "Segregation of networks", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "6c305573-67ac-488e-882a-8e94e6373355" }, { "category": "Technological controls", "code": "8.23", "label": "Web filtering", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "8a973656-95e8-4664-9e6c-c788b4ba0771" }, { "category": "Technological controls", "code": "8.24", "label": "Use of cryptography", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "1a0fe2b2-4401-4d3d-b4a2-53d7d95a76c9" }, { "category": "Technological controls", "code": "8.25", "label": "Secure development life cycle", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "3ddf1641-0529-44d2-8a23-b5811555cdd2" }, { "category": "Technological controls", "code": "8.26", "label": "Application security requirements", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "8298dbd1-c18e-4f03-bb63-4867bfeaf716" }, { "category": "Technological controls", "code": "8.27", "label": "Secure system architecture and engineering principles", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "497618e9-e495-42b6-b04e-21801f9c01f7" }, { "category": "Technological controls", "code": "8.28", "label": "Secure coding", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "2452bf90-43da-46d9-9dee-05d73b9fce09" }, { "category": "Technological controls", "code": "8.29", "label": "Security testing in development and acceptance", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "991f8c55-2da0-4dbf-b604-cbadc8df8389" }, { "category": "Technological controls", "code": "8.30", "label": "Outsourced development", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "d5f93f4a-eac7-4200-b90b-c02db54c76f4" }, { "category": "Technological controls", "code": "8.31", "label": "Separation of development, test and production environments", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "00383120-11a9-4b95-bfb9-47b3d4975bcb" }, { "category": "Technological controls", "code": "8.32", "label": "Change management", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "866a0676-f2bd-4499-ba25-cd6f9466969a" }, { "category": "Technological controls", "code": "8.33", "label": "Test information", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "7df0a5ac-79b3-416c-8a38-c22f5c4d94d5" }, { "category": "Technological controls", "code": "8.34", "label": "Protection of information systems during audit testing", "referential": "831acc76-2bcc-4376-836a-f6b0ee6df568", "referential_label": "ISO/IEC 27002 [2022]", "uuid": "744146f1-5a14-43c0-b675-8c2649486f64" } ], "version": 1, "version_ext": "ISO/IEC 27002:2022" } 2022-08-09T06:08:41.149555+00:00 https://objects.monarc.lu/object/get/5230 2023-03-31T19:15:40.005406+00:00 Various contributors { "authors": [ "Jeremy Dannenmuller" ], "label": "ISO/IEC 27701 [2019]", "language": "EN", "refs": "https://www.iso.org/standard/71670.html", "uuid": "f65b378c-ab20-4651-825b-4da34944b519", "values": [ { "category": "Information security aspects of business continuity management", "code": "6.14.2.1", "label": "Availability of information processing facilities", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "00cb20cc-21a0-417a-9782-ed6587f1d6f5" }, { "category": "Information security policies", "code": "6.2.1.1", "label": "Policies for information security", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0225b44b-be7a-4cce-a4db-1d804e4d47c8" }, { "category": "Improvement", "code": "5.8.2", "label": "Continual improvement", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "029a9fae-c6a4-4b3c-8487-2ed20996a951" }, { "category": "Communication security", "code": "6.10.2.3", "label": "Electronic messaging", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0320a79e-6c9f-45e3-90a0-c360e8f57b45" }, { "category": "PII sharing transfer and disclosure", "code": "B.8.5.8", "label": "Change of subcontractor to process PII", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0637458d-cb4d-47aa-9553-d3e86757aaaa" }, { "category": "Physical and environment security", "code": "6.8.1.3", "label": "Securing offices rooms and facilities", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "066dee47-1f12-4243-94bd-a89fbde7fd31" }, { "category": "Conditions for collection and processing", "code": "A.7.2.3", "label": "Determine when and how consent is to be obtained", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "06c65ef3-fc74-4e9f-b923-bc4b8da06454" }, { "category": "Asset Management", "code": "6.5.1.2", "label": "Ownership of Assets", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "06eed3d5-8e62-42ff-a727-aee4d27a21a3" }, { "category": "Access control", "code": "6.6.2.2", "label": "User access provisionning", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0769cff8-adbc-4d3a-921d-622fbce40473" }, { "category": "Organisation of information security", "code": "6.3.1.2", "label": "Segregation of duties", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "085873ce-e760-40cd-80a4-6f402785696f" }, { "category": "Obligations to PII principals", "code": "A.7.3.2", "label": "Determining information for PII principals", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "087dde64-823a-495c-92ec-8a282577821f" }, { "category": "Context of the organization", "code": "5.2.4", "label": "Information security management system", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0af7c1ab-dad9-4aa2-aefb-4e5dbf4805c7" }, { "category": "Access control", "code": "6.6.4.2", "label": "Secure log-on procedures", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0d503be4-a66d-4f49-b960-a987f6aface6" }, { "category": "Organisation of information security", "code": "6.3.1.5", "label": "Information security in project management", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0e6f5f89-2755-4448-8183-da973df45b83" }, { "category": "PII sharing transfer and disclosure", "code": "B.8.5.1", "label": "Basis for PII transfer between jurisdictions", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0f6b0b0e-403e-4695-9c32-8bdd4ad17718" }, { "category": "Asset Management", "code": "6.5.1.1", "label": "Inventory of Assets", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "0fd4927b-596a-42f6-b155-052785edbfc5" }, { "category": "Operations security", "code": "6.9.1.3", "label": "Capacity management", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "103a6955-e9f8-4b66-91ba-bf2cc0e0e8fe" }, { "category": "Compliance", "code": "6.15.1.2", "label": "Intellectual property rights", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1285dd9e-108d-4ecf-bccf-8a3f4807963a" }, { "category": "Privacy by design and privacy by default", "code": "B.8.4.3", "label": "PII transmission controls", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1416da16-528c-45f4-b1b9-6a305ae1c81f" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.2.6", "label": "Secure Development Environment", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "16b30180-3754-43da-8bdb-9528fc5e6cde" }, { "category": "Asset Management", "code": "6.5.1.4", "label": "Return of Assets", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "18c97f9e-20c9-48a4-b1db-b3ba08a6fd4a" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.2.8", "label": "System security testing", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "190024e1-afae-4346-b094-9f84f6d2e759" }, { "category": "Human resources security", "code": "6.4.1.2", "label": "Terms and conditions of employment", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "19e032bb-b8b3-40a1-b976-4ac29f8ef613" }, { "category": "Privacy by design and privacy by default", "code": "A.7.4.6", "label": "Temporary files", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1ad68deb-f72a-4f4c-816b-fb755544777e" }, { "category": "Compliance", "code": "6.15.2.2", "label": "Compliance with security policies and standards", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1bdbc783-3069-42f5-a4f7-745c0290be02" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.2.2", "label": "System change control procedures", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1d0c7281-35c6-403c-9c9b-40e9826e73e3" }, { "category": "Compliance", "code": "6.15.1.5", "label": "Regulation of cryptographic controls", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1d6c8b29-418c-4a68-89e8-55ce63bed691" }, { "category": "Access control", "code": "6.6.2.1", "label": "User registration and de-registration", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1ee8390e-ebeb-4253-ae87-49358ff8730f" }, { "category": "Conditions for collection and processing", "code": "A.7.2.4", "label": "Obtain and record consent", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1f597457-a336-4e09-b660-2a680154b8b0" }, { "category": "Support", "code": "5.5.1", "label": "Resources", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "1fc549c9-c0dd-407a-9648-c3fe0869bc67" }, { "category": "Access control", "code": "6.6.4.5", "label": "Access control to program source code", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "203fb144-2604-4162-b5c9-f40d22ba2fee" }, { "category": "Information security incident management", "code": "6.13.1.7", "label": "Collection of evidence", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "238e2cbd-9c07-4f08-b2f5-1f43df4a4c11" }, { "category": "Improvement", "code": "5.8.1", "label": "Nonconformity and corrective action", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "256ae75a-a97f-46c8-b022-e4525a52c177" }, { "category": "Access control", "code": "6.6.2.4", "label": "Management of secret authentication information of users", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "27b2e55d-2709-4a74-b75f-89ffa80b0096" }, { "category": "Actions to address risks and opportunities", "code": "5.4.1.2", "label": "Information Security Risk Assessment", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "28849802-7b7e-46dd-b720-b2bc4db6a67b" }, { "category": "Organisation of information security", "code": "6.3.1.4", "label": "Contact with special interest groups", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "2a8bce28-154e-4d0d-b829-fee0cd93f861" }, { "category": "Information security aspects of business continuity management", "code": "6.14.1.3", "label": "Verify review and evaluate information security continuity", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "2a93cf52-ffa5-4da5-85b2-ad39d456cb0d" }, { "category": "Information security policies", "code": "6.2.1.2", "label": "Review of the policies for information security", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "2abce681-3b58-4c4f-ae56-03eba536e201" }, { "category": "Physical and environment security", "code": "6.8.1.4", "label": "Protecting against external and environmental threats", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "2c979e09-e057-4cb5-b6b7-800842783110" }, { "category": "Compliance", "code": "6.15.2.1", "label": "Independent review of information security", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "2f712e97-a7bc-40cb-9552-216fd30ef148" }, { "category": "Privacy by design and privacy by default", "code": "B.8.4.2", "label": "Return transfer or disposal of PII", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "30525d18-fe33-4813-9519-7816bce5723f" }, { "category": "Information security incident management", "code": "6.13.1.1", "label": "Responsibilities and procedures", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "30817081-369d-410d-8db7-25f43a1abd43" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.1.2", "label": "Securing application services on public networks", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "35ef0801-fa39-478f-94a4-cffaf3f2107c" }, { "category": "Context of the organization", "code": "5.2.3", "label": "Determining the scope of the information security management system", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "36ebd0b0-ab2d-4a7e-b98a-aa048fb6c84e" }, { "category": "Communication security", "code": "6.10.1.3", "label": "Segregation in networks", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "37d74fdf-8f6d-4197-a298-a30c646a5f53" }, { "category": "Operations security", "code": "6.9.1.2", "label": "Change management", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "389d1443-d248-4f66-b980-bbdcb50e6c15" }, { "category": "Human resources security", "code": "6.4.2.2", "label": "Information security awareness education and training", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "3a003a78-d047-4ac0-941c-7ad67491d421" }, { "category": "Conditions for collection and processing", "code": "A.7.2.6", "label": "Contracts with PII processors", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "3bbc82c8-7c23-4e11-9c3d-c8a8c19dd08c" }, { "category": "Privacy by design and privacy by default", "code": "A.7.4.2", "label": "Limit processing", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "3dafed59-ef7c-43fc-814c-a17c832b319f" }, { "category": "Physical and environment security", "code": "6.8.1.2", "label": "Physical entry controls", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "3f68a76b-6c1d-4fcb-952e-c2e9de3d9363" }, { "category": "Support", "code": "5.5.2", "label": "Competence", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "3fa8deba-8222-473b-b966-dff98dd64a3e" }, { "category": "Human resources security", "code": "6.4.1.1", "label": "Screening", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "40d912e5-c0d5-44c6-90eb-bdd3a9f7d5c4" }, { "category": "Obligations to PII principals", "code": "A.7.3.8", "label": "Providing copy of PII processed", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "442e6409-082e-4613-b000-49d141240fc5" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.2.3", "label": "Technical review of applications after operating platform changes", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "4607f451-23b6-40ed-89f2-71cb91a4d282" }, { "category": "Support", "code": "5.5.5.2", "label": "Creating and updating", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "4630e54e-2bfb-462e-b88d-4392efe7f276" }, { "category": "Support", "code": "5.5.3", "label": "Awareness", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "466033e1-6c60-4db2-bf61-ebcae6645a0b" }, { "category": "Operation", "code": "5.6.2", "label": "Information security risk assessment", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "4c9f0ab8-778b-4c94-aea9-68921b5ad148" }, { "category": "Communication security", "code": "6.10.2.2", "label": "Agreements on information transfer", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "4cfd17b6-5841-4fa7-8d3b-227af4d3b652" }, { "category": "Context of the organization", "code": "5.2.1", "label": "Understanding the organization and its context", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "514811fc-ca1a-49be-89cc-57f0042a77aa" }, { "category": "Cryptography", "code": "6.7.1.1", "label": "Policy on the use of cryptographic controls", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "53e91bf7-76ed-4cb8-b308-21f1dbd52aa3" }, { "category": "Information security incident management", "code": "6.13.1.2", "label": "Reporting information security events", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "54d38b77-2e5c-4c4e-b47b-b936518e8094" }, { "category": "Access control", "code": "6.6.3.1", "label": "Use of secret authentication information", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "55f0123d-1c82-4352-8700-03a66e9d72fc" }, { "category": "Privacy by design and privacy by default", "code": "A.7.4.5", "label": "PII de-identification and deletion at the end of processing", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "56844655-7f50-46ec-bfc1-6d40fa74b31b" }, { "category": "PII sharing transfer and disclosure", "code": "B.8.5.5", "label": "Legally binding PII disclosures", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "56dc629e-506a-4502-b42d-a49e72ed7ec9" }, { "category": "Physical and environment security", "code": "6.8.1.5", "label": "Working in secure areas", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "58c52280-09b2-4c91-ab59-eb995f5688fd" }, { "category": "Access control", "code": "6.6.1.1", "label": "Access control policy", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "5cdeff98-2016-4d39-858e-3fc915185b52" }, { "category": "Organisation of information security", "code": "6.3.1.1", "label": "Information security roles and responsibilities", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "64cdbec6-e81c-4baf-92bf-1ce53cf3d8b2" }, { "category": "Support", "code": "5.5.5.1", "label": "General", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "65f112a9-3b20-4f18-950b-085d0be3f114" }, { "category": "Operations security", "code": "6.9.6.2", "label": "Restrictions on software installation", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "66d4273e-98cd-4d08-9acb-08ba787db13a" }, { "category": "Support", "code": "5.5.5.3", "label": "Control of documented information", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6780dda7-2c33-496b-81e3-9d868f47b61d" }, { "category": "Physical and environment security", "code": "6.8.2.9", "label": "Clear desk and clear screen policy", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "67d95c58-fdf0-439d-8ce6-277238136141" }, { "category": "Operations security", "code": "6.9.5.1", "label": "Installation of software on operational systems", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6a78d184-cc44-461e-af3d-3ebc8380b78f" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.2.7", "label": "Outsourced development", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6ac5a193-c021-4df4-abd1-bb0aed4af36a" }, { "category": "Information security incident management", "code": "6.13.1.4", "label": "Assessment of and decision on information security events", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6c50d8a4-6793-479b-84af-f3cf94fe4102" }, { "category": "Information security incident management", "code": "6.13.1.3", "label": "Reporting information security weaknesses", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6dd7fb16-a5f8-4722-9197-bf198327ed8b" }, { "category": "Human resources security", "code": "6.4.2.1", "label": "Management responsibilities", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6ddcd365-eeca-473d-b9ad-03726ae858d8" }, { "category": "Privacy by design and privacy by default", "code": "A.7.4.3", "label": "Accuracy and quality", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "6ee51d2e-83fe-4198-8118-dc7db98515b1" }, { "category": "Operations security", "code": "6.9.1.1", "label": "Documented operating procedures", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "70a53056-137e-429a-9483-0a2e92a24fac" }, { "category": "Asset Management", "code": "6.5.3.3", "label": "Physical media transfer", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "71761dbc-aea1-4d01-b09d-abe2e67c4f1a" }, { "category": "Access control", "code": "6.6.4.4", "label": "Use of privileged utility programs", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "719158a7-c965-46e2-bed9-d273925a3fdd" }, { "category": "Operations security", "code": "6.9.4.3", "label": "Administrator and operator logs", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "7405dca3-2282-47e2-ac19-1992ff0a0228" }, { "category": "Operations security", "code": "6.9.1.4", "label": "Separation of development testing and operational environments", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "777d9c77-1093-4a4f-9c1f-ff9db9aa96c1" }, { "category": "Physical and environment security", "code": "6.8.2.4", "label": "Equipment maintenance", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "77d78b64-a53d-4a62-9b00-7bc4c6df5d99" }, { "category": "Performance Evaluation", "code": "5.7.1", "label": "Monitoring measurement analysis and evaluation", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "78bae82d-72d6-4b22-abc1-d49747a6dbad" }, { "category": "Systems acquisition development and maintenance", "code": "6.11.1.1", "label": "Information security requirements analysis and specification", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "7b804877-23cc-4f04-9979-8b6f985d04b9" }, { "category": "Performance Evaluation", "code": "5.7.2", "label": "Internal audit", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "7b8aa5d2-9afa-4e76-a038-1bb4f169fc23" }, { "category": "Privacy by design and privacy by default", "code": "A.7.4.1", "label": "Limit collection", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "7bc37de2-8b17-4965-980c-94260e7c84c9" }, { "category": "Communication security", "code": "6.10.2.4", "label": "Confidentiality or non-disclosure agreements", "referential": "f65b378c-ab20-4651-825b-4da34944b519", "referential_label": "ISO 27701", "uuid": "7fab270e-33dc-4df8-853b-770b47ed8b67" }, { "category": "Information security incident management", "code": "6.13.1.6", "label": "Learning from information security in