https://objects.monarc.lu/objects.atom Recent objects published on MOSP 2021-01-17T22:00:06.048474+00:00 https://www.cases.lu info@cases.lu python-feedgen https://objects.monarc.lu/object/get/157 User authentication is not ensured 2021-01-17T22:00:06.133107+00:00 MONARC { "code": "1167", "description": "Is there a password policy?\nAre there good practices (length, complexity, change, etc.)?\nIs there one account per person?\nAre there shared accounts?", "label": "User authentication is not ensured", "mode": 0, "status": 1, "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" } 2019-05-06T12:29:59.854913+00:00 https://objects.monarc.lu/object/get/5094 7f9fc51f-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.132978+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fc51f-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" } 2019-05-06T12:29:59.858798+00:00 https://objects.monarc.lu/object/get/754 Forging of rights 2021-01-17T22:00:06.132843+00:00 MONARC { "a": 1, "c": 1, "code": "MD14", "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.", "i": 1, "label": "Forging of rights", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d530-4576-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.046013+00:00 https://objects.monarc.lu/object/get/170 The user workstation is not monitored 2021-01-17T22:00:06.132712+00:00 MONARC { "code": "1187", "description": "Ending a session\nScreen block", "label": "The user workstation is not monitored", "mode": 0, "status": 1, "uuid": "69fc056a-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.049943+00:00 https://objects.monarc.lu/object/get/5095 7f9fc536-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.132581+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fc536-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc056a-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.054727+00:00 https://objects.monarc.lu/object/get/767 Abuse of rights 2021-01-17T22:00:06.132442+00:00 MONARC { "a": 1, "c": 1, "code": "MDA17", "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.", "i": 1, "label": "Abuse of rights", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.415307+00:00 https://objects.monarc.lu/object/get/448 No procedures for system install and configuration 2021-01-17T22:00:06.132305+00:00 MONARC { "code": "542", "description": "Installation from standardised images?\nDefault programmes?\nAdministrator rights\nHardening (USB/BIOS block, etc.)", "label": "No procedures for system install and configuration", "mode": 0, "status": 1, "uuid": "69fc1a87-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.418743+00:00 https://objects.monarc.lu/object/get/5096 7f9fc54e-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.132158+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d5ea-4576-11e9-9173-0800277f0571", "uuid": "7f9fc54e-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc1a87-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.422984+00:00 https://objects.monarc.lu/object/get/164 Update management (patches) is flawed 2021-01-17T22:00:06.131927+00:00 MONARC { "code": "1178", "description": "Is there a procedure? Is it formal?\nHow frequently is it implemented? \nWho is in charge?\nAre tests performed? Before? After?", "label": "Update management (patches) is flawed", "mode": 0, "status": 1, "uuid": "69fc051f-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.617971+00:00 https://objects.monarc.lu/object/get/5097 7f9fc565-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.131794+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "7f9fc565-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.622399+00:00 https://objects.monarc.lu/object/get/458 No detection system of malicious programs 2021-01-17T22:00:06.131598+00:00 MONARC { "code": "562", "description": "What is the antivirus policy?\nVersion updates?\nAntivirus definition updates?\nUpdate checks?", "label": "No detection system of malicious programs", "mode": 0, "status": 1, "uuid": "69fc1afd-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.777813+00:00 https://objects.monarc.lu/object/get/5098 7f9fc57d-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.131415+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "7f9fc57d-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc1afd-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.782334+00:00 https://objects.monarc.lu/object/get/765 Malware infection 2021-01-17T22:00:06.131240+00:00 MONARC { "a": 1, "c": 1, "code": "MDA13", "description": "Unwanted software that is doing operations seeking to harm the company.", "i": 1, "label": "Malware infection", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.945393+00:00 https://objects.monarc.lu/object/get/162 Programs can be downloaded and installed without monitoring 2021-01-17T22:00:06.131079+00:00 MONARC { "code": "1176", "description": "Installation instructions\nWhitelist\nOrigin checks", "label": "Programs can be downloaded and installed without monitoring", "mode": 0, "status": 1, "uuid": "69fc050b-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.948714+00:00 https://objects.monarc.lu/object/get/5099 7f9fc594-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.130918+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "7f9fc594-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc050b-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:00.952907+00:00 https://objects.monarc.lu/object/get/3142 Desktop computer 2021-01-17T22:00:06.130726+00:00 MONARC { "code": "OV_POSTE_FIXE", "description": "Desktop computer", "label": "Desktop computer", "language": "EN", "type": "Secondary", "uuid": "d2023e3c-44d1-11e9-a78c-0800277f0571", "version": 1 } 2019-05-06T12:30:01.113454+00:00 https://objects.monarc.lu/object/get/764 Retrieval of recycled or discarded media 2021-01-17T22:00:06.130559+00:00 MONARC { "a": 0, "c": 1, "code": "MDA12", "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.", "i": 0, "label": "Retrieval of recycled or discarded media", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" } 2019-05-06T12:30:01.117198+00:00 https://objects.monarc.lu/object/get/254 Presence of residual data unknown to the user of reallocated or discarded equipment 2021-01-17T22:00:06.130370+00:00 MONARC { "code": "241", "description": "Is there a removal or reassignment procedure for hardware that may still contain information?\nIs there data sanitisation?", "label": "Presence of residual data unknown to the user of reallocated or discarded equipment", "mode": 0, "status": 1, "uuid": "69fc0b85-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:01.120638+00:00 https://objects.monarc.lu/object/get/5100 7f9fc5ab-4f02-11e9-b3ea-0800277f0571 2021-01-17T22:00:06.130111+00:00 MONARC { "asset": "d2023e3c-44d1-11e9-a78c-0800277f0571", "threat": "b402d5c9-4576-11e9-9173-0800277f0571", "uuid": "7f9fc5ab-4f02-11e9-b3ea-0800277f0571", "version": 1, "vulnerability": "69fc0b85-4591-11e9-9173-0800277f0571" } 2019-05-06T12:30:01.124958+00:00 https://objects.monarc.lu/object/get/5105 OpenPGP key server - WIP 2021-01-17T22:00:06.129870+00:00 CIRCL [ { "controller": { "contact": "16, boulevard d\u2019Avranches L-1160 Luxembourg - (+352) 274 00 98 601 - info@securitymadein.lu", "name": "CIRCL" }, "international_transfers": [], "name": "OpenPGP key server", "personal_data": [ { "data_categories": [], "data_subject": "Personal details - A PGP key can include email address, name and surname and image.", "description": "Individuals (who freely upload a PGP key on the server).", "retention_period": 0, "retention_period_description": "The retention schedule for this processing activity is unlimited. OpenPGP key servers do not allow removal of keys by design. CIRCL cannot modify this design due to the distributed and synchronisation feature of OpenPGP key servers.", "retention_period_mode": "" } ], "processors": [], "purposes": "GDPR Recital 49 - ensuring network and information security", "recipients": [ { "description": "Public access", "name": "Public", "type": "public" } ], "representative": { "contact": "16, boulevard d\u2019Avranches L-1160 Luxembourg - (+352) 274 00 98 601 - info@securitymadein.lu", "name": "Pascal Steichen" }, "security_measures": "N.A. (No pseudonymisation)" } ] 2019-09-11T12:43:34.953888+00:00 https://objects.monarc.lu/object/get/5104 Users of the MONARC SaaS (my.monarc.lu) - WIP 2021-01-17T22:00:06.129533+00:00 MONARC [ { "controller": { "contact": "16, boulevard d\u2019Avranches L-1160 Luxembourg (+352) 274 00 98 601 info@securitymadein.lu", "name": "Security made in L\u00ebtzebuerg g.i.e." }, "name": "Gestion utilisateurs cloud (my.monarc.lu)", "personal_data": [ { "data_categories": [ { "name": "nom" }, { "name": "e-mail" }, { "name": "pr\u00e9nom" } ], "data_subject": "utilisateurs", "description": "Le nom et pr\u00e9nom sont utilis\u00e9s pour identifier les actions de l'utilisateurs sur l'outil. L'adresse mail est n\u00e9cessaire pour reinialiser le mot de passe et s'authentifier dans l'outil", "retention_period": 0, "retention_period_description": "Jusqu'\u00e0 que l'utilisateur supprime son compte ou apr\u00e8s une inactivit\u00e9 de deux ans", "retention_period_mode": "day(s)" } ], "processors": [ { "activities": "Backup H\u00e9bergement", "contact": "4 Rue d'Arlon, 8399 Windhof (+352) 26 10 30 61 info@conostix.com", "name": "CONOSTIX S.A.", "representative": { "contact": "4 Rue d'Arlon, 8399 Windhof (+352) 26 10 30 61 info@conostix.com", "name": "Yves de Pril" }, "security_measures": "Datacenter Tiers IV" } ], "purposes": "G\u00e9rer l'authentification des utilisateurs sur le cloud my.monarc.lu", "recipients": [ { "description": "L'\u00e9quipe CASES g\u00e8re la cr\u00e9ation et suppression des nouveaux utilisateurs", "name": "CASES", "type": "internal" } ], "representative": { "contact": "16, boulevard d\u2019Avranches L-1160 Luxembourg (+352) 274 00 98 601 info@securitymadein.lu", "name": "Pascal Steichen" }, "security_measures": "Backup Chiffrement Control d'acc\u00e8s" } ] 2019-09-12T08:03:22.605017+00:00 https://objects.monarc.lu/object/get/38 ISO/IEC 27002 [de] 2021-01-17T22:00:06.128064+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "ISO/IEC 27002", "language": "DE", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Informationssicherheitspolitik", "code": "5.1.1", "label": "Informationssicherheitsrichtlinien", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitspolitik", "code": "5.1.2", "label": "\u00dcberpr\u00fcfung der Informationssicherheitsrichtlinien", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.2.1", "label": "Verantwortlichkeiten der Leitung", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.1", "label": "Informationssicherheitsrollen und -verantwortlichkeiten", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.4", "label": "Vertraulichkeits- oder Geheimhaltungsvereinbarungen", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.3", "label": "Kontakt mit Beh\u00f6rden", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.4", "label": "Kontakt mit speziellen Interessensgruppen", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.2.1", "label": "Unabh\u00e4ngige \u00dcberpr\u00fcfung der Informationssicherheit", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.1.1", "label": "Informationssicherheitsrichtlinie f\u00fcr Lieferantenbeziehungen", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.1.2", "label": "Behandlung von Sicherheit in Lieferantenvereinbarungen", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.1", "label": "Inventarisierung der Werte", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.2", "label": "Zust\u00e4ndigkeit f\u00fcr Werte", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.3", "label": "Zul\u00e4ssiger Gebrauch von Werten", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.2.1", "label": "Klassifizierung von Information", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.2.2", "label": "Kennzeichnung von Information", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.1.1", "label": "Sicherheits\u00fcberpr\u00fcfung", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.1.2", "label": "Besch\u00e4ftigungs- und Vertragsbedingungen", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.2.2", "label": "Informationssicherheitsbewusstsein, -ausbildung und -schulung", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.2.3", "label": "Ma\u00dfregelungsprozess", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "Personalsicherheit", "code": "7.3.1", "label": "Verantwortlichkeiten bei Beendigung oder \u00c4nderung der Besch\u00e4ftigung", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.1.4", "label": "R\u00fcckgabe von Werten", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.6", "label": "Entzug oder Anpassung von Zugangsrechten", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.1", "label": "Physische Sicherheitsperimeter", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.2", "label": "Physische Zutrittssteuerung", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.3", "label": "Sichern von B\u00fcros, R\u00e4umen und Einrichtungen", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.4", "label": "Schutz vor externen und umweltbedingten Bedrohungen", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.5", "label": "Arbeiten in Sicherheitsbereichen", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.1.6", "label": "Anlieferungs- und Ladebereiche", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.1", "label": "Platzierung und Schutz von Ger\u00e4ten und Betriebsmitteln", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.2", "label": "Versorgungseinrichtungen", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.3", "label": "Sicherheit der Verkabelung", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.4", "label": "Instandhaltung von Ger\u00e4ten und Betriebsmitteln", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.6", "label": "Sicherheit von Ger\u00e4ten, Betriebsmitteln und Werten au\u00dferhalb der R\u00e4umlichkeiten", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.7", "label": "Sichere Entsorgung oder Wiederverwendung von Ger\u00e4ten und Betriebsmitteln", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.5", "label": "Entfernen von Werten", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.1", "label": "Dokumentierte Betriebsabl\u00e4ufe", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.2", "label": "\u00c4nderungssteuerung", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.2", "label": "Aufgabentrennung", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.4", "label": "Trennung von Entwicklungs-, Test- und Betriebsumgebungen", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.2.1", "label": "\u00dcberwachung und \u00dcberpr\u00fcfung von Lieferantendienstleistungen", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.2.2", "label": "Handhabung der \u00c4nderungen von Lieferantendienstleistungen", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.1.3", "label": "Kapazit\u00e4tssteuerung", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.9", "label": "Systemabnahmetest", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.2.1", "label": "Ma\u00dfnahmen gegen Schadsoftware", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.3.1", "label": "Sicherung von Information", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.1.1", "label": "Netzwerksteuerungsma\u00dfnahmen", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.1.2", "label": "Sicherheit von Netzwerkdiensten", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.3.1", "label": "Handhabung von Wechseldatentr\u00e4gern", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.3.2", "label": "Entsorgung von Datentr\u00e4gern", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.1", "label": "Richtlinien und Verfahren f\u00fcr die Informations\u00fcbertragung", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.2", "label": "Vereinbarungen zur Informations\u00fcbertragung", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.3.3", "label": "Transport von Datentr\u00e4gern", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.2.3", "label": "Elektronische Nachrichten\u00fcbermittlung", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.1.2", "label": "Sicherung von Anwendungsdiensten in \u00f6ffentlichen Netzwerken", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.1.3", "label": "Schutz der Transaktionen bei Anwendungsdiensten", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.1", "label": "Ereignisprotokollierung", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.2", "label": "Schutz der Protokollinformation", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.3", "label": "Administratoren- und Bedienerprotokolle", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.4.4", "label": "Uhrensynchronisation", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.1.1", "label": "Zugangssteuerungsrichtlinie", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.3", "label": "Verwaltung privilegierter Zugangsrechte", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.4", "label": "Verwaltung geheimer Authentisierungsinformation von Benutzern", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.5", "label": "\u00dcberpr\u00fcfung von Benutzerzugangsrechten", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.3.1", "label": "Gebrauch geheimer Authentisierungsinformation", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.8", "label": "Unbeaufsichtigte Benutzerger\u00e4te", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "Physische und Umgebungssicherheit", "code": "11.2.9", "label": "Richtlinien f\u00fcr eine aufger\u00e4umte Arbeitsumgebung und Bildschirmsperren", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.1.2", "label": "Zugang zu Netzwerken und Netzwerkdiensten", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "Kommunikationssicherheit", "code": "13.1.3", "label": "Trennung in Netzwerken", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.1", "label": "Registrierung und Deregistrierung von Benutzern", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.3", "label": "System zur Verwaltung von Kennw\u00f6rtern", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.4", "label": "Gebrauch von Hilfsprogrammen mit privilegierten Rechten", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.2", "label": "Sichere Anmeldeverfahren", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.1", "label": "Informationszugangsbeschr\u00e4nkung", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.2.1", "label": "Richtlinie zu Mobilger\u00e4ten", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.2.2", "label": "Telearbeit", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.1.1", "label": "Analyse und Spezifikation von Informationssicherheitsanforderungen", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "Kryptografie", "code": "10.1.1", "label": "Richtlinie zum Gebrauch von kryptographischen Ma\u00dfnahmen", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Kryptografie", "code": "10.1.2", "label": "Schl\u00fcsselverwaltung", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.5.1", "label": "Installation von Software auf Systemen im Betrieb", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.3.1", "label": "Schutz von Testdaten", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.4.5", "label": "Zugangssteuerung f\u00fcr Quellcode von Programmen", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.2", "label": "Verfahren zur Verwaltung von System\u00e4nderungen", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.3", "label": "Technische \u00dcberpr\u00fcfung von Anwendungen nach \u00c4nderungen an der Betriebsplattform", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.4", "label": "Beschr\u00e4nkung von \u00c4nderungen an Softwarepaketen", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.7", "label": "Ausgegliederte Entwicklung", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.6.1", "label": "Handhabung von technischen Schwachstellen", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.2", "label": "Meldung von Informationssicherheitsereignissen", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.3", "label": "Meldung von Schw\u00e4chen in der Informationssicherheit", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.1", "label": "Verantwortlichkeiten und Verfahren", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.6", "label": "Erkenntnisse aus Informationssicherheitsvorf\u00e4llen", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.7", "label": "Sammeln von Beweismaterial", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.5", "label": "Grunds\u00e4tze f\u00fcr die Analyse, Entwicklung und Pflege sicherer Systeme", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.1.1", "label": "Planung zur Aufrechterhaltung der Informationssicherheit", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.1.2", "label": "Umsetzung der Aufrechterhaltung der Informationssicherheit", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.1.3", "label": "\u00dcberpr\u00fcfen und Bewerten der Aufrechterhaltung der Informationssicherheit", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.1", "label": "Bestimmung der anwendbaren Gesetzgebung und der vertraglichen Anforderungen", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.2", "label": "Geistige Eigentumsrechte", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.3", "label": "Schutz von Aufzeichnungen", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.4", "label": "Privatsph\u00e4re und Schutz von personenbezogener Information", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.1.5", "label": "Regelungen bez\u00fcglich kryptographischer Ma\u00dfnahmen", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.2.2", "label": "Einhaltung von Sicherheitsrichtlinien und -standards", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Konformit\u00e4t", "code": "18.2.3", "label": "\u00dcberpr\u00fcfung der Einhaltung von technischen Vorgaben", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.7.1", "label": "Ma\u00dfnahmen f\u00fcr Audits von Informationssystemen", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation der Informationssicherheit", "code": "6.1.5", "label": "Informationssicherheit im Projektmanagement", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset Management", "code": "8.2.3", "label": "Handhabung von Werten", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Zugriffskontrolle", "code": "9.2.2", "label": "Zuteilung von Benutzerzug\u00e4ngen", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.8", "label": "Testen der Systemsicherheit", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.6", "label": "Sichere Entwicklungsumgebung", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "Systemerwerb, Entwicklung und Wartung", "code": "14.2.1", "label": "Richtlinie f\u00fcr sichere Entwicklung", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "Betriebssicherheit", "code": "12.6.2", "label": "Einschr\u00e4nkungen von Softwareinstallation", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Lieferantenbeziehungen", "code": "15.1.3", "label": "Lieferkette f\u00fcr Informations- und Kommunikationstechnologie", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.4", "label": "Beurteilung von und Entscheidung \u00fcber Informationssicherheitsereignisse", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheits-St\u00f6rfallmanagement", "code": "16.1.5", "label": "Reaktion auf Informationssicherheitsvorf\u00e4lle", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "Informationssicherheitsaspekte des betrieblichen Kontinuit\u00e4tsmanagement", "code": "17.2.1", "label": "Verf\u00fcgbarkeit von informationsverarbeitenden Einrichtungen", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2019-11-28T12:16:24.934862+00:00 https://objects.monarc.lu/object/get/37 ISO/IEC 27002 [fr] 2021-01-17T22:00:06.126586+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "ISO/IEC 27002", "language": "FR", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Politiques de s\u00e9curit\u00e9 de l'information", "code": "5.1.1", "label": "Politiques de s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Politiques de s\u00e9curit\u00e9 de l'information", "code": "5.1.2", "label": "Revue des politiques de s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.1", "label": "Responsabilit\u00e9s de la direction", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.1", "label": "Fonctions et responsabilit\u00e9s li\u00e9es \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.4", "label": "Engagements de confidentialit\u00e9 ou de non-divulgation", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.3", "label": "Relations avec les autorit\u00e9s", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.4", "label": "Relations avec des groupes de travail sp\u00e9cialis\u00e9s", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.2.1", "label": "Revue ind\u00e9pendante de la s\u00e9curit\u00e9 de l'information", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.1.1", "label": "Politique de s\u00e9curit\u00e9 de l\u2019information dans les relations avec les fournisseurs", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.1.2", "label": "La s\u00e9curit\u00e9 dans les accords conclus avec les fournisseurs", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.1", "label": "Inventaire des actifs", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.2", "label": "Propri\u00e9t\u00e9 des actifs", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.3", "label": "Utilisation correcte des actifs", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.2.1", "label": "Classification des informations", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.2.2", "label": "Marquage des informations", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.1.1", "label": "S\u00e9lection des candidats", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.1.2", "label": "Termes et conditions d'embauche", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.2", "label": "Sensibilisation, qualification et formations en mati\u00e8re de s\u00e9curit\u00e9 de l'information", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.3", "label": "Processus disciplinaire", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.3.1", "label": "Ach\u00e8vement ou modification des responsabilit\u00e9s associ\u00e9es au contrat de travail", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.1.4", "label": "Restitution des actifs", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.6", "label": "Suppression ou adaptation des droits d\u2019acc\u00e8s", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.1", "label": "P\u00e9rim\u00e8tre de s\u00e9curit\u00e9 physique", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.2", "label": "Contr\u00f4les physiques des acc\u00e8s", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.3", "label": "S\u00e9curisation des bureaux, des salles et des \u00e9quipements", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.4", "label": "Protection contre les menaces ext\u00e9rieures et environnementales", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.5", "label": "Travail dans les zones s\u00e9curis\u00e9es", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.6", "label": "Zones de livraison et de chargement", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.1", "label": "Emplacement et protection du mat\u00e9riel", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.2", "label": "Services g\u00e9n\u00e9raux", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.3", "label": "S\u00e9curit\u00e9 du c\u00e2blage", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.4", "label": "Maintenance du mat\u00e9riel", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.6", "label": "S\u00e9curit\u00e9 du mat\u00e9riel et des actifs hors des locaux", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.7", "label": "Mise au rebut ou recyclage s\u00e9curis\u00e9(e) du mat\u00e9riel", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.5", "label": "Sortie des actifs", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.1", "label": "Proc\u00e9dures d\u2019exploitation document\u00e9es", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.2", "label": "Gestion des changements", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.2", "label": "S\u00e9paration des t\u00e2ches", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.4", "label": "S\u00e9paration des environnements de d\u00e9veloppement, de test et d\u2019exploitation", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.2.1", "label": "Surveillance et revue des services des fournisseurs", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.2.2", "label": "Gestion des changements apport\u00e9s dans les services des fournisseurs", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.3", "label": "Dimensionnement", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.9", "label": "Test de conformit\u00e9 du syst\u00e8me", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.2.1", "label": "Mesures contre les logiciels malveillants", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.3.1", "label": "Sauvegarde des informations", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.1.1", "label": "Contr\u00f4le des r\u00e9seaux", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.1.2", "label": "S\u00e9curit\u00e9 des services de r\u00e9seau", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.3.1", "label": "Gestion des supports amovibles", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.3.2", "label": "Mise au rebut des supports", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.1", "label": "Politiques et proc\u00e9dures de transfert de l\u2019information", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.2", "label": "Accords en mati\u00e8re de transfert d\u2019information", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.3.3", "label": "Transfert physique des supports", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.2.3", "label": "Messagerie \u00e9lectronique", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.2", "label": "S\u00e9curisation des services d\u2019application sur les r\u00e9seaux publics", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.3", "label": "Protection des transactions li\u00e9es aux services d\u2019application", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.1", "label": "Journalisation des \u00e9v\u00e9nements", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.2", "label": "Protection de l\u2019information journalis\u00e9e", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.3", "label": "Journaux administrateur et op\u00e9rateur", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.4", "label": "Synchronisation des horloges", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.1.1", "label": "Politique de contr\u00f4le d\u2019acc\u00e8s", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.3", "label": "Gestion des privil\u00e8ges d\u2019acc\u00e8s", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.4", "label": "Gestion des informations secr\u00e8tes d\u2019authentification des utilisateurs", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.5", "label": "Revue des droits d\u2019acc\u00e8s utilisateur", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.3.1", "label": "Utilisation d\u2019informations secr\u00e8tes d\u2019authentification", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.8", "label": "Mat\u00e9riel utilisateur laiss\u00e9 sans surveillance", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.9", "label": "Politique du bureau propre et de l\u2019\u00e9cran vide", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.1.2", "label": "Acc\u00e8s aux r\u00e9seaux et aux services en r\u00e9seau", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 des communications", "code": "13.1.3", "label": "Cloisonnement des r\u00e9seaux", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.1", "label": "Enregistrement et d\u00e9sinscription des utilisateurs", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.3", "label": "Syst\u00e8me de gestion des mots de passe", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.4", "label": "Utilisation de programmes utilitaires \u00e0 privil\u00e8ges", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.2", "label": "S\u00e9curiser les proc\u00e9dures de connexion", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.1", "label": "Restriction d\u2019acc\u00e8s \u00e0 l\u2019information", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.2.1", "label": "Politique en mati\u00e8re d'appareils mobiles", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.2.2", "label": "T\u00e9l\u00e9travail", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.1", "label": "Analyse et sp\u00e9cification des exigences de s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptographie", "code": "10.1.1", "label": "Politique d\u2019utilisation des mesures cryptographiques", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptographie", "code": "10.1.2", "label": "Gestion des cl\u00e9s", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.5.1", "label": "Installation de logiciels sur des syst\u00e8mes en exploitation", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.3.1", "label": "Protection des donn\u00e9es de test", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.4.5", "label": "Contr\u00f4le d\u2019acc\u00e8s au code source des programmes", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.2", "label": "Proc\u00e9dures de contr\u00f4le des changements apport\u00e9s au syst\u00e8me", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.3", "label": "Revue technique des applications apr\u00e8s changement apport\u00e9 \u00e0 la plateforme d\u2019exploitation", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.4", "label": "Restrictions relatives aux changements apport\u00e9s aux progiciels", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.7", "label": "D\u00e9veloppement externalis\u00e9", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.6.1", "label": "Gestion des vuln\u00e9rabilit\u00e9s techniques", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.2", "label": "Signalement des \u00e9v\u00e9nements li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.3", "label": "Signalement des failles li\u00e9es \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.1", "label": "Responsabilit\u00e9s et proc\u00e9dures", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.6", "label": "Tirer des enseignements des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.7", "label": "Recueil de preuves", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.5", "label": "Principes d\u2019ing\u00e9nierie de la s\u00e9curit\u00e9 des syst\u00e8mes", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.1.1", "label": "Organisation de la continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.1.2", "label": "Mise en oeuvre de la continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.1.3", "label": "V\u00e9rifier, revoir et \u00e9valuer la continuit\u00e9 de la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.1", "label": "Identification de la l\u00e9gislation et des exigences contractuelles applicables", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.2", "label": "Droits de propri\u00e9t\u00e9 intellectuelle", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.3", "label": "Protection des enregistrements", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.4", "label": "Protection de la vie priv\u00e9e et protection des donn\u00e9es \u00e0 caract\u00e8re personnel", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.1.5", "label": "R\u00e9glementation relative aux mesures cryptographiques", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.2.2", "label": "Conformit\u00e9 avec les politiques et les normes de s\u00e9curit\u00e9", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Conformit\u00e9", "code": "18.2.3", "label": "Examen de la conformit\u00e9 technique", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.7.1", "label": "Mesures relatives \u00e0 l\u2019audit des syst\u00e8mes d\u2019information", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l'information", "code": "6.1.5", "label": "La s\u00e9curit\u00e9 de l\u2019information dans la gestion de projet", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des actifs", "code": "8.2.3", "label": "Manipulation des actifs", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Contr\u00f4le d'acc\u00e8s", "code": "9.2.2", "label": "Ma\u00eetrise de la gestion des acc\u00e8s utilisateur", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.8", "label": "Phase de test de la s\u00e9curit\u00e9 du syst\u00e8me", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.6", "label": "Environnement de d\u00e9veloppement s\u00e9curis\u00e9", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.2.1", "label": "Politique de d\u00e9veloppement s\u00e9curis\u00e9", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.6.2", "label": "Restrictions li\u00e9es \u00e0 l\u2019installation de logiciels", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Relations avec le fournisseurs", "code": "15.1.3", "label": "Chaine d\u2019approvisionnement informatique", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.4", "label": "Appr\u00e9ciation des \u00e9v\u00e9nements li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information et prise de d\u00e9cision", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.5", "label": "R\u00e9ponse aux incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l\u2019information", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.2.1", "label": "Disponibilit\u00e9 des moyens de traitement de l\u2019information", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2019-11-28T12:17:52.276848+00:00 https://objects.monarc.lu/object/get/39 ISO/IEC 27002 [nl] 2021-01-17T22:00:06.125196+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "ISO/IEC 27002", "language": "NL", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Informatiebeveiligingsbeleid", "code": "5.1.1", "label": "Informatiebeveiligingsbeleidslijnen", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsbeleid", "code": "5.1.2", "label": "Beoordeling van de informatiebeveiligingsbeleidslijnen", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.2.1", "label": "Verantwoordelijkheden van de directie", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.1", "label": "Functies en verantwoordelijkheden i.v.m. informatiebeveiliging", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.4", "label": "Verplichtingen inzake vertrouwelijkheid en niet-verspreiding", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.3", "label": "Relaties met de overheden", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.4", "label": "Relaties met gespecialiseerde werkgroepen", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.2.1", "label": "Onafhankelijke beoordeling van de informatiebeveiligingsbeleidslijnen", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.1.1", "label": "Informatiebeveiligingsbeleid in de relaties met leveranciers", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.1.2", "label": "Veiligheid in de met leveranciers gesloten akkoorden", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.1", "label": "Inventaris van de activa", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.2", "label": "Eigendom van de activa", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.3", "label": "Correct gebruik van de activa", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.2.1", "label": "Classificatie van de informatie", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.2.2", "label": "Markering van de informatie", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.1.1", "label": "Selectie van de kandidaten", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.1.2", "label": "Rekruteringsvoorwaarden", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.2.2", "label": "Sensibilisering, kwalificatie en opleidingen inzake informatiebeveiliging", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.2.3", "label": "Disciplinair proces", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "Veilig personeel", "code": "7.3.1", "label": "Voltooiing of wijziging van de verantwoordelijkheden die samenhangen met het arbeidscontract", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.1.4", "label": "Teruggave van de activa", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.6", "label": "Opheffing of aanpassing van de toegangsrechten", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.1", "label": "Fysieke veiligheidsperimeter", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.2", "label": "Fysieke toegangscontroles", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.3", "label": "Beveiliging van de kantoren, de lokalen en de uitrustingen", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.4", "label": "Beveiliging tegen externe en milieubedreigingen", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.5", "label": "Werk in de beveiligde zones", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.1.6", "label": "Leverings- en laad- en loszones", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.1", "label": "Plaats en bescherming van de hardware", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.2", "label": "Algemene diensten", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.3", "label": "Veiligheid van de bekabeling", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.4", "label": "Onderhoud van de hardware", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.6", "label": "Veiligheid van de hardware en de activa buiten de bedrijfsruimten", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.7", "label": "Veilige afdanking of recyclage van de hardware", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.5", "label": "Afdanking van de activa", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.1", "label": "Gedocumenteerde exploitatieprocedures", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.2", "label": "Beheer van verandering (change management)", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.2", "label": "Scheiding van de taken", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.4", "label": "Scheiding van de ontwikkelings-, test- en exploitatieomgevingen", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.2.1", "label": "Toezicht op en beoordeling van de diensten van de leveranciers", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.2.2", "label": "Beheer van de wijzigingen aangebracht in de diensten van de leveranciers", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.1.3", "label": "Dimensionering", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.9", "label": "Systeemconformiteitstest", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.2.1", "label": "Maatregelen tegen malware", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.3.1", "label": "Back-up van de informatie", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.1.1", "label": "Controle van de netwerken", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.1.2", "label": "Veiligheid van de netwerkdiensten", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.3.1", "label": "Beheer van de draagbare informatiedragers", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.3.2", "label": "Afdanking van informatiedragers", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.1", "label": "Beleid en procedures op het vlak van informatiedoorgifte", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.2", "label": "Akkoorden op het vlak van informatiedoorgifte", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.3.3", "label": "Fysieke doorgifte van informatiedragers", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.2.3", "label": "E-mail", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.1.2", "label": "Beveiliging van de toepassingsdiensten op de openbare communicatienetwerken", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.1.3", "label": "Bescherming van de transacties i.v.m. de toepassingsdiensten", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.1", "label": "Loggen van evenementen", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.2", "label": "Beveiliging van de gelogde informatie", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.3", "label": "Administrator- en operatorlogboeken", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.4.4", "label": "Synchronisatie van de klokken", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.1.1", "label": "Toegangscontrolebeleid", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.3", "label": "Beheer van de toegangsrechten", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.4", "label": "Beheer van de geheime gebruikersauthenticatiegegevens", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.5", "label": "Beoordeling van de gebruikerstoegangsrechten", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.3.1", "label": "Gebruik van geheime authenticatiegegevens", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.8", "label": "Onbewaakt achtergelaten gebruikershardware", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "Fysieke beveiliging en beveiliging van de omgeving", "code": "11.2.9", "label": "Clean desk- en leeg-schermbeleid", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.1.2", "label": "Toegang tot de netwerken en de netwerkdiensten", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "Communicatiebeveiliging", "code": "13.1.3", "label": "Scheiding van de netwerken", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.1", "label": "Registratie en uitschrijving van de gebruikers", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.3", "label": "Wachtwoordbeheerssysteem", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.4", "label": "Gebruik van utility-programma\u2019s met bevoegdheden", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.2", "label": "Beveiligen van de verbindingsprocedures", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.1", "label": "Beperking van de toegang tot de informatie", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.2.1", "label": "Beleid inzake mobiele toestellen", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.2.2", "label": "Telewerk", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.1.1", "label": "Analyse en specificatie van de eisen inzake informatiebeveiliging", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptografie", "code": "10.1.1", "label": "Beleid inzake het gebruik van cryptografische maatregelen", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptografie", "code": "10.1.2", "label": "Beheer van de sleutels", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.5.1", "label": "Installatie van software op werkende systemen", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.3.1", "label": "Beveiliging van de testgegevens", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.4.5", "label": "Controle van de toegang tot de broncode van de programma\u2019s", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.2", "label": "Procedures voor de controle van de aan het systeem aangebrachte wijzigingen", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.3", "label": "Technische beoordeling van de toepassingen na het aanbrengen van wijzigingen aan het besturingsplatform", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.4", "label": "Beperkingen op het vlak van het aanbrengen van wijzigingen aan softwarepakketten.", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.7", "label": "Geoutsourcete ontwikkeling ", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.6.1", "label": "Beheer van de technische kwetsbaarheden", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.2", "label": "Signalering van de gebeurtenissen i.v.m. informatiebeveiliging", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.3", "label": "Signalering van fouten i.v.m. informatiebeveiliging", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.1", "label": "Verantwoordelijkheden en procedures", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.6", "label": "Lessen trekken uit incidenten i.v.m. informatiebeveiliging", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.7", "label": "Verzameling van bewijzen", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.5", "label": "Engineeringbeginselen van systeembeveiliging", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.1.1", "label": "Organisatie van de continu\u00efteit van de informatiebeveiliging", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.1.2", "label": "Implementatie van de continu\u00efteit van de informatiebeveiliging", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.1.3", "label": "Verifi\u00ebren, herzien en evalueren van de continu\u00efteit van de informatiebeveiliging", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.1", "label": "Identificatie van de wetgeving en de geldende contractuele eisen", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.2", "label": "Intellectuele eigendomsrechten", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.3", "label": "Bescherming van de opnamen", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.4", "label": "Bescherming van het priv\u00e9leven en bescherming van persoonlijke gegevens", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.1.5", "label": "Voorschriften op het vlak van cryptografische maatregelen", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.2.2", "label": "Conformiteit met het veiligheidsbeleid en de veiligheidsnormen", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Naleving", "code": "18.2.3", "label": "Onderzoek van de technische conformiteit", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.7.1", "label": "Maatregelen betreffende de audit van de informatiesystemen", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Organiseren van informatiebeveiliging", "code": "6.1.5", "label": "Informatiebeveiliging in projectmanagement", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van bedrijfsmiddelen", "code": "8.2.3", "label": "Manipulatie van de activa", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Toegangsbeveiliging", "code": "9.2.2", "label": "Beheersing van het gebruikerstoegangsbeheer", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.8", "label": "Testfase van systeembeveiliging", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.6", "label": "Beveiligde ontwikkelingsomgeving", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "Acquisitie, ontwikkeling en onderhoud van informatiesystemen", "code": "14.2.1", "label": "Beveiligd ontwikkelingsbeleid", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "Beveiliging bedrijfsvoering", "code": "12.6.2", "label": "Beperkingen inzake de installatie van software", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Leveranciersrelaties", "code": "15.1.3", "label": "IT-bevoorradingsketen", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.4", "label": "Beoordeling van de gebeurtenissen i.v.m. informatiebeveiliging en besluitvorming", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "Beheer van informatiebeveiligingsincidenten", "code": "16.1.5", "label": "Reactie op incidenten i.v.m. informatiebeveiliging", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "17.2.1", "label": "Beschikbaarheid van de informatieverwerkingsmiddelen", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2019-11-28T12:18:57.465957+00:00 https://objects.monarc.lu/object/get/5114 Baseline Security Guidelines (BSG) - FR 2021-01-17T22:00:06.123909+00:00 CCB { "authors": [ "Koen Van Impe" ], "label": "Baseline Security Guidelines (BSG)", "language": "FR", "refs": [ "https://cyberguide.ccb.belgium.be/fr" ], "uuid": "8c386095-dcbb-44e3-8c02-7fafecd19112", "values": [ { "category": "Politique de s\u00e9curit\u00e9", "code": "4.1.1", "label": "Chaque organisation doit disposer d'une politique de s\u00e9curit\u00e9 approuv\u00e9e et soutenue par la direction.", "uuid": "1cc160ac-8d5c-4ca3-bb72-62a10719c123" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.1", "label": "Chaque organisation mettra en place un syst\u00e8me de gestion des risques.", "uuid": "007b3160-1740-45c7-94c6-ca941c0fb139" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.2", "label": "La s\u00e9curit\u00e9 de l'information sera int\u00e9gr\u00e9e dans la gestion des projets (S\u00e9curit\u00e9 d\u00e8s la conception - 'security by design') afin d'int\u00e9grer le plus t\u00f4t possible les aspects de s\u00e9curit\u00e9.", "uuid": "611de8f9-c8a9-41ed-92f0-924f220bc43a" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.3", "label": "Afin de mettre \u00e0 jour les connaissances et de favoriser les \u00e9changes sur les derni\u00e8res tendances en mati\u00e8re de s\u00e9curit\u00e9 de l'information, il sera n\u00e9cessaire de participer aux forums sp\u00e9cialis\u00e9s abordant les questions de s\u00e9curit\u00e9 de l'information.", "uuid": "85d026e4-e8f5-42f4-9833-fc5fdfb6b7df" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.4", "label": "Afin que ces mesures organisationnelles soient appliqu\u00e9es, chaque organisation (in)formera son personnel et les tiers op\u00e9rant sous sa responsabilit\u00e9.", "uuid": "3b96ee40-70c3-452a-849c-4cda88d9f4c0" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.5", "label": "D\u00e9signer et mandater un responsable de la s\u00e9curit\u00e9.", "uuid": "6ea237dc-cb92-4bcd-a688-a5ea7ba3d783" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.6", "label": "Un tableau de bord permettant de mesurer son niveau de s\u00e9curit\u00e9 par rapport aux objectifs fix\u00e9s par la strat\u00e9gie de l'organisation.", "uuid": "12d776b0-2b90-4f2c-a59e-8cb6d173ebdd" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.7", "label": "Un code de conduite et de bonnes pratiques en mati\u00e8re d'utilisation des syst\u00e8mes d'information sera \u00e9labor\u00e9, approuv\u00e9 et communiqu\u00e9.", "uuid": "ca1b4896-cb90-4890-b62c-1e1590425ba0" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.8", "label": "Un plan d'information & de formation sera adopt\u00e9.", "uuid": "65a113ed-1a28-4f16-a205-6dcd58684f59" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.8.1", "label": "Chaque organisation d\u00e9finira les r\u00e8gles et mesures de s\u00e9curit\u00e9 d'usage des supports m\u00e9dia amovibles.", "uuid": "20062322-d837-4144-b3e0-fd69e3d63f1b" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.8.2", "label": "Une politique d'acc\u00e8s, de gestion des informations \u00e0 distance (t\u00e9l\u00e9travail) sera adopt\u00e9e.", "uuid": "89f5c88a-d730-45d2-a4de-77b84f267690" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.9", "label": "Chaque organisation doit identifier les r\u00f4les et responsabilit\u00e9s des diff\u00e9rents acteurs dans la s\u00e9curit\u00e9 de l'information.", "uuid": "0d9d2a96-7a52-4872-8ba0-f4068082144b" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.10_AVG", "label": "Chaque organisation mettra en place un syst\u00e8me de gestion des risques pour la gestion des donn\u00e9es personnelles.", "uuid": "8a772336-e4ad-4fd7-a093-c4e34779aaf7" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.11_AVG", "label": "Configurer et g\u00e9rer le registre de traitement RGPD.", "uuid": "be3c2eb6-61c4-4f8b-b27f-d03eb3443b05" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.12_AVG", "label": "Chaque organisation veille \u00e0 ce qu'un d\u00e9l\u00e9gu\u00e9 \u00e0 la protection des donn\u00e9es (ci-apr\u00e8s d\u00e9sign\u00e9 DPO) dot\u00e9 d'un mandat clair soit d\u00e9sign\u00e9 et mandat\u00e9.", "uuid": "995f60bd-fa47-4ffe-b6ce-9905229bf860" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.13_AVG", "label": "La protection des donn\u00e9es sera int\u00e9gr\u00e9e \u00e0 la gestion du projet (protection des donn\u00e9es par conception) afin d'int\u00e9grer les aspects de s\u00e9curit\u00e9 le plus rapidement possible.", "uuid": "d82fc564-3d0c-43d3-80b0-306c250bfbbb" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.14_AVG", "label": "Pour mettre \u00e0 jour les connaissances et promouvoir l'\u00e9change des tendances en mati\u00e8re de protection des donn\u00e9es, il sera n\u00e9cessaire de participer \u00e0 des forums sp\u00e9cialis\u00e9s et \u00e0 des canaux d'information traitant de la protection des donn\u00e9es.", "uuid": "fcd838d6-ab69-46f8-a7a2-17c84b6bb777" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.15_AVG", "label": "Pour s'assurer que les mesures organisationnelles n\u00e9cessaires sont mises en \u0153uvre, chaque organisation informe son personnel et les tiers travaillant sous sa responsabilit\u00e9.", "uuid": "a101acbd-a409-4ef6-ba97-c0c123742f93" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.16_AVG", "label": "Chaque organisation dispose d'un tableau de bord pour mesurer et contr\u00f4ler l'\u00e9tat et maturit\u00e9 de protection des donn\u00e9es par rapport aux objectifs de sa strat\u00e9gie.", "uuid": "ac29f819-028f-43a9-b64e-36502c01cc0d" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.17_AVG", "label": "Un code de conduite et de bonnes pratiques pour l'utilisation de donn\u00e9es \u00e0 caract\u00e8re personnel seront d\u00e9velopp\u00e9s, approuv\u00e9s et communiqu\u00e9s.", "uuid": "59e0247f-668a-440f-83cc-eee08b15d875" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.18_AVG", "label": "Un plan d'information et de formation sera approuv\u00e9.", "uuid": "eb865e05-a869-4ec1-9f93-e7e9d2b8311a" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.19_AVG", "label": "Les r\u00e8gles d'acc\u00e8s aux donn\u00e9es sont d\u00e9termin\u00e9es.", "uuid": "5fd7bb7e-9704-4616-b687-947a2b022e8e" }, { "category": "Organisation de la s\u00e9curit\u00e9", "code": "4.2.20_AVG", "label": "Chaque organisation doit identifier les t\u00e2ches et les responsabilit\u00e9s des diff\u00e9rents acteurs de la protection des donn\u00e9es.", "uuid": "ce01c440-aa4f-432f-b4f0-6e89dd0f5cc6" }, { "category": "La s\u00e9curite\u00e9 des ressources humaines", "code": "4.3.1", "label": "Une politique relative \u00e0 la gestion des collaborateurs (internes et/ou externes) sera adopt\u00e9e.", "uuid": "df696f9a-646d-4db1-bebf-ff2066e6ebdf" }, { "category": "La s\u00e9curite\u00e9 des ressources humaines", "code": "4.3.2", "label": "R\u00e9glementation de l'emploi", "uuid": "8a6d3cf4-0a31-4e41-a2ec-cf13c6d04688" }, { "category": "La s\u00e9curite\u00e9 des ressources humaines", "code": "4.3.3_AVG", "label": "La politique pour les employ\u00e9s (internes et externes) contient une bonne protection juridique et / ou contractuelle des donn\u00e9es personnelles.", "uuid": "441aaa8d-5641-4ac2-90d8-bf5bdf121ce8" }, { "category": "La s\u00e9curite\u00e9 des ressources humaines", "code": "4.3.4_AVG", "label": "Proc\u00e9dure de recrutement.", "uuid": "0694ce82-792f-4e7e-ad5d-b75f24cbc822" }, { "category": "La s\u00e9curite\u00e9 des ressources humaines", "code": "4.3.5_AVG", "label": "R\u00e9glementation de l'emploi contient des accords de confidentialit\u00e9 ou de non-divulgation.", "uuid": "564b2edb-0c96-42e4-b99c-aa4dbbedfd09" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.1", "label": "Un plan de formation, de d\u00e9veloppement et de communication sera d\u00e9fini afin que tous les collaborateurs de l'organisation, internes et externes, suivent, dans la mesure du possible, la formation en mati\u00e8re de s\u00e9curit\u00e9 de l'information et soient r\u00e9guli\u00e8rement inform\u00e9s sur les adaptations apport\u00e9es aux directives et proc\u00e9dures.", "uuid": "417e07f4-62fe-4503-b34b-6d1c4ecf705c" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.2", "label": "Un plan de communication sera d\u00e9fini pour que toutes les parties int\u00e9ress\u00e9es de l'organisation, en interne et en externe, re\u00e7oivent les informations n\u00e9cessaires sur la s\u00e9curit\u00e9 de l'information, le cas \u00e9ch\u00e9ant, et soient r\u00e9guli\u00e8rement inform\u00e9es des adaptations apport\u00e9es aux lignes directrices et aux proc\u00e9dures.", "uuid": "b969dd46-b70d-4ec7-a8b5-df763ff556b1" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.3_AVG", "label": "Vad\u00e9m\u00e9cum avec la terminologie RGPD.", "uuid": "5299522f-d771-4939-b5f7-61501fb65558" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.4_AVG", "label": "Un plan de formation et d'\u00e9ducation sera d\u00e9fini de mani\u00e8re a\u00e8 ce que tous les employ\u00e9s de l'ensemble de l'organisation, qu'ils soient internes ou externes, re\u00e7oivent l'instruction et la formation n\u00e9cessaires a\u00e8 intervalles r\u00e9guliers sur la RGPD et la protection des donn\u00e9es, dans les mesures applicables a\u00e8 leurs fonctions/ poste leur r\u00f4le et leur responsabilit\u00e9 a\u00e8 cet \u00e9gard, et \u00eatre tenu inform\u00e9 des modifications apport\u00e9es aux directives et proc\u00e9dures.", "uuid": "7a29e969-f986-4f44-8a5c-d8f354563a88" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.5_AVG", "label": "Un plan de communication sera d\u00e9fini de mani\u00e8re \u00e0 ce que toutes les parties int\u00e9ress\u00e9es de l'organisation, tant internes qu'externes, re\u00e7oivent les informations de protection des donn\u00e9es n\u00e9cessaires, le cas \u00e9ch\u00e9ant, et soient r\u00e9guli\u00e8rement inform\u00e9es des modifications apport\u00e9es aux directives et aux proc\u00e9dures.", "uuid": "cdee47f8-8bf0-4de4-a873-b4ecc2974047" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.6_AVG", "label": "Pr\u00e9parez une d\u00e9claration de protection des donn\u00e9es expliquant quelles donn\u00e9es sont trait\u00e9es, comment et les mesures de protections mises en \u0153uvre.", "uuid": "362c3ed6-18bc-4dfa-923a-55e4d050edb5" }, { "category": "Sensibilisation, formation, d\u00e9veloppement & Communication", "code": "4.4.7_AVG", "label": "Proc\u00e9dure de communication pour l'exercice des droits de la personne concern\u00e9e.", "uuid": "7dc57262-e4c2-4da6-ba41-9e094c2dd8db" }, { "category": "La gestion des actifs", "code": "4.5.1", "label": "Chaque organisation \u00e9tablira un inventaire de ses actifs essentiels, quelle que soit sa cat\u00e9gorie (information, donn\u00e9es, transmission, application, r\u00e9seaux, processus, syst\u00e8mes, ...).", "uuid": "52f3722e-4eda-4d51-859f-ed29ffacbd51" }, { "category": "La gestion des actifs", "code": "4.5.2", "label": "Un inventaire des syst\u00e8mes d'information sera tenu a\u00e8 jour.", "uuid": "fe16340a-926f-4829-955d-a547c046061c" }, { "category": "La gestion des actifs", "code": "4.5.3", "label": "Chaque organisation veillera a\u00e8 mettre en place une proc\u00e9dure de gestion des actifs de l'information en tenant compte de l'importance des donn\u00e9es de l'organisation.", "uuid": "88e0be5c-8ba0-4159-a9ca-c2e3f511c1cd" }, { "category": "La gestion des actifs", "code": "4.5.4", "label": "Chaque organisation d\u00e9finira les r\u00e8gles et mesures de s\u00e9curit\u00e9 d'usage des supports m\u00e9dia amovibles.", "uuid": "ae470d7b-c065-4f30-b34a-471221f48e0d" }, { "category": "La gestion des actifs", "code": "4.5.5", "label": "Chaque organisation mettra en place les mesures de s\u00e9curit\u00e9 des donn\u00e9es sensibles et des syst\u00e8mes d'information.", "uuid": "dee024e0-2f15-42ba-bb19-0e4c4e412505" }, { "category": "La gestion des actifs", "code": "4.5.5.1", "label": "Chaque organisation mettra en place les mesures de se\u0301curite\u0301 re\u0301gissant les moyens de communication e\u0301lectronique.", "uuid": "357d56a0-5328-4bdd-a30d-18e70018c50a" }, { "category": "La gestion des actifs", "code": "4.5.6_AVG", "label": "Les donn\u00e9es personnelles sont suffisamment prot\u00e9g\u00e9es sur la base de l'\u00e9valuation des risques.", "uuid": "9d210d3d-fc82-49b1-9e38-16125abb72c2" }, { "category": "Le contr\u00f4le d'acc\u00e8s", "code": "4.6.1", "label": "L'organisation d\u00e9finira par actif (au sens large du terme) les r\u00e8gles claires d'acc\u00e8s.", "uuid": "362ef0e0-f7e2-4a61-be0d-912286237e0c" }, { "category": "Le contr\u00f4le d'acc\u00e8s", "code": "4.6.2", "label": "Un registre des autorisations d'acc\u00e8s sera tenu et mis \u00e0 jour par l'organisation.", "uuid": "ca38f20d-15d0-43c6-a5a0-9705e53b97a9" }, { "category": "Le contr\u00f4le d'acc\u00e8s", "code": "4.6.3", "label": "Les utilisateurs seront clairement form\u00e9s et inform\u00e9s de leurs devoirs & responsabilit\u00e9s.", "uuid": "f88ba193-9859-44e6-b35b-c92eb0daaf02" }, { "category": "Le contr\u00f4le d'acc\u00e8s", "code": "4.6.4", "label": "Pour chaque \u00e9l\u00e9ment de l'inventaire (renforcement des mesures de s\u00e9curit\u00e9, rapport \u00e0 une autorit\u00e9).", "uuid": "0e53cc22-6627-4ce8-b9f9-4ba8dbe3d7de" }, { "category": "Le contr\u00f4le d'acc\u00e8s", "code": "4.6.5", "label": "Contr\u00f4le d'acc\u00e8s aux donn\u00e9es personnelles.", "uuid": "0b28f89f-00c6-4a7f-8cff-73c1ebbd299d" }, { "category": "Le contr\u00f4le d'acc\u00e8s", "code": "4.6.6_AVG", "label": "V\u00e9rification de l'identit\u00e9 de la personne voulant exercer ses droits.", "uuid": "dea2dbfe-fd32-485c-8a6b-7e7ee0dae5b8" }, { "category": "La cryptographie", "code": "4.7.1", "label": "Si des mesures cryptographiques sont mises en \u0153uvre, l'organisation d\u00e9taillera ces mesures.", "uuid": "7b225b04-3dc2-42c4-a920-f343be6b28c6" }, { "category": "La cryptographie", "code": "4.7.2", "label": "En r\u00e8gle g\u00e9n\u00e9rale, l'acc\u00e8s aux actifs essentiels doit \u00eatre bas\u00e9 sur des acc\u00e8s individuels. Le partage de codes d'acc\u00e8s n'est pas permis.", "uuid": "36f43595-5efb-4478-9c0c-25f0a866e49e" }, { "category": "La cryptographie", "code": "4.7.3", "label": "Key management.", "uuid": "6366690a-d5c2-4354-989c-596e255d6e50" }, { "category": "La cryptographie", "code": "4.7.4_AVG", "label": "Les donn\u00e9es personnelles sont suffisamment prot\u00e9g\u00e9es lors du stockage, du transport et de l'utilisation des donn\u00e9es personnelles.", "uuid": "4d151f6c-f1f7-45fc-be24-26983be7a9c7" }, { "category": "La s\u00e9curit\u00e9 physique et environnementale", "code": "4.8.1", "label": "Espaces s\u00e9curis\u00e9s.", "uuid": "9f06714f-30a2-4223-9758-d906e8685808" }, { "category": "La s\u00e9curit\u00e9 physique et environnementale", "code": "4.8.2", "label": "Protection des appareils.", "uuid": "e851eb18-01d1-4a6c-8325-153228e07c66" }, { "category": "La s\u00e9curit\u00e9 physique et environnementale", "code": "4.8.3", "label": "Politique 'Clear screen'.", "uuid": "da39891f-0050-4c08-90eb-a66c96122f95" }, { "category": "La s\u00e9curit\u00e9 physique et environnementale", "code": "4.8.4", "label": "Politique 'Clear desk'.", "uuid": "7a6c19b2-4929-4dda-b844-ca9bf7f78666" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.1", "label": "Pour chaque \u00e9l\u00e9ment d'actif login & monitoring avec rapportage des incidents et des mesures de s\u00e9curit\u00e9 prises.", "uuid": "c600645e-682b-4256-9d69-1b03ef261932" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.2", "label": "Un inventaire de l'environnement de test sera dress\u00e9.", "uuid": "4604aab0-7c9e-45cd-ad38-579be27f08f8" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.1", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Antimalware/antivirus mis \u00e0 jour.", "uuid": "7090e984-01ef-4813-ab37-490b9ef01a0b" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.2", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Syst\u00e8me de d\u00e9tection des intrusions ou des acc\u00e8s non autoris\u00e9s/software non autoris\u00e9s.", "uuid": "9752d5a2-6f9d-4763-8445-39811f4b283c" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.3", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Proc\u00e9dures de blocage/isolement pour anomalies/acc\u00e8s non autoris\u00e9, \u2026", "uuid": "3b3a63ad-486b-4ea6-8b2c-b7ae99f17710" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.4", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Up to date hardware & software avec test pr\u00e9alable des nouvelles releases & fall back sc\u00e9nario.", "uuid": "beb2d7a4-ef17-4ad7-9e35-d7bf90a1209b" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.5", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Gestion des incidents (y compris la communication).", "uuid": "86d92098-6655-492c-a2cb-6909a0ca0783" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.6", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Avoir des proc\u00e9dures de backup: cr\u00e9ation, test de restauration.", "uuid": "c5162eaa-b141-4898-9c5a-09efab5f3e2f" }, { "category": "La s\u00e9curit\u00e9 li\u00e9e aux op\u00e9rations", "code": "4.9.3.7", "label": "Les mesures techniques mises en place pour l'architecture seront au minimum: Avoir une proc\u00e9dure li\u00e9e au cryptage des donn\u00e9es.", "uuid": "bd5a5d3d-bf22-463b-abf5-6357b5667d1b" }, { "category": "La s\u00e9curit\u00e9 des communications", "code": "4.10.1", "label": "Une mesure de s\u00e9curit\u00e9 doit prendre en compte la s\u00e9curit\u00e9 des transmissions de l'information afin d'\u00e9viter les acc\u00e8s non autoris\u00e9s aux infrastructures et aux donn\u00e9es de l'organisation, que cet acc\u00e8s soit volontaire ou non.", "uuid": "2087bc31-184b-4b28-a9e0-de6cc6f47115" }, { "category": "La s\u00e9curit\u00e9 des communications", "code": "4.10.2", "label": "Cette mesure de s\u00e9curit\u00e9 devra tenir compte de l'accessibilit\u00e9 requise pour les syst\u00e8mes de l'organisation.", "uuid": "c2a9d554-e4e1-4b2b-ae3a-bdbb0184bdc1" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "4.11.1", "label": "Impl\u00e9mentez des contr\u00f4les pour l'acquisition, le d\u00e9veloppement et la maintenance de tout nouveau syst\u00e8me. L'aspect d'outsourcing, l'utilisation de services en nuage ou l'achat de produits n\u00e9cessitent une attention particuli\u00e8re.", "uuid": "882aec33-b8c1-4ace-a933-adc33ee62281" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "4.11.2", "label": "Chaque organisation tiendra un journal.", "uuid": "8d13a8ef-68cb-4059-955f-18706bc2534a" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "4.11.3", "label": "Le journal sp\u00e9cifiera aussi les mesures de s\u00e9curit\u00e9 mises en place.", "uuid": "2e6a0a11-0b5f-46e3-ab94-86b8958f502b" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "4.11.4", "label": "L'organisation mettra en \u0153uvre des proc\u00e9dures afin de maintenir ses solutions \u00e0 jour et assurera une mesure de s\u00e9curit\u00e9 de backup test\u00e9e tant pour ses syst\u00e8mes que pour ses donn\u00e9es.", "uuid": "314754df-57aa-46b2-bba1-a742becbb18e" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "4.11.5_AVG", "label": "Lors de l'achat, le d\u00e9veloppement et la maintenance de syst\u00e8mes, processus et proc\u00e9dures doivent \u00eatre utilis\u00e9s pour prot\u00e9ger les donn\u00e9es personnelles, \u00e0 la fois pendant la conception et la gestion op\u00e9rationnelle.", "uuid": "3a2efe2f-c165-45cd-9a62-d178a8d91694" }, { "category": "Relations avec les fournisseurs", "code": "4.12.1", "label": "L'organisation s'assurera que les contrats entre parties mentionneront les mesures de s\u00e9curit\u00e9 impos\u00e9es par l'organisation, les lois et r\u00e8glements (notamment le RGPD) ainsi que les \u00e9l\u00e9ments de contr\u00f4le et de revue.", "uuid": "5a0139be-8db3-49d5-b20d-8df2da066684" }, { "category": "Relations avec les fournisseurs", "code": "4.12.1.2", "label": "Chaque organisation veillera \u00e0 encadrer les relations avec les fournisseurs et les autorit\u00e9s.", "uuid": "b8722b1c-7644-46be-b9a0-eeaf16b7e26d" }, { "category": "Relations avec les fournisseurs", "code": "4.12.2", "label": "Chaque organisation veillera \u00e0 faire appel aux services de 'cloud computing' qui correspondent aux mesures de s\u00e9curit\u00e9 n\u00e9cessaires pour l'organisation.", "uuid": "5b05804b-9d29-4360-8252-218e92193db5" }, { "category": "Relations avec les fournisseurs", "code": "4.12.3_AVG", "label": "Chaque organisation veillera \u00e0 ce que les relations avec les fournisseurs et les autorit\u00e9s soient d\u00e9finies.", "uuid": "827585e6-6044-4918-bd3e-cd6e68d4b872" }, { "category": "Politique Coordonn\u00e9e pour publication des vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9", "code": "4.13.1", "label": "Une Politique Coordonn\u00e9e pour publication des vuln\u00e9rabilit\u00e9s ('Coordinated Vulnerability Disclosure Policy' \u2013 ci-dessous CVDP) L'organisation \u00e9labore et applique une CVDP.", "uuid": "06413a61-a94b-4f5b-9682-64a3d01fe18a" }, { "category": "Politique Coordonn\u00e9e pour publication des vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9", "code": "4.13.2", "label": "Les employ\u00e9s internes et externes ainsi que les personnes impliqu\u00e9es doivent disposer d'une proc\u00e9dure permettant de signaler les activit\u00e9s suspectes.", "uuid": "0ddaed31-8775-472a-8027-5311e4d1ceea" }, { "category": "Politique Coordonn\u00e9e pour publication des vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9", "code": "4.13.3_AVG", "label": "Notification \u00e0 l'autorit\u00e9 de contr\u00f4le d'une violation de donn\u00e9es \u00e0 caract\u00e8re personnel.", "uuid": "b47adcd3-b5e6-47d7-9b30-24b116041e17" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "4.14.1", "label": "Chaque organisation mettra en place un plan de gestion des incidents qui reprendra les r\u00f4les et responsabilit\u00e9s.", "uuid": "866d0e78-cf90-43ba-b80b-fc024d9e353d" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "4.14.2", "label": "Chaque incident sera analys\u00e9 afin d'\u00e9valuer la pertinence de nouvelles mesures de s\u00e9curit\u00e9.", "uuid": "61353cc1-2e98-4a53-9439-5042b4330617" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "4.14.3_AVG", "label": "Chaque organisation \u00e9tablit un plan de gestion des incidents comprenant les t\u00e2ches et responsabilit\u00e9s suivantes, qui r\u00e9git le traitement des violations de donn\u00e9es \u00e0 caract\u00e8re personnel.", "uuid": "bd868c76-36fc-454b-bb2c-75aff696a176" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "4.14_4_AVG", "label": "Notification \u00e0 l'autorit\u00e9 de contr\u00f4le d'une violation de donn\u00e9es \u00e0 caract\u00e8re personnel.", "uuid": "d5fa0e1e-6e73-417d-812d-d479958ca619" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "4.15.1", "label": "Pour tout syst\u00e8me critique ou toute donn\u00e9e sensible n\u00e9cessaires \u00e0 la continuit\u00e9 de l'organisation, un plan de continuit\u00e9 sera mis en place.", "uuid": "fa2092d3-2e09-45fd-9281-e4c0acafdd77" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "4.15.2", "label": "Maintenance du plan de continuit\u00e9.", "uuid": "c6ef4a4d-256f-4031-a0ae-bc3c840649ec" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "4.15.3", "label": "Syst\u00e8me de protection garantissant la confidentialit\u00e9, l'int\u00e9grit\u00e9 et la disponibilit\u00e9 des donn\u00e9es personnelles et de l'entreprise.", "uuid": "a122fa15-6a0d-461f-b3bb-86bfa1e2a5b9" }, { "category": "Encadrer les relations avec les tiers et les autorit\u00e9s", "code": "4.16.1", "label": "Conformit\u00e9 aux dispositions l\u00e9gales et r\u00e8glementaires.", "uuid": "9bd1bf6d-e4a4-4936-a4f0-6cdd7f7a0770" }, { "category": "Encadrer les relations avec les tiers et les autorit\u00e9s", "code": "4.16.2", "label": "Chaque organisation veillera \u00e0 ce que les relations avec les fournisseurs et les autorit\u00e9s soient d\u00e9finies.", "uuid": "91f2af81-e57d-4c40-aeea-9c9811f68cbd" }, { "category": "Encadrer les relations avec les tiers et les autorit\u00e9s", "code": "4.16.3_AVG", "label": "Suivi de la l\u00e9gislation et des avis \u00e9mis ou modifi\u00e9s par les autorit\u00e9s comp\u00e9tentes.", "uuid": "6a129d85-8f6b-4a98-90d7-ac90c2dc0215" }, { "category": "Evaluation des mesures des s\u00e9curit\u00e9", "code": "4.17.1", "label": "Chaque organisation organisera r\u00e9guli\u00e8rement une \u00e9valuation interne ou externe sur la s\u00e9curit\u00e9 de l'information.", "uuid": "32716663-cd17-42be-a47c-359ffaf6bd52" } ], "version": 2 } 2019-11-28T14:02:38.956436+00:00 https://objects.monarc.lu/object/get/5112 Baseline Security Guidelines (BSG) - NL 2021-01-17T22:00:06.121974+00:00 CCB { "authors": [ "Koen Van Impe" ], "label": "Baseline Security Guidelines (BSG)", "language": "NL", "refs": [ "https://cyberguide.ccb.belgium.be/nl" ], "uuid": "4c3c3755-1b24-4ba3-8f49-0942af399669", "values": [ { "category": "Veiligheidsbeleid", "code": "4.1.1", "label": "Een informatiebeveiligingsbeleid hebben dat is goedgekeurd en ondersteund wordt door het management.", "uuid": "81a49bfb-6b4c-44d8-8747-229ebc0a9115" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.1", "label": "Een risicomanagementsysteem opzetten.", "uuid": "0c1aec74-6216-45a0-94a3-5483ed0b6444" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.2", "label": "De informatiebeveiliging zal worden ge\u00efntegreerd in het projectmanagement (veiligheid per ontwerp 'Security by design') om veiligheids-aspecten zo snel mogelijk te integreren.", "uuid": "59bf4006-ef36-43f9-aef2-c37035128cad" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.3", "label": "Om kennis te actualiseren en de uitwisseling van informatiebeveiligingstrends te bevorderen, zal het noodzakelijk zijn deel te nemen aan gespecialiseerde fora en gebruikersgroepen die zich bezighouden met informatiebeveiliging.", "uuid": "13dd88e7-1755-4556-a97a-702d2df01e62" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.4", "label": "Om ervoor te zorgen dat deze organisatorische maatregelen worden uitgevoerd, informeert elke organisatie haar personeel en derden die onder haar verantwoordelijkheid werken.", "uuid": "f5ba73fc-4450-4cbb-baba-352e303f2136" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.5", "label": "Een informatiebeveiliger met een duidelijk mandaat wordt aangewezen en gemandateerd.", "uuid": "099aa548-9a92-4bc1-b73a-7e610d755472" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.6", "label": "Een dashboard om het beveiligingsniveau te meten en op te volgen aan de hand van de doelstellingen van de strategie van de organisatie.", "uuid": "31943510-7424-45e2-8af3-7832b7d1cee9" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.7", "label": "Er zullen een gedragscode en goede praktijken voor het gebruik van informatiesystemen worden ontwikkeld, goedgekeurd en gecommuniceerd.", "uuid": "2a490b72-5d50-459a-bf61-08828479e076" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.8", "label": "Er zal een informatie- en opleidingsplan worden goedgekeurd.", "uuid": "30c0e0e1-b670-4513-9fa3-93f18b3ab345" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.9", "label": "Taken en verantwoordelijkheden van de verschillende actoren in de informatiebeveiliging identificeren.", "uuid": "32c11810-0de4-4141-af57-31f50f3643e3" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.10_AVG", "label": "Een risicomanagementsysteem opzetten voor het beheer van persoonsgegevens.", "uuid": "8048b05c-0a0c-46ed-9283-ef807790f286" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.11_AVG", "label": "Opzetten en beheren van het AVG verwerkingsregister.", "uuid": "b7ee51c3-e305-427f-8214-f5488ddb73e3" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.12_AVG", "label": "Een functionaris voor gegevensbescherming (DPO) met een duidelijk mandaat wordt aangewezen en gemandateerd.", "uuid": "c168c2aa-16b3-4475-8828-d565e2486f8d" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.13_AVG", "label": "Dataprotectie zal worden ge\u00efntegreerd in het projectmanagement (gegevensbescherming per ontwerp) om veiligheidsaspecten zo snel mogelijk te integreren.", "uuid": "2686475c-8758-483d-be79-e03ecc69c194" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.14_AVG", "label": "Om kennis te actualiseren en de uitwisseling van dataprotectietrends te bevorderen, zal het noodzakelijk zijn deel te nemen aan gespecialiseerde fora en informatiekanalen die zich bezighouden met gegevensbescherming.", "uuid": "6a70af9b-55d0-4f22-a9f0-92933602f436" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.15_AVG", "label": "Om ervoor te zorgen dat de nodige organisatorische maatregelen worden uitgevoerd, informeert elke organisatie haar personeel en derden die onder haar verantwoordelijkheid werken.", "uuid": "04384bce-d861-438b-bef9-29d06155f54d" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.16_AVG", "label": "Een dashboard om het dataprotectieniveau te meten en op te volgen aan de hand van de doelstellingen van de strategie van de organisatie.", "uuid": "5c4754c7-5a19-429c-91a3-7801ea8b70e1" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.17_AVG", "label": "Richtlijnen en goede praktijken voor het gebruik van persoonsgegevens worden ontwikkeld, goedgekeurd en gecommuniceerd.", "uuid": "6ba6edfa-fa35-450f-a389-042380e0dbdd" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.18_AVG", "label": "Er zal een informatie- en opleidingsplan worden goedgekeurd.", "uuid": "b275984a-98ff-4bf7-b827-d164766bf046" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.19_AVG", "label": "Regels voor de toegang tot gegevens via remote toegang (telewerk) worden bepaald.", "uuid": "12815f93-691d-4ba2-a0ab-ccfe52a8d576" }, { "category": "Organisatie van beveiliging en data protectie", "code": "4.2.20_AVG", "label": "De taken en verantwoordelijkheden van de verschillende actoren in de gegevensbescherming identificeren.", "uuid": "397482eb-4050-4d6d-84cb-d46a3b5047af" }, { "category": "Veiligheid van personeel", "code": "4.3.1", "label": "Een beleid voor het management van medewerkers (intern en/of extern) zal worden gedefinieerd.", "uuid": "f876a183-af81-4cc7-a638-9a242aff2907" }, { "category": "Veiligheid van personeel", "code": "4.3.2", "label": "Arbeidsreglement : er moet een beleid gedefineerd worden dat duidelijk de veranwoordelijkheiden van de organisatie, de interne en externe medewerkers vastlegt wat betreft informatiebeveiling en dataprotectie.", "uuid": "dac32519-a68c-4165-b94f-07c34750e3c6" }, { "category": "Veiligheid van personeel", "code": "4.3.3_AVG", "label": "Het beleid voor werknemers (intern en extern) bevat een goede legale en/of contractuele bescherming van de persoonsgegevens.", "uuid": "d93def34-8208-4405-aa81-30dcb1e01536" }, { "category": "Veiligheid van personeel", "code": "4.3.4_AVG", "label": "In de aanwervingsprocedure is er voldoende aandacht gespendeerd aan de bescherming van de persoonsgegevens.", "uuid": "9fa0d2da-995d-43a9-9e36-390a4eb670a4" }, { "category": "Veiligheid van personeel", "code": "4.3.5_AVG", "label": "Arbeidsreglement bevat onderdelen voor geheimhoudingsplicht en vertrouwelijkheidsovereenkomst.", "uuid": "7cd5b472-2845-4563-9532-800d90c9d379" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.1", "label": "Er zal een opleidings- en trainingsplan worden gedefinieerd, zodat alle medewerkers van de hele organisatie, zowel intern als extern, de nodige informatiebeveiligingsopleiding krijgen, voor zover relevant voor hun functie, en op geregelde tijdstippen op de hoogte worden gehouden van aanpassingen van de richtlijnen en procedures.", "uuid": "7b9cf51b-23db-4e76-90c8-58b6bc085ec1" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.2", "label": "Er zal een communicatieplan worden gedefinieerd, zodat alle belanghebbende partijen van de organisatie, zowel intern als extern, de nodige informatiebeveiligingsinformatie ontvangen, voor zover van toepassing, en op geregelde tijdstippen op de hoogte worden gehouden van aanpassingen van de richtlijnen en procedures.", "uuid": "d3caa2ec-da72-4ddd-80e8-eefa3bf8a487" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.3_AVG", "label": "Vademecum met GDPR terminologie.", "uuid": "08acbdbf-94e0-406b-a5cc-23d9e1c3d623" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.4_AVG", "label": "Er zal een opleidings- en trainingsplan worden gedefinieerd, zodat alle medewerkers van de hele organisatie, zowel intern als extern, op geregelde tijdstippen de nodige opleiding en training krijgen over AVG en dataprotectie, voor zover relevant voor hun functie, en op geregelde tijdstippen op de hoogte worden gehouden van aanpassingen van de richtlijnen en procedures.", "uuid": "fe26c4b4-2489-42d0-8cfd-f4f34c51b7ef" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.5_AVG", "label": "Er zal een communicatieplan worden gedefinieerd, zodat alle belanghebbende partijen van de organisatie, zowel intern als extern, de nodige dataprotectie-informatie ontvangen, voor zover van toepassing, en op geregelde tijdstippen op de hoogte worden gehouden van aanpassingen van de richtlijnen en procedures.", "uuid": "b2e5e01c-e2d0-4f00-b7ce-2e03183ca93d" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.6_AVG", "label": "Een gegevensbeschermingsverklaring die uitlegt welke gegevens verwerkt worden en op welke manier, en hoe ze beveiligd worden.", "uuid": "5d69ff7f-a42a-4efb-b9db-66a8623abcbb" }, { "category": "Bewustmaking, opleiding, training & communicatie", "code": "4.4.7_AVG", "label": "Een communicatie procedure voor het uitoefenen van de rechten van betrokkene.", "uuid": "f37be6dd-4170-4309-aefd-eed348b4e0e6" }, { "category": "Beheer Activa", "code": "4.5.1", "label": "Een inventaris van kernactiva, ongeacht de categorie ervan (informatie, gegevens, transmissie, toepassing, netwerken, processen, systemen etc.).", "uuid": "dcc264b0-ca6a-4455-beaf-af32a586dc27" }, { "category": "Beheer Activa", "code": "4.5.2", "label": "Er zal een inventaris van informatiesystemen worden bijgehouden.", "uuid": "9a749ac1-4cca-4cb8-b4da-67e369512786" }, { "category": "Beheer Activa", "code": "4.5.3", "label": "Een procedure voor het beheer van informatiemiddelen, waarbij rekening wordt gehouden met het belang van de gegevens van de organisatie.", "uuid": "bbbf99e4-ec62-4483-97ab-2aa976ebeee7" }, { "category": "Beheer Activa", "code": "4.5.4", "label": "De regels en beveiligingsmaatregelen voor het gebruik van verwijderbare media defini\u00ebren.", "uuid": "7791ba79-d8d6-4f1b-86c8-b064a84c4abd" }, { "category": "Beheer Activa", "code": "4.5.5", "label": "Beveiligingsmaatregelen voor gevoelige gegevens en informatiesystemen.", "uuid": "f5976522-5ba7-4525-8394-f68b28cea22c" }, { "category": "Beheer Activa", "code": "4.5.6_AVG", "label": "De persoonsgegevens zijn voldoende beschermd op basis van de risico analyse.", "uuid": "377456e5-e683-4f14-8d83-a1140b6768bb" }, { "category": "Toegangscontrole", "code": "4.6.1", "label": "Unieke toegang: Duidelijke toegangsregels (beveiligingsmaatregelen, RCA- model) per actief (ruime betekenis) defini\u00ebren", "uuid": "b1799296-a0af-445c-a3d7-106432a5f2df" }, { "category": "Toegangscontrole", "code": "4.6.2", "label": "Een register van toegangsbevoegdheden bijhouden en bijwerken.", "uuid": "c495ae3b-b020-4f37-b451-893df8350249" }, { "category": "Toegangscontrole", "code": "4.6.3", "label": "Gebruikers worden goed opgeleid en geinformeerd over hun taken en verantwoordelijkheden.", "uuid": "ba68664c-cd76-4935-b345-20ec7151bbad" }, { "category": "Toegangscontrole", "code": "4.6.4", "label": "Voor elk onderdeel van de inventarisatie (versterkende beveiligingsmaatregelen, rapportage aan een autoriteit) worden de acties gecontroleerd door middel van een logboek, waarvan de toegang beveiligd is en alleen toegankelijk is voor geautoriseerde en geidentificeerde personen.", "uuid": "c21d9313-0c6e-4065-9c54-280a3308d0b0" }, { "category": "Toegangscontrole", "code": "4.6.5", "label": "Toegangscontrole op persoonsgegevens.", "uuid": "227fc9a4-6b46-4fbe-94dd-d327c831af08" }, { "category": "Toegangscontrole", "code": "4.6.6_AVG", "label": "Verificatie identiteit van betrokken persoon bij uitoefenen van rechten.", "uuid": "9b9e31e3-9593-4923-93ec-8f4720754fe1" }, { "category": "Cryptografie", "code": "4.7.1", "label": "Als er cryptografische maatregelen worden geimplementeerd, zal de organisatie details geven.", "uuid": "c71bd225-4f48-4250-9992-aa0abe186a86" }, { "category": "Cryptografie", "code": "4.7.2", "label": "In het algemeen, voor toegang tot essenti\u00eble activa, moet per persoon een toegangscode worden gebruikt. Het delen van toegangscodes is niet toegestaan.", "uuid": "7642e697-6e0a-4406-8b7f-86d214e38d43" }, { "category": "Cryptografie", "code": "4.7.3", "label": "Sleutelbeheer.", "uuid": "827f4a94-9c5f-4b4b-84dc-6ded671f9921" }, { "category": "Cryptografie", "code": "4.7.4_AVG", "label": "Persoonsgegevens worden voldoende beschermd tijdens opslag, transport en gebruik van persoonsgegevens.", "uuid": "2dc077f4-3e78-4f14-9c44-036df86e6f78" }, { "category": "Fysieke en milieuveiligheid", "code": "4.8.1", "label": "Beveiligde ruimten.", "uuid": "ef81df57-be4b-415d-baef-83ad2dacc8e0" }, { "category": "Fysieke en milieuveiligheid", "code": "4.8.2", "label": "Bescherming van apparaten.", "uuid": "f11b09b9-d660-4b9b-8cde-10ab4b5baf45" }, { "category": "Fysieke en milieuveiligheid", "code": "4.8.3", "label": "Clear screen.", "uuid": "0d741d71-f9fe-4ab9-aaa9-941b29ecca78" }, { "category": "Fysieke en milieuveiligheid", "code": "4.8.4", "label": "Clear desk beleid.", "uuid": "8a1791ba-a987-485e-a48b-1e88a7789b93" }, { "category": "Operationele veiligheid", "code": "4.9.1", "label": "Voor elke asset is er een login & monitoring met melding van incidenten en getroffen beveiligingsmaatregelen.", "uuid": "aafa2f2e-3025-416a-abf6-9d530dba7a2a" }, { "category": "Operationele veiligheid", "code": "4.9.2", "label": "Een inventarisatie van de testomgeving.", "uuid": "cb31567d-0cf8-4c19-b7e0-841fd27c8d9c" }, { "category": "Operationele veiligheid", "code": "4.9.3.1", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Anti-malware/antivirus moet up-to-date zijn.", "uuid": "5f30ce78-ae78-461f-b298-129c7431392b" }, { "category": "Operationele veiligheid", "code": "4.9.3.2", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Detectiesysteem voor inbraak of onbevoegde of niet-toegelaten software.", "uuid": "685869ab-0728-4c1a-82ac-f3b0da34251e" }, { "category": "Operationele veiligheid", "code": "4.9.3.3", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Procedures voor het blokkeren/isoleren van anomalie\u00ebn of niet-geautoriseerde toegang.", "uuid": "621a3a62-b90f-4b86-a56d-40f020299ff2" }, { "category": "Operationele veiligheid", "code": "4.9.3.4", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Up-to-date hardware & software met pre-testen van nieuwe releases en fall-back-scenario's.", "uuid": "1b6889ed-fb66-451c-9cd9-78d802c1416b" }, { "category": "Operationele veiligheid", "code": "4.9.3.5", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Incidentmanagement (inclusief communicatie).", "uuid": "249fbdf8-395b-4e35-af58-7d209b1585e7" }, { "category": "Operationele veiligheid", "code": "4.9.3.6", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Beschikken over back-upprocedures: maken, testen van restauratie.", "uuid": "92815303-5986-458e-985b-9990ff26e8c1" }, { "category": "Operationele veiligheid", "code": "4.9.3.7", "label": "De minimale technische maatregelen die voor de architectuur worden genomen, zijn: Beschikken over een procedure met betrekking tot gegevensencryptie.", "uuid": "81c71d8c-fdc6-412d-9cca-c7d33089c97f" }, { "category": "Communicatiebeveiliging", "code": "4.10.1", "label": "Bij een beveiligingsmaatregel moet rekening worden gehouden met de beveiliging van de informatieoverdracht om ongeoorloofde toegang tot de infrastructuur en gegevens van de organisatie te voorkomen, ongeacht of deze toegang al dan niet vrijwillig is.", "uuid": "7b324ca8-0f09-413b-839e-fea3aa5121af" }, { "category": "Communicatiebeveiliging", "code": "4.10.2", "label": "Rekening houden met de toegankelijkheid die nodig is voor de systemen van de organisatie.", "uuid": "a9e65f83-2877-43ab-9189-bc6c5ca654d8" }, { "category": "Aankoop, ontwikkeling en onderhoud van informatiesystemen", "code": "4.11.1", "label": "Stel voor alle informatiesystemen controles in voor acquisitie, ontwikkeling en onderhoud. Er zal bijzondere aandacht worden besteed aan outsourcing, gebruik van cloud-services of aankoop van producten.", "uuid": "e3ce304d-a114-4eb7-a9d5-53dbcce5a188" }, { "category": "Aankoop, ontwikkeling en onderhoud van informatiesystemen", "code": "4.11.2", "label": "Logboek bijhouden.", "uuid": "27a4961b-a67f-4da7-a5d7-a6d10c529965" }, { "category": "Aankoop, ontwikkeling en onderhoud van informatiesystemen", "code": "4.11.3", "label": "In het logboek worden ook de beveiligingsmaatregelen vermeld waarvoor de nodige maatregelen zijn getroffen.", "uuid": "2ad9e3dc-4d58-4bd2-98ee-3907ac749571" }, { "category": "Aankoop, ontwikkeling en onderhoud van informatiesystemen", "code": "4.11.4", "label": "Procedures implementeren om oplossingen up-to-date te houden en te zorgen voor een geteste back-up-beveiligingsmaatregel voor zowel systemen als gegevens.", "uuid": "561da413-a109-4108-8e2a-cac5c6edb126" }, { "category": "Aankoop, ontwikkeling en onderhoud van informatiesystemen", "code": "4.11.5_AVG", "label": "Bij aankoop, ontwikkeling en onderhoud van systemen moeten er processen en procedures gebruikt worden die persoonsgegevens beschermen, zowel bij ontwerp als operationeel beheer.", "uuid": "747beed5-104d-4f74-a95c-4fbe708b8f5e" }, { "category": "Betrekkingen met derden (leveranciers, autoriteiten)", "code": "4.12.1", "label": "De contracten tussen de partijen bevatten beveiligingsmaatregelen, opgelegd door de organisatie door wet- en regelgeving (inclusief het AVG, Cyber Act) en die de elementen van controle en toetsing bevatten.", "uuid": "3e9d3ded-9f04-44fb-b7fd-9224bdab9ee8" }, { "category": "Betrekkingen met derden (leveranciers, autoriteiten)", "code": "4.12.2", "label": "Bij gebruik van cloud-computing-diensten worden de nodige beveiligingsmaatregelen ingezet die nodig zijn voor de organisatie.", "uuid": "0f14c5b8-8a91-4d6f-9ab2-b6456270e43e" }, { "category": "Betrekkingen met derden (leveranciers, autoriteiten)", "code": "4.12.3_AVG", "label": "Erop toezien de relaties met leveranciers en met de autoriteiten te defini\u00ebren.", "uuid": "738ad217-4c42-4d69-82d5-dc550114d51b" }, { "category": "Geco\u00f6rdineerd bekendmakingsbeleid van kwetsbaarheden (CVDP)", "code": "4.13.1", "label": "Een CVDP opstellen en onderhouden.", "uuid": "55efb31d-8362-45f8-9e1b-2a1e5dba575c" }, { "category": "Geco\u00f6rdineerd bekendmakingsbeleid van kwetsbaarheden (CVDP)", "code": "4.13.2", "label": "Zowel voor interne als externe medewerkers en betrokken personen moet er een procedure bestaan die het mogelijk maakt om verdachte activiteiten te rapporteren.", "uuid": "e9978bb5-26a5-491e-99d6-9f85c674ed03" }, { "category": "Geco\u00f6rdineerd bekendmakingsbeleid van kwetsbaarheden (CVDP)", "code": "4.13.3_AVG", "label": "Kennisgeving aan de toezichthoudende autoriteit van een inbreuk op persoonsgegevens", "uuid": "a144e735-7e53-4f62-8078-aa9b60675566" }, { "category": "Incident management", "code": "4.14.1", "label": "Een Incident Management Plan dat de taken en verantwoordelijkheden omvat.", "uuid": "781fb42c-a5d0-4b51-8ded-a5c81e61baac" }, { "category": "Incident management", "code": "4.14.2", "label": "Elk incident zal worden geanalyseerd om de relevantie van nieuwe beveiligings- maatregelen te evalueren.", "uuid": "04abda3c-6b69-4b30-819b-3e2106bf9fea" }, { "category": "Incident management", "code": "4.14.3_AVG", "label": "Een Incident Management Plan dat de taken en verantwoordelijkheden omvat die de behandeling van inbreuken op persoonsgegevens regelt.", "uuid": "4333cba2-7c00-4301-9b5b-0d1b3220b28f" }, { "category": "Incident management", "code": "4.14_4_AVG", "label": "Kennisgeving aan de toezichthoudende autoriteit van een inbreuk op persoonsgegevens.", "uuid": "ade66b8c-0eeb-41b9-b4d6-6df1d20aa826" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "4.15.1", "label": "Voor kritieke systemen of gevoelige gegevens die nodig zijn voor de continu\u00efteit van de organisatie wordt een continu\u00efteitsplan opgesteld.", "uuid": "bd3de39d-00f7-4e0f-b693-a0b2d24f7fe1" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "4.15.2", "label": "Onderhoud van het continu\u00efteitsplan.", "uuid": "c6ca06f6-db7b-4721-8de9-091c08db4b94" }, { "category": "Informatiebeveiligingsaspecten van bedrijfscontinu\u00efteitsbeheer", "code": "4.15.3", "label": "Beschermingssysteem dat de confidentialiteit, integriteit en beschikbaarheid van de bedrijfs- en persoonsgegevens garandeert.", "uuid": "59b65555-9e9a-489c-b109-fb5a1df18d21" }, { "category": "Naleving en opvolging wet- en regelgeving", "code": "4.16.1", "label": "Naleving van wet- en regelgeving.", "uuid": "972b19e7-f686-40ba-abb6-6fb7b21da61c" }, { "category": "Naleving en opvolging wet- en regelgeving", "code": "4.16.2", "label": "Elke organisatie zal erop toezien de relaties met leveranciers en met de autoriteiten te defini\u00ebren.", "uuid": "64a3b31e-789c-4663-b6ab-743e226ab946" }, { "category": "Naleving en opvolging wet- en regelgeving", "code": "4.16.3_AVG", "label": "Opvolging van wetgeving en advies die door de betrokken autoriteiten worden uitgevaardigd of aangepast.", "uuid": "d41c4056-4595-4325-84f9-10a284a1a530" }, { "category": "Evaluatie en controle van de beveiligingsmaatregelen", "code": "4.17.1", "label": "Elke organisatie organiseert op geregelde tijdstippen een evaluatie van de maatregelen.", "uuid": "2a14a2ac-8469-4ee7-a12e-ca6b5aea5562" } ], "version": 2 } 2019-11-28T14:02:57.831890+00:00 https://objects.monarc.lu/object/get/27 NIST Core 2021-01-17T22:00:06.120323+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "NIST Core", "language": "EN", "refs": [ "https://www.nist.gov/cyberframework/framework" ], "uuid": "fcf78560-3d12-42ba-8f4a-5761ca02ac94", "values": [ { "category": "Asset Management (ID.AM)", "code": "1_ID.AM-1", "label": "Physical devices and systems within the organization are inventoried", "uuid": "231fc2b1-80c2-450e-9d80-f804f5a8984c" }, { "category": "Asset Management (ID.AM)", "code": "1_ID.AM-2", "label": "Software platforms and applications within the organization are inventoried", "uuid": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329" }, { "category": "Asset Management (ID.AM)", "code": "1_ID.AM-3", "label": "Organizational communication and data flows are mapped", "uuid": "b0cebf68-a023-40af-ba24-e59bd4a45c90" }, { "category": "Asset Management (ID.AM)", "code": "1_ID.AM-4", "label": "External information systems are catalogued", "uuid": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c" }, { "category": "Asset Management (ID.AM)", "code": "1_ID.AM-5", "label": "Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value", "uuid": "50fc2488-b730-48ae-abf8-93e60f141404" }, { "category": "Asset Management (ID.AM)", "code": "1_ID.AM-6", "label": "Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established", "uuid": "766520fa-3439-4382-babc-eb7d9d6b1f52" }, { "category": "Business Environment (ID.BE)", "code": "1_ID.BE-1", "label": "The organization\u2019s role in the supply chain is identified and communicated", "uuid": "46555297-7af1-4d59-ac07-6e627aef4dda" }, { "category": "Business Environment (ID.BE)", "code": "1_ID.BE-2", "label": "The organization\u2019s place in critical infrastructure and its industry sector is identified and communicated", "uuid": "63f9f527-2c63-4fda-acda-7ebcf3025873" }, { "category": "Business Environment (ID.BE)", "code": "1_ID.BE-3", "label": "Priorities for organizational mission, objectives, and activities are established and communicated", "uuid": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3" }, { "category": "Business Environment (ID.BE)", "code": "1_ID.BE-4", "label": "Dependencies and critical functions for delivery of critical services are established", "uuid": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a" }, { "category": "Business Environment (ID.BE)", "code": "1_ID.BE-5", "label": "Resilience requirements to support delivery of critical services are established", "uuid": "75942c69-3336-4e82-bf59-515aaa6e3513" }, { "category": "Governance (ID.GV)", "code": "1_ID.GV-1", "label": "Organizational information security policy is established", "uuid": "7a4074cc-5b40-486a-9a52-6b49be7f95e6" }, { "category": "Governance (ID.GV)", "code": "1_ID.GV-2", "label": "Information security roles & responsibilities are coordinated and aligned with internal roles and external partners", "uuid": "29613b2e-8def-417e-85fa-31aa5ef5de3b" }, { "category": "Governance (ID.GV)", "code": "1_ID.GV-3", "label": "Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed", "uuid": "4e2499c0-d23d-4977-9e9f-6323af31be24" }, { "category": "Governance (ID.GV)", "code": "1_ID.GV-4", "label": "Governance and risk management processes address cybersecurity risks", "uuid": "d2e86e2d-5bec-42a2-b642-69995b6abcf0" }, { "category": "Risk Assessment (ID.RA)", "code": "1_ID.RA-1", "label": "Asset vulnerabilities are identified and documented", "uuid": "cc6aad46-1887-4da6-93e3-c707be07b9f5" }, { "category": "Risk Assessment (ID.RA)", "code": "1_ID.RA-2", "label": "Threat and vulnerability information is received from information sharing forums and sources", "uuid": "0550c268-534a-4311-920d-84466e4865c4" }, { "category": "Risk Assessment (ID.RA)", "code": "1_ID.RA-3", "label": "Threats, both internal and external, are identified and documented", "uuid": "1bad7834-b740-48ff-8450-5792b55614db" }, { "category": "Risk Assessment (ID.RA)", "code": "1_ID.RA-4", "label": "Potential business impacts and likelihoods are identified", "uuid": "7c09a9bf-407c-4509-94c0-af8314fc3b86" }, { "category": "Risk Assessment (ID.RA)", "code": "1_ID.RA-5", "label": "Threats, vulnerabilities, likelihoods, and impacts are used to determine risk", "uuid": "6d0bfd47-88dc-484a-aed8-196eaa12c4db" }, { "category": "Risk Assessment (ID.RA)", "code": "1_ID.RA-6", "label": "Risk responses are identified and prioritized", "uuid": "98ce2a28-d424-4436-8c41-2ec0e8d563fa" }, { "category": "Risk Management Strategy (ID.RM)", "code": "1_ID.RM-1", "label": "Risk management processes are established, managed, and agreed to by organizational stakeholders", "uuid": "e384f897-1b70-49a5-8491-24c035e1451f" }, { "category": "Risk Management Strategy (ID.RM)", "code": "1_ID.RM-2", "label": "Organizational risk tolerance is determined and clearly expressed", "uuid": "7a9f7d35-6714-4182-ae88-d9ff575224a6" }, { "category": "Risk Management Strategy (ID.RM)", "code": "1_ID.RM-3", "label": "The organization\u2019s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis", "uuid": "97331ab3-3365-4fb0-894c-578c460720fa" }, { "category": "Supply Chain Risk Management (ID.SC)", "code": "1_ID.SC-1", "label": "Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders", "uuid": "03dee2e6-285f-44e4-acc5-2388f62584a5" }, { "category": "Supply Chain Risk Management (ID.SC)", "code": "1_ID.SC-2", "label": "Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process", "uuid": "b9d19a14-74ab-46ae-8456-189d1a180dbf" }, { "category": "Supply Chain Risk Management (ID.SC)", "code": "1_ID.SC-3", "label": "Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization\u2019s cybersecurity program and Cyber Supply Chain Risk Management Plan.", "uuid": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea" }, { "category": "Supply Chain Risk Management (ID.SC)", "code": "1_ID.SC-4", "label": "Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.", "uuid": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939" }, { "category": "Supply Chain Risk Management (ID.SC)", "code": "1_ID.SC-5", "label": "Response and recovery planning and testing are conducted with suppliers and third-party providers", "uuid": "aa988775-7261-412e-bbee-bfd90db78a59" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-1", "label": "Identities and credentials are managed for authorized devices and users", "uuid": "a6b301ed-e0c1-467d-8e42-e2796c64b785" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-2", "label": "Physical access to assets is managed and protected", "uuid": "382fe4f1-9f05-4169-a343-2c961a8cf359" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-3", "label": "Remote access is managed", "uuid": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-4", "label": "Access permissions are managed, incorporating the principles of least privilege and separation of duties", "uuid": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-5", "label": "Network integrity is protected, incorporating network segregation where appropriate", "uuid": "800fc6f9-e574-4152-89e6-30bae7da4adc" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-6", "label": "Identities are proofed and bound to credentials and asserted in interactions", "uuid": "d44d0823-1523-457a-b028-6ea0da3adb34" }, { "category": "Access Control (PR.AC)", "code": "2_PR.AC-7", "label": "Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals\u2019 security and privacy risks and other organizational risks)", "uuid": "14aab29b-4760-4f32-ad21-06367a8ea05e" }, { "category": "Awareness and Training (PR.AT)", "code": "2_PR.AT-1", "label": "All users are informed and trained", "uuid": "01d259f0-ece0-4f7c-91bf-d09844c576cc" }, { "category": "Awareness and Training (PR.AT)", "code": "2_PR.AT-2", "label": "Privileged users understand roles & responsibilities", "uuid": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "category": "Awareness and Training (PR.AT)", "code": "2_PR.AT-3", "label": "Third-party stakeholders (e.g., suppliers, customers, partners) understand roles & responsibilities", "uuid": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" }, { "category": "Awareness and Training (PR.AT)", "code": "2_PR.AT-4", "label": "Senior executives understand roles & responsibilities", "uuid": "987e9304-80fd-4470-b8b4-213f41a0a957" }, { "category": "Awareness and Training (PR.AT)", "code": "2_PR.AT-5", "label": "Physical and information security personnel understand roles & responsibilities", "uuid": "92a81683-1877-48d3-9d5a-c7c0ddd9852b" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-1", "label": "Data-at-rest is protected", "uuid": "d798a390-f23a-4bbc-abe5-588ab58811c6" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-2", "label": "Data-in-transit is protected", "uuid": "38022045-6812-4623-8409-7a9d6b3f7ce8" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-3", "label": "Assets are formally managed throughout removal, transfers, and disposition", "uuid": "acfea27c-c6d5-421a-9ae4-2db82610cc41" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-4", "label": "Adequate capacity to ensure availability is maintained", "uuid": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-5", "label": "Protections against data leaks are implemented", "uuid": "e760c443-e572-43cb-bf5b-8aeb3b42ef65" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-6", "label": "Integrity checking mechanisms are used to verify software, firmware, and information integrity", "uuid": "e5b116b5-b806-4863-92ba-d8c2f477813b" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-7", "label": "The development and testing environment(s) are separate from the production environment", "uuid": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f" }, { "category": "Data Security (PR.DS)", "code": "2_PR.DS-8", "label": "Integrity checking mechanisms are used to verify hardware integrity", "uuid": "892d5462-ee77-4379-ab88-a78f3eff45c1" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-1", "label": "A baseline configuration of information technology/industrial control systems is created and maintained", "uuid": "30a7a092-3e00-4d33-aec2-66d019c2ff03" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-2", "label": "A System Development Life Cycle to manage systems is implemented", "uuid": "7cd438b8-038b-4f1f-a431-a1a1a83e009c" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-3", "label": "Configuration change control processes are in place", "uuid": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-4", "label": "Backups of information are conducted, maintained, and tested periodically", "uuid": "2e411d93-1836-4dbc-baf1-a747d2a9915a" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-5", "label": "Policy and regulations regarding the physical operating environment for organizational assets are met", "uuid": "f01b50b8-0e54-4f8f-afee-0ec56f788a42" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-6", "label": "Data is destroyed according to policy", "uuid": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-7", "label": "Protection processes are continuously improved", "uuid": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-8", "label": "Effectiveness of protection technologies is shared with appropriate parties", "uuid": "ac4be007-d8cb-4da5-9a84-118c2841a6f5" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-9", "label": "Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed", "uuid": "4fe097cd-e0c0-4698-a209-43ffb553a279" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-10", "label": "Response and recovery plans are tested", "uuid": "e4f85702-5874-4361-beec-45d00b379c5b" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-11", "label": "Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)", "uuid": "4279b240-b560-4632-a557-9af1322930fd" }, { "category": "Information Protection Processes and Procedures (PR.IP)", "code": "2_PR.IP-12", "label": "A vulnerability management plan is developed and implemented", "uuid": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c" }, { "category": "Maintenance (PR.MA)", "code": "2_PR.MA-1", "label": "Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools", "uuid": "6da92eea-2f74-458f-a643-361df7ea9f2f" }, { "category": "Maintenance (PR.MA)", "code": "2_PR.MA-2", "label": "Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access", "uuid": "831f20de-eadb-44a7-82f3-fcb116d8cb69" }, { "category": "Protective Technology (PR.PT)", "code": "2_PR.PT-1", "label": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy", "uuid": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a" }, { "category": "Protective Technology (PR.PT)", "code": "2_PR.PT-2", "label": "Removable media is protected and its use restricted according to policy", "uuid": "0f278ef8-3a97-4e0e-bc30-66d530bdea47" }, { "category": "Protective Technology (PR.PT)", "code": "2_PR.PT-3", "label": "Access to systems and assets is controlled, incorporating the principle of least functionality", "uuid": "02cc6244-c9d8-4db1-aeb3-a05933207c9d" }, { "category": "Protective Technology (PR.PT)", "code": "2_PR.PT-4", "label": "Communications and control networks are protected", "uuid": "6b2a7cc7-c35a-4020-92d8-5935e1229676" }, { "category": "Protective Technology (PR.PT)", "code": "2_PR.PT-5", "label": "Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations", "uuid": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e" }, { "category": "Anomalies and Events (DE.AE)", "code": "3_DE.AE-1", "label": "A baseline of network operations and expected data flows for users and systems is established and managed", "uuid": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f" }, { "category": "Anomalies and Events (DE.AE)", "code": "3_DE.AE-2", "label": "Detected events are analyzed to understand attack targets and methods", "uuid": "69f50c12-9eab-4305-be4f-97a2002ccc0c" }, { "category": "Anomalies and Events (DE.AE)", "code": "3_DE.AE-3", "label": "Event data are aggregated and correlated from multiple sources and sensors", "uuid": "31dc508e-664e-4173-8757-00ec985115c8" }, { "category": "Anomalies and Events (DE.AE)", "code": "3_DE.AE-4", "label": "Impact of events is determined", "uuid": "3f6e72ed-2984-452d-badd-5563acbf0450" }, { "category": "Anomalies and Events (DE.AE)", "code": "3_DE.AE-5", "label": "Incident alert thresholds are established", "uuid": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-1", "label": "The network is monitored to detect potential cybersecurity events", "uuid": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-2", "label": "The physical environment is monitored to detect potential cybersecurity events", "uuid": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-3", "label": "Personnel activity is monitored to detect potential cybersecurity events", "uuid": "a8f83595-0327-4e24-9557-0e8d9b82856f" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-4", "label": "Malicious code is detected", "uuid": "70e202bf-2270-4daf-8fb5-4f6fb10de979" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-5", "label": "Unauthorized mobile code is detected", "uuid": "54eeaae4-2b82-43ce-9a61-40d453116d8d" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-6", "label": "External service provider activity is monitored to detect potential cybersecurity events", "uuid": "bbb99e89-ee33-46fc-bc03-1582631210c4" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-7", "label": "Monitoring for unauthorized personnel, connections, devices, and software is performed", "uuid": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "category": "Security Continuous Monitoring (DE.CM)", "code": "3_DE.CM-8", "label": "Vulnerability scans are performed", "uuid": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be" }, { "category": "Detection Processes (DE.DP)", "code": "3_DE.DP-1", "label": "Roles and responsibilities for detection are well defined to ensure accountability", "uuid": "48a13f85-a811-43fa-a0e8-89f67fb2743f" }, { "category": "Detection Processes (DE.DP)", "code": "3_DE.DP-2", "label": "Detection activities comply with all applicable requirements", "uuid": "f9d1a926-5d39-4123-8b83-a94c21ff18e5" }, { "category": "Detection Processes (DE.DP)", "code": "3_DE.DP-3", "label": "Detection processes are tested", "uuid": "23e4c883-c358-4b64-8d7e-249c67b7f1f2" }, { "category": "Detection Processes (DE.DP)", "code": "3_DE.DP-4", "label": "Event detection information is communicated to appropriate parties", "uuid": "025611cb-8431-4a9c-a88c-039141472418" }, { "category": "Detection Processes (DE.DP)", "code": "3_DE.DP-5", "label": "Detection processes are continuously improved", "uuid": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9" }, { "category": "Response Planning (RS.RP)", "code": "4_RS.RP-1", "label": "Response plan is executed during or after an event", "uuid": "b237b4b1-a21a-4122-b4c8-e068ad58ef21" }, { "category": "Communications (RS.CO)", "code": "4_RS.CO-1", "label": "Personnel know their roles and order of operations when a response is needed", "uuid": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" }, { "category": "Communications (RS.CO)", "code": "4_RS.CO-2", "label": "Events are reported consistent with established criteria", "uuid": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a" }, { "category": "Communications (RS.CO)", "code": "4_RS.CO-3", "label": "Information is shared consistent with response plans", "uuid": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68" }, { "category": "Communications (RS.CO)", "code": "4_RS.CO-4", "label": "Coordination with stakeholders occurs consistent with response plans", "uuid": "34a2e449-b69d-4f75-a548-8c5faee598b5" }, { "category": "Communications (RS.CO)", "code": "4_RS.CO-5", "label": "Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness", "uuid": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf" }, { "category": "Analysis (RS.AN)", "code": "4_RS.AN-1", "label": "Notifications from detection systems are investigated", "uuid": "e6ab0d96-2ced-445d-a19f-97710b2cc346" }, { "category": "Analysis (RS.AN)", "code": "4_RS.AN-2", "label": "The impact of the incident is understood", "uuid": "0c7c3558-9c78-4bcc-816b-9123c899b653" }, { "category": "Analysis (RS.AN)", "code": "4_RS.AN-3", "label": "Forensics are performed", "uuid": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a" }, { "category": "Analysis (RS.AN)", "code": "4_RS.AN-4", "label": "Incidents are categorized consistent with response plans", "uuid": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94" }, { "category": "Analysis (RS.AN)", "code": "4_RS.AN-5", "label": "Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)", "uuid": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7" }, { "category": "Mitigation (RS.MI)", "code": "4_RS.MI-1", "label": "Incidents are contained", "uuid": "2736e702-38ef-439d-9e8b-989ef56f8735" }, { "category": "Mitigation (RS.MI)", "code": "4_RS.MI-2", "label": "Incidents are mitigated", "uuid": "e94941eb-31da-40e0-b944-07c43233e7c0" }, { "category": "Mitigation (RS.MI)", "code": "4_RS.MI-3", "label": "Newly identified vulnerabilities are mitigated or documented as accepted risks", "uuid": "0de24c0a-53cb-4481-9b8d-fccc252e4f03" }, { "category": "Improvements (RS.IM)", "code": "4_RS.IM-1", "label": "Response plans incorporate lessons learned", "uuid": "01314572-becc-4780-945f-9ed3a40af900" }, { "category": "Improvements (RS.IM)", "code": "4_RS.IM-2", "label": "Response strategies are updated", "uuid": "f0753789-bcc3-4f66-9bb5-b6179bb367de" }, { "category": "Recovery Planning (RC.RP)", "code": "5_RC.RP-1", "label": "Recovery plan is executed during or after an event", "uuid": "0d124100-372e-429b-9e2f-d12211f005e1" }, { "category": "Improvements (RC.IM)", "code": "5_RC.IM-1", "label": "Recovery plans incorporate lessons learned", "uuid": "52ab8937-c260-4cf3-a807-ce1381afa4c9" }, { "category": "Improvements (RC.IM)", "code": "5_RC.IM-2", "label": "Recovery strategies are updated", "uuid": "421b5608-0f1d-4de5-b646-ff9538f8493f" }, { "category": "Communications (RC.CO)", "code": "5_RC.CO-1", "label": "Public relations are managed", "uuid": "771e3059-9eb4-4313-94b4-f0e8fa102498" }, { "category": "Communications (RC.CO)", "code": "5_RC.CO-2", "label": "Reputation after an event is repaired", "uuid": "ecde2384-2cdb-46cc-9a15-37ea9ee175ee" }, { "category": "Communications (RC.CO)", "code": "5_RC.CO-3", "label": "Recovery activities are communicated to internal stakeholders and executive and management teams", "uuid": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa" } ], "version": 1, "version_ext": "1.1" } 2019-11-28T14:03:42.193562+00:00 https://objects.monarc.lu/object/get/33 NIS security measures for OES 2021-01-17T22:00:06.119147+00:00 MONARC { "label": "NIS security measures for OES", "language": "EN", "refs": [ "https://www.enisa.europa.eu/publications/mapping-of-oes-security-requirements-to-specific-sectors" ], "uuid": "3f4a2a67-a1f9-46e1-8d71-7f6486217bb7", "values": [ { "category": "Information System Security Governance & Risk Management", "code": "1.1.1", "label": "Information system security risk analysis", "uuid": "030ef936-d0fe-4d6b-9238-e3004f58f7b6" }, { "category": "Information System Security Governance & Risk Management", "code": "1.1.2", "label": "Information system security policy", "uuid": "02527779-a76f-42fc-b420-6726099d4241" }, { "category": "Information System Security Governance & Risk Management", "code": "1.1.3", "label": "Information system security accreditation", "uuid": "8ead422e-2d73-48e8-82f9-b82fe363d072" }, { "category": "Information System Security Governance & Risk Management", "code": "1.1.4", "label": "Information system security indicators", "uuid": "7d1e4532-ddb1-408c-8a9d-ffed0cef3821" }, { "category": "Information System Security Governance & Risk Management", "code": "1.1.5", "label": "Information system security audit", "uuid": "d646a78e-68d8-4d60-a01f-455b1a0df4f1" }, { "category": "Information System Security Governance & Risk Management", "code": "1.1.6", "label": "Human resource security", "uuid": "cfda8669-f42c-4917-833e-b873110b4380" }, { "category": "Information System Security Governance & Risk Management", "code": "1.1.7", "label": "Asset Management", "uuid": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9" }, { "category": "Ecosystem management", "code": "1.2.1", "label": "Ecosystem mapping", "uuid": "66b045d6-77a5-426f-afe5-55cac81ac5c8" }, { "category": "Ecosystem management", "code": "1.2.2", "label": "Ecosystem relations", "uuid": "26b54bed-01d5-4614-b0ed-907af072b8a9" }, { "category": "IT Security Architecture", "code": "2.1.1", "label": "Systems configuration", "uuid": "8e6bf606-42cf-4f85-bedd-5e633d241183" }, { "category": "IT Security Architecture", "code": "2.1.2", "label": "System segregation", "uuid": "a3f6ee47-de81-400a-a7dc-79e79fb73729" }, { "category": "IT Security Architecture", "code": "2.1.3", "label": "Traffic filtering", "uuid": "7374508b-6114-4219-8834-7b87117fcbf9" }, { "category": "IT Security Architecture", "code": "2.1.4", "label": "Cryptography", "uuid": "fd44edba-005b-447c-8612-c0a92cbb0ec6" }, { "category": "IT Security Administration", "code": "2.2.1", "label": "Administration accounts", "uuid": "9fa537a3-efc0-4624-aeae-ab975076e1c0" }, { "category": "IT Security Administration", "code": "2.2.2", "label": "Administration information systems", "uuid": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79" }, { "category": "Identity and access management", "code": "2.3.1", "label": "Authentication and identification", "uuid": "f5f8ef4a-25f2-4169-b279-424081fc6125" }, { "category": "Identity and access management", "code": "2.3.2", "label": "Access rights", "uuid": "6b327343-7f81-4a40-bc46-194cf5aa54df" }, { "category": "IT Security Maintenance", "code": "2.4.1", "label": "IT security maintenance procedure", "uuid": "752f00ca-196b-4055-b660-4a09185ce3a7" }, { "category": "IT Security Maintenance", "code": "2.4.2", "label": "Remote access", "uuid": "efcb645f-ca20-484d-a3b7-6ef98db907ff" }, { "category": "Physical and environmental security", "code": "2.5.1", "label": "Physical and environmental security", "uuid": "157d5514-b3cd-4d31-9bff-560a1a436d96" }, { "category": "Detection", "code": "3.1.1", "label": "Detection", "uuid": "725706a3-fa1d-48e1-8458-21974439b34b" }, { "category": "Detection", "code": "3.1.2", "label": "Logging", "uuid": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91" }, { "category": "Detection", "code": "3.1.3", "label": "Logs correlation and analysis", "uuid": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd" }, { "category": "Computer Security Incident Management", "code": "3.2.1", "label": "Information system security incident response", "uuid": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8" }, { "category": "Computer Security Incident Management", "code": "3.2.2", "label": "Incident Report", "uuid": "ea405481-cbe2-4e15-b2a3-f45563e160cc" }, { "category": "Computer Security Incident Management", "code": "3.2.3", "label": "Communication with competent authorities and CSIRTs", "uuid": "fbfa7c30-f131-4e9b-9e8a-53ad4b90b164" }, { "category": "Continuity of operations", "code": "4.1.1", "label": "Business continuity management", "uuid": "b24b90b0-eeea-4a56-b5ef-2c484467c97a" }, { "category": "Continuity of operations", "code": "4.1.2", "label": "Disaster recovery management", "uuid": "f87f15fe-0170-4164-90de-091d9519d140" }, { "category": "Crisis management", "code": "4.2.1", "label": "Crisis management organization", "uuid": "0ca52ad9-4570-46be-88ce-d22efd4a145b" }, { "category": "Crisis management", "code": "4.2.2", "label": "Crisis management process", "uuid": "e1a91f54-34e4-45c7-8eae-dfc6dee15854" } ], "version": 1 } 2019-11-28T14:04:11.885707+00:00 https://objects.monarc.lu/object/get/30 NIST SP 800-53 (Rev.5) 2021-01-17T22:00:06.116006+00:00 MONARC { "label": "NIST SP 800-53", "language": "EN", "refs": [ "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft" ], "uuid": "cfd2cd50-95fa-4143-b0e5-794249bacae1", "values": [ { "category": "Access Control", "code": "AC-1", "label": "Access Control Policy and Procedures", "uuid": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "category": "Access Control", "code": "AC-2", "label": "Account Management", "uuid": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "category": "Access Control", "code": "AC-3", "label": "Access Enforcement", "uuid": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "category": "Access Control", "code": "AC-4", "label": "Information Flow Enforcement", "uuid": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "category": "Access Control", "code": "AC-5", "label": "Separation of Duties", "uuid": "35f0172f-4770-4f69-9aa7-8b48a880c85a" }, { "category": "Access Control", "code": "AC-6", "label": "Least Privilege", "uuid": "cea02331-b15a-42bb-ae5c-826afb449240" }, { "category": "Access Control", "code": "AC-7", "label": "Unsuccessful Logon Attempts", "uuid": "f8e45f26-413c-4c61-be2c-216ec688ecb1" }, { "category": "Access Control", "code": "AC-8", "label": "System Use Notification", "uuid": "2006d82c-a148-470f-ad3d-339980bb69b9" }, { "category": "Access Control", "code": "AC-9", "label": "Previous Logon (Access) Notification", "uuid": "a06fe04e-e834-42c9-8b4f-d998eb493136" }, { "category": "Access Control", "code": "AC-10", "label": "Concurrent Session Control", "uuid": "2feed753-8333-46b9-b4a0-ffd78e6d5f96" }, { "category": "Access Control", "code": "AC-11", "label": "Device Lock", "uuid": "48e9827d-60b5-4637-89fa-45dfb4231ff7" }, { "category": "Access Control", "code": "AC-12", "label": "Session Termination", "uuid": "db302cfa-325b-4d4d-a6b3-f85618ca4eb6" }, { "category": "Access Control", "code": "AC-14", "label": "Permitted Actions without Identification or Authentication", "uuid": "90b4a207-023d-4ac4-a1dd-c5ca32453de2" }, { "category": "Access Control", "code": "AC-16", "label": "Security and Privacy Attributes", "uuid": "33d42330-bde6-4964-82c9-fd2eaa07792d" }, { "category": "Access Control", "code": "AC-17", "label": "Remote Access", "uuid": "1b2e1483-0a0e-4c84-ad44-42db07d6172f" }, { "category": "Access Control", "code": "AC-18", "label": "Wireless Access", "uuid": "5dad70d6-04e6-4ad0-9c32-c565e40329ad" }, { "category": "Access Control", "code": "AC-19", "label": "Access Control for Mobile Devices", "uuid": "250001c2-f02d-496c-917e-70034724bfd6" }, { "category": "Access Control", "code": "AC-20", "label": "Use of External Systems", "uuid": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2" }, { "category": "Access Control", "code": "AC-21", "label": "Information Sharing", "uuid": "5d4dc43c-9c46-4fc5-969b-02a1421acf42" }, { "category": "Access Control", "code": "AC-22", "label": "Publicly Accessible Content", "uuid": "81cc10c0-de1e-4317-aae9-304a4c45151e" }, { "category": "Access Control", "code": "AC-23", "label": "Data Mining Protection", "uuid": "ccd5e72f-92d7-4824-8caa-9a75209849d2" }, { "category": "Access Control", "code": "AC-24", "label": "Access Control Decisions", "uuid": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b" }, { "category": "Access Control", "code": "AC-25", "label": "Reference Monitor", "uuid": "6922787a-2fcb-4cfe-a3bc-a75e7c49fccd" }, { "category": "Awareness And Training", "code": "AT-1", "label": "Awareness and Training Policy and Procedures", "uuid": "468658d8-61b8-4757-8c28-d6017337ea91" }, { "category": "Awareness And Training", "code": "AT-2", "label": "Awareness Training", "uuid": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a" }, { "category": "Awareness And Training", "code": "AT-3", "label": "Role-Based Training", "uuid": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "category": "Awareness And Training", "code": "AT-4", "label": "Training Records", "uuid": "a32e8643-88b7-4fa6-9a25-f67b9236b9d0" }, { "category": "Audit And Accountability", "code": "AU-1", "label": "Audit and Accountability Policy and Procedures", "uuid": "0de44076-cd30-439a-9375-c7c6692da6b2" }, { "category": "Audit And Accountability", "code": "AU-2", "label": "Audit Events", "uuid": "8b250e6b-4463-4d55-9241-c99db31a838c" }, { "category": "Audit And Accountability", "code": "AU-3", "label": "Content of Audit Records", "uuid": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1" }, { "category": "Audit And Accountability", "code": "AU-4", "label": "Audit Storage Capacity", "uuid": "6145995f-74e1-4479-ba93-c1cdd9e34f8c" }, { "category": "Audit And Accountability", "code": "AU-5", "label": "Response to Audit Processing Failures", "uuid": "bcc90c0a-8c92-4e75-ba67-a9dd2a64ca9d" }, { "category": "Audit And Accountability", "code": "AU-6", "label": "Audit Review, Analysis, and Reporting", "uuid": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "category": "Audit And Accountability", "code": "AU-7", "label": "Audit Reduction and Report Generation", "uuid": "8314aca6-82c0-4955-a6d3-78f41146ef15" }, { "category": "Audit And Accountability", "code": "AU-8", "label": "Time Stamps", "uuid": "b9383590-e160-4840-b6e7-9476aeb6b8c0" }, { "category": "Audit And Accountability", "code": "AU-9", "label": "Protection of Audit Information", "uuid": "aff838cd-5392-4620-be39-87c4ae7b6d33" }, { "category": "Audit And Accountability", "code": "AU-10", "label": "Non-repudiation", "uuid": "52e68421-ebcf-453f-8e42-48813d47dcf6" }, { "category": "Audit And Accountability", "code": "AU-11", "label": "Audit Record Retention", "uuid": "30ccd853-e570-4c61-98d0-4837692d0654" }, { "category": "Audit And Accountability", "code": "AU-12", "label": "Audit Generation", "uuid": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "category": "Audit And Accountability", "code": "AU-13", "label": "Monitoring for Information Disclosure", "uuid": "ca6dc3b4-45ad-4a17-84c2-06fe7de2936e" }, { "category": "Audit And Accountability", "code": "AU-14", "label": "Session Audit", "uuid": "d447bf80-7c6e-4e16-9f69-a15ed7eafd92" }, { "category": "Audit And Accountability", "code": "AU-15", "label": "Alternate Audit Capability", "uuid": "43d6e18f-7d4e-43f5-af7f-ea6d07d37299" }, { "category": "Audit And Accountability", "code": "AU-16", "label": "Cross-Organizational Auditing", "uuid": "e499f145-1fad-49e2-9403-f50a2a9801e8" }, { "category": "Security Assessment And Authorization", "code": "CA-1", "label": "Assessment, Authorization, and Monitoring Policies and Procedures", "uuid": "9bc48f7a-6863-421d-96c5-7e7099ef2415" }, { "category": "Security Assessment And Authorization", "code": "CA-2", "label": "Assessments", "uuid": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "category": "Security Assessment And Authorization", "code": "CA-3", "label": "System Interconnections", "uuid": "6c55f12d-0f58-4caf-9c27-91c38d3620e3" }, { "category": "Security Assessment And Authorization", "code": "CA-5", "label": "Plan of Action and Milestones", "uuid": "0af9100d-df42-4d7e-953d-8c1fd56dff85" }, { "category": "Security Assessment And Authorization", "code": "CA-6", "label": "Authorization", "uuid": "de31dbbb-4981-4815-acfa-8375989d98cd" }, { "category": "Security Assessment And Authorization", "code": "CA-7", "label": "Continuous Monitoring", "uuid": "5264169d-4e61-40b7-800e-1998f41af781" }, { "category": "Security Assessment And Authorization", "code": "CA-8", "label": "Penetration Testing", "uuid": "2080500f-047a-4695-841f-326310fd6a79" }, { "category": "Security Assessment And Authorization", "code": "CA-9", "label": "Internal System Connections", "uuid": "063f894b-5f12-4e99-8277-6e21692c977d" }, { "category": "Configuration Management", "code": "CM-1", "label": "Configuration Management Policy and Procedures", "uuid": "698ebcc9-cf38-49d4-9a7a-dce61bbff968" }, { "category": "Configuration Management", "code": "CM-2", "label": "Baseline Configuration", "uuid": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "category": "Configuration Management", "code": "CM-3", "label": "Configuration Change Control", "uuid": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "category": "Configuration Management", "code": "CM-4", "label": "Security and Privacy Impact Analyses", "uuid": "4d738f6e-3999-4a07-97f8-552ef2df77f3" }, { "category": "Configuration Management", "code": "CM-5", "label": "Access Restrictions for Change", "uuid": "dce2b6b6-33dd-45b1-9006-e09493aa95e3" }, { "category": "Configuration Management", "code": "CM-6", "label": "Configuration Settings", "uuid": "dfeeec44-4cd4-49f8-8a41-2c03f786f818" }, { "category": "Configuration Management", "code": "CM-7", "label": "Least Functionality", "uuid": "d0557646-d1eb-4d79-8670-b1cdaf1072be" }, { "category": "Configuration Management", "code": "CM-8", "label": "System Component Inventory", "uuid": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "category": "Configuration Management", "code": "CM-9", "label": "Configuration Management Plan", "uuid": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8" }, { "category": "Configuration Management", "code": "CM-10", "label": "Software Usage Restrictions", "uuid": "8ccaf96b-99b1-4677-be72-1e072cc26ebd" }, { "category": "Configuration Management", "code": "CM-11", "label": "User-Installed Software", "uuid": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b" }, { "category": "Configuration Management", "code": "CM-12", "label": "Information Location", "uuid": "50310b7b-0a4b-4572-998c-5954f7d6750e" }, { "category": "Contingency Planning", "code": "CP-1", "label": "Contingency Planning Policy and Procedures", "uuid": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed" }, { "category": "Contingency Planning", "code": "CP-2", "label": "Contingency Plan", "uuid": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "category": "Contingency Planning", "code": "CP-3", "label": "Contingency Training", "uuid": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6" }, { "category": "Contingency Planning", "code": "CP-4", "label": "Contingency Plan Testing", "uuid": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "category": "Contingency Planning", "code": "CP-6", "label": "Alternate Storage Site", "uuid": "60a84903-025a-40c5-9cf6-dad960e55cf1" }, { "category": "Contingency Planning", "code": "CP-7", "label": "Alternate Processing Site", "uuid": "1dfd046a-a422-4089-9fda-c141e865042a" }, { "category": "Contingency Planning", "code": "CP-8", "label": "Telecommunications Services", "uuid": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "category": "Contingency Planning", "code": "CP-9", "label": "System Backup", "uuid": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8" }, { "category": "Contingency Planning", "code": "CP-10", "label": "System Recovery and Reconstitution", "uuid": "5ba61017-362e-411b-929d-c76c27358660" }, { "category": "Contingency Planning", "code": "CP-11", "label": "Alternate Communications Protocols", "uuid": "b705c1c5-aee2-4cb0-9f55-f045fc627f34" }, { "category": "Contingency Planning", "code": "CP-12", "label": "Safe Mode", "uuid": "b827b7db-76ee-4fda-b193-3004feef59e0" }, { "category": "Contingency Planning", "code": "CP-13", "label": "Alternative Security Mechanisms", "uuid": "5278ff6f-473b-4a2c-8234-1a6a3198c701" }, { "category": "Identification And Authentication", "code": "IA-1", "label": "Identification and Authentication Policy and Procedures", "uuid": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "category": "Identification And Authentication", "code": "IA-2", "label": "Identification and Authentication (Organizational Users)", "uuid": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "category": "Identification And Authentication", "code": "IA-3", "label": "Device Identification and Authentication", "uuid": "e37e0d76-3ea8-49e4-b65b-a5e2645a902a" }, { "category": "Identification And Authentication", "code": "IA-4", "label": "Identifier Management", "uuid": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "category": "Identification And Authentication", "code": "IA-5", "label": "Authenticator Management", "uuid": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "category": "Identification And Authentication", "code": "IA-6", "label": "Authenticator Feedback", "uuid": "1bf6a2b8-b728-49a2-953f-0a965d966db1" }, { "category": "Identification And Authentication", "code": "IA-7", "label": "Cryptographic Module Authentication", "uuid": "7c68c0c2-fea5-44d1-8580-5170edd92e22" }, { "category": "Identification And Authentication", "code": "IA-8", "label": "Identification and Authentication (Non-Organizational Users)", "uuid": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "category": "Identification And Authentication", "code": "IA-9", "label": "Service Identification and Authentication", "uuid": "17a82de8-0490-4100-a4fb-2ad9af49d594" }, { "category": "Identification And Authentication", "code": "IA-10", "label": "Adaptive Authentication", "uuid": "f0b81b68-372d-4ced-9c6b-7d8ae3da799c" }, { "category": "Identification And Authentication", "code": "IA-11", "label": "Re-authentication", "uuid": "625e343d-7aa1-46e1-939b-50f5b8f5f5b4" }, { "category": "Identification And Authentication", "code": "IA-12", "label": "Identity Proofing", "uuid": "c183aff2-8e42-439c-9392-d6823321ec9e" }, { "category": "Individual Participation", "code": "IP-1", "label": "Individual Participation Policy and Procedures", "uuid": "b41dacdb-78d6-4744-bcae-5a46b95cfe04" }, { "category": "Individual Participation", "code": "IP-2", "label": "Consent", "uuid": "4123ace0-da01-431c-997c-bd03e3319f36" }, { "category": "Individual Participation", "code": "IP-3", "label": "Redress", "uuid": "72eed0db-aa5a-4677-899f-b56d01187c6e" }, { "category": "Individual Participation", "code": "IP-4", "label": "Privacy Notice", "uuid": "d351c523-45f7-405c-aa9e-eb4289dea021" }, { "category": "Individual Participation", "code": "IP-5", "label": "Privacy Act Statement", "uuid": "90b76f4c-10ec-4530-a7c8-b3d488d8886d" }, { "category": "Individual Participation", "code": "IP-6", "label": "Individual Access", "uuid": "67e6c588-aea1-47c7-a34e-e04bf91df582" }, { "category": "Incident Response", "code": "IR-1", "label": "Incident Response Policy and Procedures", "uuid": "74b14d2d-6320-4ac9-9b74-d93177dd4329" }, { "category": "Incident Response", "code": "IR-2", "label": "Incident Response Training", "uuid": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3" }, { "category": "Incident Response", "code": "IR-3", "label": "Incident Response Testing", "uuid": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "category": "Incident Response", "code": "IR-4", "label": "Incident Handling", "uuid": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "category": "Incident Response", "code": "IR-5", "label": "Incident Monitoring", "uuid": "10213f53-5179-42f2-beb6-1364872d983d" }, { "category": "Incident Response", "code": "IR-6", "label": "Incident Reporting", "uuid": "69e93c59-0239-4bc8-8d5f-d2c65c706f46" }, { "category": "Incident Response", "code": "IR-7", "label": "Incident Response Assistance", "uuid": "54802539-1d62-43c3-8f7e-8c7e03087812" }, { "category": "Incident Response", "code": "IR-8", "label": "Incident Response Plan", "uuid": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "category": "Incident Response", "code": "IR-9", "label": "Information Spillage Response", "uuid": "e1211579-cdf4-4357-ba8a-3a5c46401837" }, { "category": "Incident Response", "code": "IR-10", "label": "Integrated Information Security Analysis Team", "uuid": "a781d945-be41-4457-aef9-5f1757031940" }, { "category": "Maintenance", "code": "MA-1", "label": "System Maintenance Policy and Procedures", "uuid": "7fb408ab-f358-489d-be81-5b9395da78a7" }, { "category": "Maintenance", "code": "MA-2", "label": "Controlled Maintenance", "uuid": "9d4a3657-457f-4223-adfe-d0b2df91ffc3" }, { "category": "Maintenance", "code": "MA-3", "label": "Maintenance Tools", "uuid": "508b0a74-cd81-4a65-b2c1-bb4c193adc53" }, { "category": "Maintenance", "code": "MA-4", "label": "Nonlocal Maintenance", "uuid": "a8768b25-29ff-4b0a-a61e-89a2dacb2ff8" }, { "category": "Maintenance", "code": "MA-5", "label": "Maintenance Personnel", "uuid": "be8d5a19-945d-4b26-9499-790193e65b06" }, { "category": "Maintenance", "code": "MA-6", "label": "Timely Maintenance", "uuid": "9368a916-1fac-4dd2-b621-751ef4483a72" }, { "category": "Media Protection", "code": "MP-1", "label": "Media Protection Policy and Procedures", "uuid": "bcc51690-d12c-41a8-bd76-6aae187a8afc" }, { "category": "Media Protection", "code": "MP-2", "label": "Media Access", "uuid": "14555491-0f15-428b-9ecd-836c6307675c" }, { "category": "Media Protection", "code": "MP-3", "label": "Media Marking", "uuid": "70ccf1af-4cad-443a-9dcd-9b49c4b6aec8" }, { "category": "Media Protection", "code": "MP-4", "label": "Media Storage", "uuid": "50272033-eb78-4309-84e0-303320d75b87" }, { "category": "Media Protection", "code": "MP-5", "label": "Media Transport", "uuid": "025d84e9-5612-404e-acf4-5d860c01a73c" }, { "category": "Media Protection", "code": "MP-6", "label": "Media Sanitization", "uuid": "b0779c7f-7db2-4af2-ab93-5c000a889408" }, { "category": "Media Protection", "code": "MP-7", "label": "Media Use", "uuid": "cc087e48-874b-4953-adcc-96fac3f19306" }, { "category": "Media Protection", "code": "MP-8", "label": "Media Downgrading", "uuid": "b6ed1637-26e3-4278-9552-89601f278d8c" }, { "category": "Privacy Authorization", "code": "PA-1", "label": "Privacy Authorization Policy and Procedures", "uuid": "5b92c7ee-202b-4de8-983c-74937b86b48f" }, { "category": "Privacy Authorization", "code": "PA-2", "label": "Authority to Collect", "uuid": "ee9525ea-a06f-4862-b6c8-c09fa266ea38" }, { "category": "Privacy Authorization", "code": "PA-3", "label": "Purpose Specification", "uuid": "dc814dd1-359d-4245-839c-5a1cdd6e1bad" }, { "category": "Privacy Authorization", "code": "PA-4", "label": "Information Sharing With External Parties", "uuid": "f7c64768-dc70-4e4d-b121-58f41bfde7c6" }, { "category": "Physical And Environmental Protection", "code": "PE-1", "label": "Physical and Environmental Protection Policy and Procedures", "uuid": "c1738677-3cae-4833-97b4-f2f3c04dd5e0" }, { "category": "Physical And Environmental Protection", "code": "PE-2", "label": "Physical Access Authorizations", "uuid": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7" }, { "category": "Physical And Environmental Protection", "code": "PE-3", "label": "Physical Access Control", "uuid": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "category": "Physical And Environmental Protection", "code": "PE-4", "label": "Access Control for Transmission", "uuid": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d" }, { "category": "Physical And Environmental Protection", "code": "PE-5", "label": "Access Control for Output Devices", "uuid": "e8ed7158-ffc1-44a4-8673-80286ad97b36" }, { "category": "Physical And Environmental Protection", "code": "PE-6", "label": "Monitoring Physical Access", "uuid": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "category": "Physical And Environmental Protection", "code": "PE-8", "label": "Visitor Access Records", "uuid": "b3ee40ae-b296-4e88-9033-cb669e98f11c" }, { "category": "Physical And Environmental Protection", "code": "PE-9", "label": "Power Equipment and Cabling", "uuid": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37" }, { "category": "Physical And Environmental Protection", "code": "PE-10", "label": "Emergency Shutoff", "uuid": "990ee3a7-3044-4c8f-8387-946a7a9aba76" }, { "category": "Physical And Environmental Protection", "code": "PE-11", "label": "Emergency Power", "uuid": "6d3fbb99-fa7d-4c65-9c5f-928044a5840f" }, { "category": "Physical And Environmental Protection", "code": "PE-12", "label": "Emergency Lighting", "uuid": "5cf67afa-7a43-4dd4-b1db-dd28862a689c" }, { "category": "Physical And Environmental Protection", "code": "PE-13", "label": "Fire Protection", "uuid": "51e4fd6c-0aa8-4604-b13d-bf74c9706922" }, { "category": "Physical And Environmental Protection", "code": "PE-14", "label": "Temperature and Humidity Controls", "uuid": "9dda0a30-be3d-4752-867d-bf9570971c52" }, { "category": "Physical And Environmental Protection", "code": "PE-15", "label": "Water Damage Protection", "uuid": "6448f036-bdb2-4f21-8e30-0acf8073215d" }, { "category": "Physical And Environmental Protection", "code": "PE-16", "label": "Delivery and Removal", "uuid": "de6195c6-1fc1-423a-a748-785653c9324f" }, { "category": "Physical And Environmental Protection", "code": "PE-17", "label": "Alternate Work Site", "uuid": "aead24db-a196-4daf-a099-60b1d1991d70" }, { "category": "Physical And Environmental Protection", "code": "PE-18", "label": "Location of System Components", "uuid": "53ae3aa9-d88e-4f55-a040-375cfe348c48" }, { "category": "Physical And Environmental Protection", "code": "PE-19", "label": "Information Leakage", "uuid": "244cbc08-55d5-46ea-ba28-aec72f16b337" }, { "category": "Physical And Environmental Protection", "code": "PE-20", "label": "Asset Monitoring and Tracking", "uuid": "2fd70998-9247-4efd-923d-276f5c76b3b9" }, { "category": "Physical And Environmental Protection", "code": "PE-21", "label": "Electromagnetic Pulse Protection", "uuid": "b3523d09-add6-4b33-aa3e-6f780d83a9d6" }, { "category": "Physical And Environmental Protection", "code": "PE-22", "label": "Component Marking", "uuid": "cd7d903b-0282-4895-8501-47b568183e97" }, { "category": "Planning", "code": "PL-1", "label": "Planning Policy and Procedures", "uuid": "3c492512-da9f-4112-a76a-3e5cb0400e6f" }, { "category": "Planning", "code": "PL-2", "label": "Security and Privacy Plans", "uuid": "8047a1c6-e890-4817-982d-04fcdc2820a2" }, { "category": "Planning", "code": "PL-4", "label": "Rules of Behavior", "uuid": "7b481f8c-2485-40a8-aee7-03b39721e103" }, { "category": "Planning", "code": "PL-7", "label": "Concept of Operations", "uuid": "7f388f12-77ec-47bf-b816-79cb42086b09" }, { "category": "Planning", "code": "PL-8", "label": "Security and Privacy Architectures", "uuid": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "category": "Planning", "code": "PL-9", "label": "Central Management", "uuid": "5b9bdfcc-3150-4c4a-8b08-386d9a829585" }, { "category": "Planning", "code": "PL-10", "label": "Baseline Selection", "uuid": "5df5007e-c8cd-4cc8-845b-0d0bb0daf66f" }, { "category": "Planning", "code": "PL-11", "label": "Baseline Tailoring", "uuid": "828560f0-7ac9-4960-aed9-6d618173a663" }, { "category": "Program Management", "code": "PM-1", "label": "Information Security Program Plan", "uuid": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "category": "Program Management", "code": "PM-2", "label": "Information Security Program Roles", "uuid": "293ebc1c-0452-41f8-ab14-101846241a47" }, { "category": "Program Management", "code": "PM-3", "label": "Information Security and Privacy Resources", "uuid": "898d7024-6d3f-4d9a-868f-34ea1e451801" }, { "category": "Program Management", "code": "PM-4", "label": "Plan of Action and Milestones Process", "uuid": "08327040-541f-40b4-a1cc-815d9298afe0" }, { "category": "Program Management", "code": "PM-5", "label": "System Inventory", "uuid": "515fb4c4-2a45-47b7-9a7a-5878f1bbad9c" }, { "category": "Program Management", "code": "PM-6", "label": "Measures of Performance", "uuid": "d5a60a37-684d-4b4b-b8a2-7d03814ff70d" }, { "category": "Program Management", "code": "PM-7", "label": "Enterprise Architecture", "uuid": "ecefd9da-a07c-41c2-9397-017e878bdb67" }, { "category": "Program Management", "code": "PM-8", "label": "Critical Infrastructure Plan", "uuid": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "category": "Program Management", "code": "PM-9", "label": "Risk Management Strategy", "uuid": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "category": "Program Management", "code": "PM-10", "label": "Authorization Process", "uuid": "ec1457b8-d116-45a4-8c61-5b8ddba8a2b9" }, { "category": "Program Management", "code": "PM-11", "label": "Mission and Business Process Definition", "uuid": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "category": "Program Management", "code": "PM-12", "label": "Insider Threat Program", "uuid": "9a9f32cf-d951-4909-98fe-c6a936af3913" }, { "category": "Program Management", "code": "PM-13", "label": "Security and Privacy Workforce", "uuid": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "category": "Program Management", "code": "PM-14", "label": "Testing, Training, and Monitoring", "uuid": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "category": "Program Management", "code": "PM-15", "label": "Contacts with Groups and Associations", "uuid": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "category": "Program Management", "code": "PM-16", "label": "Threat Awareness Program", "uuid": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "category": "Program Management", "code": "PM-17", "label": "Protecting Controlled Unclassified Information on External Systems", "uuid": "e25168b6-fb5b-4ae7-a14c-6afc86246348" }, { "category": "Program Management", "code": "PM-18", "label": "Privacy Program Plan", "uuid": "ab16520f-0c45-404d-8852-df2722a96412" }, { "category": "Program Management", "code": "PM-19", "label": "Privacy Program Roles", "uuid": "8e3958aa-59c3-4c3e-9cf0-1283d783ec46" }, { "category": "Program Management", "code": "PM-20", "label": "System of Records Notice", "uuid": "3585bbce-5c3b-4a2a-8a53-5c4af9467365" }, { "category": "Program Management", "code": "PM-21", "label": "Dissemination of Privacy Program Information", "uuid": "41ad2d98-3dc5-4167-a8cf-869b3b53c495" }, { "category": "Program Management", "code": "PM-22", "label": "Accounting of Disclosures", "uuid": "d7d3d288-cd67-40ea-871a-4aa256262dbf" }, { "category": "Program Management", "code": "PM-23", "label": "Data Quality Management", "uuid": "a43a957c-c1ce-462f-87b8-bcb962a26991" }, { "category": "Program Management", "code": "PM-24", "label": "Data Management Board", "uuid": "9c603ddb-5850-42a9-85bd-641667182bed" }, { "category": "Program Management", "code": "PM-25", "label": "Data Integrity Board", "uuid": "54ca56bb-3a0e-47b9-8cdb-b28976481e54" }, { "category": "Program Management", "code": "PM-26", "label": "Minimization of Personally Identifiable Information", "uuid": "e2aa9575-d1f9-440c-a3ae-72f79489dd3c" }, { "category": "Program Management", "code": "PM-27", "label": "Individual Access Control", "uuid": "ce8a976a-536a-44ea-bb8b-bcf28a6931c8" }, { "category": "Program Management", "code": "PM-28", "label": "Complaint Management", "uuid": "15f0293a-cef3-4c58-a6cf-725f0ea044c5" }, { "category": "Program Management", "code": "PM-29", "label": "Inventory of Personally Identifiable Information", "uuid": "7f02ee88-5118-467b-bffc-c6176276db0a" }, { "category": "Program Management", "code": "PM-30", "label": "Privacy Reporting", "uuid": "a6ae4db0-5f77-4e60-ae47-fa721623bcdb" }, { "category": "Program Management", "code": "PM-31", "label": "Supply Chain Risk Management Plan", "uuid": "da890a6a-f2be-44f2-b3f2-4ac8e84cd66a" }, { "category": "Program Management", "code": "PM-32", "label": "Risk Framing", "uuid": "2c4575a5-0d0a-40f7-8b8f-8a1c1a67b1e4" }, { "category": "Personnel Security", "code": "PS-1", "label": "Personnel Security Policy and Procedures", "uuid": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "category": "Personnel Security", "code": "PS-2", "label": "Position Risk Designation", "uuid": "fd87a967-2217-418d-8378-b0773b7ca356" }, { "category": "Personnel Security", "code": "PS-3", "label": "Personnel Screening", "uuid": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "category": "Personnel Security", "code": "PS-4", "label": "Personnel Termination", "uuid": "4d28a85e-20d2-4186-995e-de48a90eebb4" }, { "category": "Personnel Security", "code": "PS-5", "label": "Personnel Transfer", "uuid": "db5781c8-b759-47de-9862-27b2d3c2b568" }, { "category": "Personnel Security", "code": "PS-6", "label": "Access Agreements", "uuid": "012149b7-7c59-4220-83bf-d6879a886f20" }, { "category": "Personnel Security", "code": "PS-7", "label": "External Personnel Security", "uuid": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "category": "Personnel Security", "code": "PS-8", "label": "Personnel Sanctions", "uuid": "4b7824ea-dc4e-4938-9ebd-36b865f88585" }, { "category": "Risk Assessment", "code": "RA-1", "label": "Risk Assessment Policy and Procedures", "uuid": "675a9b3f-8abe-4b6f-948e-b701c2a02a84" }, { "category": "Risk Assessment", "code": "RA-2", "label": "Security Categorization", "uuid": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "category": "Risk Assessment", "code": "RA-3", "label": "Risk Assessment", "uuid": "8a174f26-95ff-41dd-8042-039189065395" }, { "category": "Risk Assessment", "code": "RA-5", "label": "Vulnerability Scanning", "uuid": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "category": "Risk Assessment", "code": "RA-6", "label": "Technical Surveillance Countermeasures Survey", "uuid": "8bc26841-e02d-4eb6-9842-fbd30b5a9e6a" }, { "category": "Risk Assessment", "code": "RA-7", "label": "Risk Response", "uuid": "f19db716-460e-44f8-a2d2-304cbbe54b73" }, { "category": "Risk Assessment", "code": "RA-8", "label": "Privacy Impact Assessment", "uuid": "e54190a1-12f2-46d1-b36b-0e7b49b85e43" }, { "category": "Risk Assessment", "code": "RA-9", "label": "Criticality Analysis", "uuid": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "category": "System And Services Acquisition", "code": "SA-1", "label": "System and Services Acquisition Policy and Procedures", "uuid": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56" }, { "category": "System And Services Acquisition", "code": "SA-2", "label": "Allocation of Resources", "uuid": "54613df0-e745-4205-a828-827aca596814" }, { "category": "System And Services Acquisition", "code": "SA-3", "label": "System Development Life Cycle", "uuid": "d6871e86-4df5-4d80-8529-3ec214940b69" }, { "category": "System And Services Acquisition", "code": "SA-4", "label": "Acquisition Process", "uuid": "729aa83b-a59b-48a0-b0a0-c592402dcae7" }, { "category": "System And Services Acquisition", "code": "SA-5", "label": "System Documentation", "uuid": "d32c4960-9581-4717-9a02-690d61709153" }, { "category": "System And Services Acquisition", "code": "SA-8", "label": "Security and Privacy Engineering Principles", "uuid": "6fd6cc79-208a-4f2c-8a05-9adae75fd255" }, { "category": "System And Services Acquisition", "code": "SA-9", "label": "External System Services", "uuid": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "category": "System And Services Acquisition", "code": "SA-10", "label": "Developer Configuration Management", "uuid": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "category": "System And Services Acquisition", "code": "SA-11", "label": "Developer Testing and Evaluation", "uuid": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "category": "System And Services Acquisition", "code": "SA-12", "label": "Supply Chain Risk Management", "uuid": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "category": "System And Services Acquisition", "code": "SA-15", "label": "Development Process, Standards, and Tools", "uuid": "650ec6f8-fbad-4fe7-a0db-62d3861a5372" }, { "category": "System And Services Acquisition", "code": "SA-16", "label": "Developer-Provided Training", "uuid": "6c3aaa6d-9e7c-4dd3-b753-ba11c11ae5a6" }, { "category": "System And Services Acquisition", "code": "SA-17", "label": "Developer Security Architecture and Design", "uuid": "95f027c8-c84f-474f-bd23-872f96e00dc9" }, { "category": "System And Services Acquisition", "code": "SA-18", "label": "Tamper Resistance and Detection", "uuid": "280c9bba-f2e4-401f-911a-cdab227ac433" }, { "category": "System And Services Acquisition", "code": "SA-19", "label": "Component Authenticity", "uuid": "bf85f2a4-2b80-4ae9-b4b5-5c2084c04061" }, { "category": "System And Services Acquisition", "code": "SA-20", "label": "Customized Development of Critical Components", "uuid": "6a025dc5-0215-4e6d-a637-554dadeee055" }, { "category": "System And Services Acquisition", "code": "SA-21", "label": "Developer Screening", "uuid": "7277cac1-5813-4356-b108-72fe5263f8c3" }, { "category": "System And Services Acquisition", "code": "SA-22", "label": "Unsupported System Components", "uuid": "b39366a0-a64c-4b2f-b414-3798db55ecbd" }, { "category": "System And Communications Protection", "code": "SC-1", "label": "System and Communications Protection Policy and Procedures", "uuid": "11fe35fa-d904-4137-9961-307097961e0c" }, { "category": "System And Communications Protection", "code": "SC-2", "label": "Application Partitioning", "uuid": "48a48a13-9de4-4284-adba-4dbdca2ff535" }, { "category": "System And Communications Protection", "code": "SC-3", "label": "Security Function Isolation", "uuid": "44defc1c-50d1-43a3-9ffe-c85213ef031a" }, { "category": "System And Communications Protection", "code": "SC-4", "label": "Information in Shared Systems Resources", "uuid": "bfd580de-f47b-43b4-9470-7416ff778c72" }, { "category": "System And Communications Protection", "code": "SC-5", "label": "Denial of Service Protection", "uuid": "f929ec71-03e0-40a2-92eb-4078894a18a2" }, { "category": "System And Communications Protection", "code": "SC-6", "label": "Resource Availability", "uuid": "76c33e82-04e2-4ee5-88c6-40939d8349a7" }, { "category": "System And Communications Protection", "code": "SC-7", "label": "Boundary Protection", "uuid": "a6586afd-bc0f-4334-88da-615989665368" }, { "category": "System And Communications Protection", "code": "SC-8", "label": "Transmission Confidentiality and Integrity", "uuid": "583129dc-d3e3-49c3-8ee9-3fbf18e020de" }, { "category": "System And Communications Protection", "code": "SC-10", "label": "Network Disconnect", "uuid": "09932f73-e48b-4d2b-bced-733f4039902e" }, { "category": "System And Communications Protection", "code": "SC-11", "label": "Trusted Path", "uuid": "282a9038-ea94-420f-bbaf-fe4abc7addce" }, { "category": "System And Communications Protection", "code": "SC-12", "label": "Cryptographic Key Establishment and Management", "uuid": "6726eb21-52f9-4922-a1d6-50c098ddba74" }, { "category": "System And Communications Protection", "code": "SC-13", "label": "Cryptographic Protection", "uuid": "edd532b7-577e-441b-820c-3b73fbd11c79" }, { "category": "System And Communications Protection", "code": "SC-15", "label": "Collaborative Computing Devices and Applications", "uuid": "d44c41d6-5fa9-4fac-9751-a8236a103c35" }, { "category": "System And Communications Protection", "code": "SC-16", "label": "Transmission of Security and Privacy Attributes", "uuid": "35964415-2e6b-4a69-b04b-5e0208872f56" }, { "category": "System And Communications Protection", "code": "SC-17", "label": "Public Key Infrastructure Certificates", "uuid": "c2f67a16-dc82-4d43-a71b-63e2143f9b73" }, { "category": "System And Communications Protection", "code": "SC-18", "label": "Mobile Code", "uuid": "6f766bc2-750a-4249-89c9-39cf288143d5" }, { "category": "System And Communications Protection", "code": "SC-19", "label": "Voice Over Internet Protocol", "uuid": "a33021fe-acc7-43cb-9556-8d0ccfe41cf1" }, { "category": "System And Communications Protection", "code": "SC-20", "label": "Secure Name / Address Resolution Service (Authoritative Source)", "uuid": "4797690e-c2e2-4106-878e-14d789fe1b06" }, { "category": "System And Communications Protection", "code": "SC-21", "label": "Secure Name / Address Resolution Service (Recursive or Caching Resolver)", "uuid": "6938d14b-381c-4077-9505-7c33c62b6e34" }, { "category": "System And Communications Protection", "code": "SC-22", "label": "Architecture and Provisioning for Name / Address Resolution Service", "uuid": "ac363e88-daae-4198-aa53-f704e103ef02" }, { "category": "System And Communications Protection", "code": "SC-23", "label": "Session Authenticity", "uuid": "d80f59b0-9c5f-4ca8-b18f-9e07f791e66e" }, { "category": "System And Communications Protection", "code": "SC-24", "label": "Fail in Known State", "uuid": "a3829b6b-d219-4f77-9da6-528349ddd6e4" }, { "category": "System And Communications Protection", "code": "SC-25", "label": "Thin Nodes", "uuid": "6eadc9b8-2337-4847-ace5-f68686199ee7" }, { "category": "System And Communications Protection", "code": "SC-26", "label": "Honeypots", "uuid": "61ba9758-69d7-4794-a425-187b9ab3750e" }, { "category": "System And Communications Protection", "code": "SC-27", "label": "Platform-Independent Applications", "uuid": "65261ecf-bb17-4e63-af33-46b0084bb27a" }, { "category": "System And Communications Protection", "code": "SC-28", "label": "Protection of Information At Rest", "uuid": "a35f7748-5868-46cd-9dea-b4e87fde8311" }, { "category": "System And Communications Protection", "code": "SC-29", "label": "Heterogeneity", "uuid": "d9e23dad-dcf3-4def-86e9-5af6a6d631ce" }, { "category": "System And Communications Protection", "code": "SC-30", "label": "Concealment and Misdirection", "uuid": "84eca642-948e-466e-91cf-509f6f4b74fa" }, { "category": "System And Communications Protection", "code": "SC-31", "label": "Covert Channel Analysis", "uuid": "716c6729-ab0f-4334-a9e6-278dea6a702b" }, { "category": "System And Communications Protection", "code": "SC-32", "label": "System Partitioning", "uuid": "41ba0004-50a7-44bb-9ca4-5f84ce06e4c0" }, { "category": "System And Communications Protection", "code": "SC-34", "label": "Non-Modifiable Executable Programs", "uuid": "158f92a7-c6fe-4f88-bf35-b6ea4163ff28" }, { "category": "System And Communications Protection", "code": "SC-35", "label": "Honeyclients", "uuid": "d7baf2e4-8155-4e33-aa3b-4474252c4de4" }, { "category": "System And Communications Protection", "code": "SC-36", "label": "Distributed Processing and Storage", "uuid": "f3a16482-f15d-49ea-b206-b3f7400513fd" }, { "category": "System And Communications Protection", "code": "SC-37", "label": "Out-of-Band Channels", "uuid": "108a06d5-4b5d-4728-9823-d106445d8880" }, { "category": "System And Communications Protection", "code": "SC-38", "label": "Operations Security", "uuid": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2" }, { "category": "System And Communications Protection", "code": "SC-39", "label": "Process Isolation", "uuid": "be303727-2dc9-4e23-a026-282fa8012ed6" }, { "category": "System And Communications Protection", "code": "SC-40", "label": "Wireless Link Protection", "uuid": "714ae5c2-00a0-4163-b949-699dfd3ab8a0" }, { "category": "System And Communications Protection", "code": "SC-41", "label": "Port and I/O Device Access", "uuid": "f98811b7-6972-4372-96b0-4f13bb8d49d6" }, { "category": "System And Communications Protection", "code": "SC-42", "label": "Sensor Capability and Data", "uuid": "d6dbd662-e58c-4422-b591-d7b0be5d73fd" }, { "category": "System And Communications Protection", "code": "SC-43", "label": "Usage Restrictions", "uuid": "b5a7b5c7-6c5b-4014-b30c-6fe8325b564c" }, { "category": "System And Communications Protection", "code": "SC-44", "label": "Detonation Chambers", "uuid": "d8aa0a75-a5b2-4556-9664-5b1d5ea7419c" }, { "category": "System And Information Integrity", "code": "SI-1", "label": "System and Information Integrity Policy and Procedures", "uuid": "96e2a11b-1b39-4903-be42-374102c930df" }, { "category": "System And Information Integrity", "code": "SI-2", "label": "Flaw Remediation", "uuid": "83caa43e-7179-4477-8665-66d47d058417" }, { "category": "System And Information Integrity", "code": "SI-3", "label": "Malicious Code Protection", "uuid": "15dfbe37-4a2d-4df7-b00c-f558524b561c" }, { "category": "System And Information Integrity", "code": "SI-4", "label": "System Monitoring", "uuid": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "category": "System And Information Integrity", "code": "SI-5", "label": "Security Alerts, Advisories, and Directives", "uuid": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "category": "System And Information Integrity", "code": "SI-6", "label": "Security and Privacy Function Verification", "uuid": "fa2d6a81-6a4e-41c7-91da-9024f91a7685" }, { "category": "System And Information Integrity", "code": "SI-7", "label": "Software, Firmware, and Information Integrity", "uuid": "b4f2c588-db91-4ad4-8122-9d3805a8a54a" }, { "category": "System And Information Integrity", "code": "SI-8", "label": "Spam Protection", "uuid": "8cf0e5df-fb43-4dd0-a65e-d635d5902ffc" }, { "category": "System And Information Integrity", "code": "SI-10", "label": "Information Input Validation", "uuid": "b3fef043-6788-406c-857f-788a044344a3" }, { "category": "System And Information Integrity", "code": "SI-11", "label": "Error Handling", "uuid": "16a412c2-2f76-4b61-917b-cb5372626bb2" }, { "category": "System And Information Integrity", "code": "SI-12", "label": "Information Handling and Retention", "uuid": "2fd75399-324e-40ed-9a82-80089816f398" }, { "category": "System And Information Integrity", "code": "SI-13", "label": "Predictable Failure Prevention", "uuid": "1f5c3fc5-4d27-4018-9f49-ca7edc61d5b4" }, { "category": "System And Information Integrity", "code": "SI-14", "label": "Non-Persistence", "uuid": "fc3d8c4c-8ced-4f4a-8ad0-a1ae01b35a21" }, { "category": "System And Information Integrity", "code": "SI-15", "label": "Information Output Filtering", "uuid": "039e5e9e-19cf-436b-b4fd-d0cfa4547110" }, { "category": "System And Information Integrity", "code": "SI-16", "label": "Memory Protection", "uuid": "9e1e9b36-aa61-4d54-a07c-2c74c341282c" }, { "category": "System And Information Integrity", "code": "SI-17", "label": "Fail-Safe Procedures", "uuid": "f2787cae-deb0-4090-9ed7-866b15d96df2" }, { "category": "System And Information Integrity", "code": "SI-18", "label": "Information Disposal", "uuid": "bf1d6c37-e1e1-4c78-8055-79a364219193" }, { "category": "System And Information Integrity", "code": "SI-19", "label": "Data Quality Operations", "uuid": "bca47b93-453b-47d8-8527-16c4fdd8f6e5" }, { "category": "System And Information Integrity", "code": "SI-20", "label": "De-Identification", "uuid": "5c1413f5-14f3-48bc-b371-5fda85e52cb8" } ], "version": 5 } 2019-11-28T14:04:46.477188+00:00 https://objects.monarc.lu/object/get/5111 CNIL [en] 2021-01-17T22:00:06.111818+00:00 MONARC { "label": "CNIL", "language": "EN", "refs": [ "https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf" ], "uuid": "b2f63ac4-c50c-43e1-8227-7078e6fcfd23", "values": [ { "code": "Anonymization_01", "description": "Determine what must be anonymized based on the context, the form in which the personal data are stored (including database fields or excerpts from texts, etc.) and the risks identified.", "uuid": "a689861b-a722-4457-8171-934354562cab" }, { "code": "Anonymization_02", "description": "Permanently anonymize the data that require such anonymization based on the form of the data to be anonymized (including databases and textual records, etc.) and the risks identified.", "uuid": "cbf48c2f-40e9-4c7e-8131-2393bcb591b5" }, { "code": "Anonymization_03", "description": "If such data cannot be anonymized permanently, choose tools (including partial deletion, encryption, hashing, key hashing, index, etc.) that most closely meet the functional needs.", "uuid": "908a4718-c979-46d4-8d78-1a01d789a9e4" }, { "code": "Archiving_01", "description": "Confirm that the archive management processes are defined.", "uuid": "d2693f41-f525-47da-85ed-5649770be40b" }, { "code": "Archiving_02", "description": "Confirm that the archiving roles are identified.", "uuid": "f8637d15-df22-470c-8a11-c26487193ce5" }, { "code": "Archiving_03", "description": "Confirm that the measures can ensure, if necessary, the identification and authentication of the origin of the archives, integrity, intelligibility, readability, availability and accessibility of the archives, how long the archives must be kept and the traceability of the operations carried out on the archives (including transfer, consultation, migration, deletion, etc.) and take additional measures if this is not the case.", "uuid": "0ad651e5-8fa6-40d9-81a6-747c203f7f13" }, { "code": "Archiving_04", "description": "Determine the methods for protecting the confidentiality of the archived personal data based on the risks identified.", "uuid": "5171d119-7ab3-41f5-8789-1b16f4c14c40" }, { "code": "Archiving_05", "description": "Confirm that the archive authorities have an archiving policy.", "uuid": "5dc180e8-3e00-42e7-9e60-bcbd8f9bd483" }, { "code": "Archiving_06", "description": "Confirm that a declaration of archiving practices exists.", "uuid": "13b7897c-b7a1-4941-892e-abe056f12c05" }, { "code": "Backups_01", "description": "Back up the personal data regularly, whether they are on paper or in electronic form, based on the businesses' availability and integrity requirements.", "uuid": "bb7cd7b2-4ea0-47a3-a607-e4f25c628698" }, { "code": "Backups_02", "description": "Implement mechanisms for encrypting the data transmission channel if the network's backup is automated.", "uuid": "47ac599e-904b-45c4-9be8-035a75deac14" }, { "code": "Backups_03", "description": "Protect backed-up personal data with the same level of security as that used in operations.", "uuid": "1b99ebd6-776f-4a4b-9e21-117349e5526f" }, { "code": "Backups_04", "description": "Test the backups regularly.", "uuid": "49c46d91-36aa-469f-a743-77a4a35bdfef" }, { "code": "Backups_05", "description": "Test the integrity of the backed-up personal data if the businesses' requirements so require.", "uuid": "2d890d10-9bf3-4a18-b59a-f2275e43d3de" }, { "code": "Backups_06", "description": "Formally document the level of commitment of the IT department regarding the recovery of encrypted information in the event of loss or unavailability of the secrets ensuring the encryption (including passwords and certificates) and regularly check the procedures associated with that commitment.", "uuid": "3ad1a54b-58fa-4524-b857-6ede9d683ea0" }, { "code": "Backups_07", "description": "Ensure that the organization, staff, systems and premises necessary to carry out the processing are available within a timeframe that corresponds to the needs of the businesses.", "uuid": "fdd84eeb-d249-4d82-a7ca-2edb149dad91" }, { "code": "Backups_08", "description": "Confirm the geographic location of the backups and, specifically, in which country (countries) the data are stored.", "uuid": "05ca0450-a6c3-4e3b-9d85-3052442fb9af" }, { "code": "Basis_01", "description": "Determine and justify the lawfulness criterion applicable to the data processing.", "uuid": "3e967274-f715-44f3-8a95-b1bc30604448" }, { "code": "Consent_01", "description": "Determine and justify the practical means to be implemented to obtain the consent of the data subjects or justify when they are impossible to implement.", "uuid": "7cbad538-4ced-4b90-9563-52bd4620204a" }, { "code": "Consent_02", "description": "Ensure that consent is obtained before any processing begins.", "uuid": "da02a7bf-64ed-4491-b6f9-0f8531479aaf" }, { "code": "Consent_03", "description": "Ensure that consent is obtained freely.", "uuid": "8a1f9342-372e-4aa1-bfb8-36475bf41ddf" }, { "code": "Consent_04", "description": "Ensure that the consent is obtained in an informed, transparent manner in terms of the purposes of the processing.", "uuid": "772ea30e-dcd3-4055-9c52-85aab209968b" }, { "code": "Consent_05", "description": "Ensure that consent is obtained for a specific purpose.", "uuid": "643af31e-c023-4eed-8b54-0b9203a5f54b" }, { "code": "Consent_06", "description": "When procurement is involved, set out each party's obligations in an explicit written agreement accepted by both parties.", "uuid": "c7f946f4-e289-4d25-bea6-514efffb3030" }, { "code": "Consent_07", "description": "Obtain the parents' consent for minors under 13 years of age.", "uuid": "9f8ff069-e841-480b-8710-896978389fae" }, { "code": "Consent_08", "description": "Obtain the informed, express consent of data subjects prior to initiating the processing, unless the processing relies on a different legal basis or if the law prohibits collecting or processing personal data.", "uuid": "5617d7b1-85e7-4441-9f8d-d08b8f02341b" }, { "code": "Consent_09", "description": "[collecting personal data via a website] Provide a form with boxes that must be checked and that are not checked by default (\"opt-in\" approach).", "uuid": "82d00a60-b4de-4579-aea1-3ce851e58170" }, { "code": "Consent_10", "description": "[collecting personal data via cookies] If a cookie is not strictly necessary to provide the service that the user has expressly requested, obtain the Internet user's consent (e.g. via a banner at the top of a web page), a consent request zone overlaid on the page or boxes that must be checked when subscribing to a service online) after informing the user and before storing the cookie.", "uuid": "980f2357-982c-4005-8391-05376c6f0461" }, { "code": "Consent_11", "description": "[collecting data via a mobile app] Obtain the user's consent when the mobile app or device is first activated.", "uuid": "727c77de-66f2-4b06-a0d3-a5cd3afc7aff" }, { "code": "Consent_12", "description": "[collecting data via a mobile app] Offer consent segmented per data category or processing type, particularly by distinguishing data sharing with other users or third-party companies.", "uuid": "4f5abefd-28fa-46de-8d3b-9e1c271f6b51" }, { "code": "Consent_13", "description": "[geolocation via a smartphone] Enable users to refuse to allow an application to systematically geolocate them.", "uuid": "75fffbe7-7dd5-46c4-aada-1263f4a172af" }, { "code": "Consent_14", "description": "[geolocation via a smartphone] Allow users to choose which application may use geolocation.", "uuid": "781d3830-d98a-44e8-844f-3826c63258b3" }, { "code": "Consent_15", "description": "[geolocation via a smartphone] Allow users to choose the persons authorized to access their geolocation information and at what level of detail.", "uuid": "3df7a076-588f-49ae-9fb5-11e9abea46dd" }, { "code": "Consent_16", "description": "[targeted advertising] Provide users with simple, no-cost methods to accept or refuse advertising based on their navigation behavior and to choose the targeted advertising they would like to receive based on their interests.", "uuid": "4aede15b-d689-4561-b73f-f875c82b0a4e" }, { "code": "Consent_17", "description": "[research using identifiable biological samples] If the samples are preserved for further processing that is different from the initial processing, also be sure to obtain the data subject's express, informed consent to said other processing.", "uuid": "7ab2bc36-35db-4dac-84c3-9a9192cbf909" }, { "code": "Data minimization_01", "description": "Justify the collection of each piece of data.", "uuid": "ff1d6815-b9f2-4ad9-bce4-e76774473d5b" }, { "code": "Data minimization_02", "description": "Clearly distinguish between anonymous and pseudonymous data.", "uuid": "cf7c23d2-26e5-4d7d-bbaa-55e314f49c80" }, { "code": "Data minimization_03", "description": "Avoid free-form text fields (of the \"comments\" space type), because of the risk that users note down information that does not comply with the minimization principles there. Preference should therefore be given to scroll-down list type fields. If free- form text fields cannot be avoided, users' awareness must be raised in how to use such fields, with regard to the standard terms & conditions for service and the law (no offensive words, no undeclared sensitive data, etc.).", "uuid": "90a44773-3816-4d4c-9e42-ce744ed70216" }, { "code": "Data minimization_04", "description": "Confirm that the personal data are adequate, relevant and not excessive with regard to the intended purpose; otherwise, do not collect the data.", "uuid": "ba66d448-9b7d-45d6-8cf1-0b425a5e38d2" }, { "code": "Data minimization_05", "description": "Confirm that the personal data do not reveal (directly or indirectly) racial or ethnic origin, political, philosophical or religious views, trade union membership, health information or information on an individual's sex life and do not collect them if they do, except under exceptional circumstances (for example, with consent, in the public interest or pursuant to Article 9 of the GDPR).", "uuid": "da32671d-3bc5-4446-83a4-48ca0c13e0a7" }, { "code": "Data minimization_06", "description": "Confirm that the personal data do not relate to offences, criminal convictions or security measures and do not collect them if they do, except under exceptional circumstances (for example, in dealing with the courts or court officers pursuant to Article 10 of the GDPR).", "uuid": "0ee55672-327d-438f-8335-9d8f78ed6cd2" }, { "code": "Data minimization_07", "description": "Prevent the collection of additional personal data.", "uuid": "fd2e985f-c782-4f1e-94ba-f8320cfc25d2" }, { "code": "Data minimization_08", "description": "Filter and remove unnecessary data.", "uuid": "c759faba-276a-4451-a471-95ceb4b9c223" }, { "code": "Data minimization_09", "description": "Reduce sensitivity via conversion.", "uuid": "164186d3-ddfc-4515-aab0-0a7124997210" }, { "code": "Data minimization_10", "description": "Reduce the identifying characteristics of data.", "uuid": "baa2c6e2-308f-4b50-88ca-75f7f3758fc7" }, { "code": "Data minimization_11", "description": "Reduce data accumulation.", "uuid": "9a0821c6-224e-47cf-bdd3-48cc1e4bb3c9" }, { "code": "Data minimization_12", "description": "Restrict access to data.", "uuid": "9be8c793-8696-448c-b4fb-6d190d8555d4" }, { "code": "Data minimization_13", "description": "Restrict the transmission of electronic documents containing personal data to the individuals who need them in connection with their work.", "uuid": "27568f00-0271-4c31-82ec-6adc48d1e4c1" }, { "code": "Data minimization_14", "description": "Securely delete personal data that are no longer necessary or that a subject requests be deleted from the system in operation or from backups where applicable.", "uuid": "eb37f1b9-4976-4dd4-bdb4-f4543c944229" }, { "code": "Data partitioning_01", "description": "Identify the sole data necessary to each business process.", "uuid": "91bfc9aa-b44a-41ab-bd74-d8820e7bf8a5" }, { "code": "Data partitioning_02", "description": "Separate the data useful to each process in logical fashion.", "uuid": "8a690f8c-64bf-4b15-a62c-b871f6a53395" }, { "code": "Data partitioning_03", "description": "Regularly confirm that personal data are partitioned effectively and that recipients and interconnections have not been added.", "uuid": "f566c1c7-822f-4b49-9a32-119f655d00ef" }, { "code": "Data quality_01", "description": "Regular checks of the accuracy of the user's personal data.", "uuid": "f73c8a25-bfbb-44a1-928d-2b2bc26f7c20" }, { "code": "Data quality_02", "description": "Ask the user to check and, where necessary, update his or her data at regular intervals.", "uuid": "6fd0a2b5-70a0-460b-860e-4cc495bd76cc" }, { "code": "Data quality_03", "description": "Ensure the traceability of any data changes.", "uuid": "698c5493-1b87-4c61-9291-0a775060f3a5" }, { "code": "Encryption_01", "description": "Determine what should be encrypted (including an entire hard disk, a partition, a container, certain files, data from a database or a communications channel, etc.) based on the form in which data is stored, the risks identified and the performance required.", "uuid": "80861066-d211-4a65-be96-e5f6f2e51868" }, { "code": "Encryption_02", "description": "Choose the type of encryption (symmetric or asymmetric) based on the context and the risks identified.", "uuid": "e305b46a-4e52-4b0e-91dd-f8134854e38f" }, { "code": "Encryption_03", "description": "Adopt encryption solutions based on public algorithms known to be strong.", "uuid": "f30b73cb-bd98-4e47-b62b-ba175a2cfb69" }, { "code": "Encryption_04", "description": "Establish measures to ensure the availability, integrity and confidentiality of the information necessary to recover lost secrets (including administrator passwords and a recovery CD, etc.).", "uuid": "474fd10b-8fb9-4939-ab3c-ead2d8c6eb38" }, { "code": "Encryption_05", "description": "Only use a key for a single purpose.", "uuid": "6b169b08-e70c-4449-930a-6391b9c25176" }, { "code": "Encryption_06", "description": "Formally document the key management system.", "uuid": "2b2780eb-06d0-4093-a233-a42affd4e64b" }, { "code": "Encryption_07", "description": "Choose a mechanism recognized by the appropriate organizations and that provides security proof.", "uuid": "8d1c9da7-abe2-412f-a17e-c2fdea323fc7" }, { "code": "Encryption_08", "description": "Establish mechanisms for verifying the electronic certificates.", "uuid": "4548272b-3cd5-437c-aaae-0d2212cb9681" }, { "code": "Encryption_09", "description": "Protect the security of key generation and use consistent with their level in the key hierarchy.", "uuid": "94a30b9d-8146-4463-8bc9-d4eefc447cc2" }, { "code": "Encryption_10", "description": "[workstations] Choose systems that do not store keys on the equipment that will be encrypted unless this implements a secure storage device (such as a TPM chip for laptops).", "uuid": "d538629f-03a2-4192-860f-76c0ab1e64c3" }, { "code": "Encryption_11", "description": "[workstations] Encrypt the data at operating system level (encryption of a partition, directory or file) or using specialized software (encryption of a container).", "uuid": "11d2ba45-f4e0-4859-a978-b47a78e31e2d" }, { "code": "Encryption_12", "description": "[databases] Based on the risks identified, encrypt the storage area (at the level of the hardware, operating system or database) so as to provide protection from physical theft, of the piece of data itself (encryption by application), with a view to guaranteeing the confidentiality of certain data as regards the administrators themselves. In the event of partitioned IT teams, database encryption can make data accessible only to database administrators, to the exclusion of system administrators.", "uuid": "1cd4480b-3e0e-4822-9dfe-2ad7d79d188d" }, { "code": "Encryption_13", "description": "[email] Encrypt the stored files or the email attachments.", "uuid": "9a104879-17fa-4603-8e35-f58ad23473dd" }, { "code": "Encryption_14", "description": "[email] Encrypt email messages.", "uuid": "cbd64008-b687-490b-a204-06993f64d537" }, { "code": "Encryption_15", "description": "[networks] Encrypt the communications channel between an authenticated server and a remote client.", "uuid": "dcfcf16e-908d-421d-8394-a45f02c88b5f" }, { "code": "Environmental_01", "description": "Store dangerous products (including inflammable, combustible, corrosive, explosive, aerosol and wet items) in appropriate storage areas and at a safe distance from the areas where personal data are processed.", "uuid": "eba95781-d206-4855-853d-7fe76e551bc0" }, { "code": "Environmental_02", "description": "Avoid dangerous geographic areas (flood zones, areas near airports, chemical industry facilities, earthquake zones and volcanic zones, etc.).", "uuid": "07af685d-5f82-48f2-9bf1-eacbd7c6e239" }, { "code": "Environmental_03", "description": "Do not store data in a foreign country without guarantees that can ensure an appropriate level of data protection.", "uuid": "9df5f05c-26dc-42f6-adcf-657a53848a65" }, { "code": "Hardware_01", "description": "Maintain an up-to-date inventory of IT resources used.", "uuid": "ae2d2a74-d55f-4da6-86dc-7fd61bf9d536" }, { "code": "Hardware_02", "description": "Partition off the organization's resources in the event of shared premises.", "uuid": "d4a9d060-c84d-4edc-a601-06be90154512" }, { "code": "Hardware_03", "description": "Block access to personal data stored on discarded IT resources.", "uuid": "bd107e40-4118-41d0-bbb9-3281154d3f97" }, { "code": "Hardware_04", "description": "Set up physical redundancy of storage units using RAID or an equivalent technology.", "uuid": "61e6b947-8823-4542-a507-a062a9c883d5" }, { "code": "Hardware_05", "description": "Make sure that the sizes of storage and processing capacities, as well as the conditions of use, are compatible with the intended use of hardware, particularly in terms of location, humidity and temperature.", "uuid": "5c5c2c6c-1642-484e-8516-47c3bc5176a2" }, { "code": "Hardware_06", "description": "Make sure that the power supplies of most critical hardware are protected from voltage variations and are backed up, or at least allow such hardware to be shut down normally.", "uuid": "f28dd275-f6dd-42c1-a43d-1de66a86fed5" }, { "code": "Hardware_07", "description": "Protect access to hardware that is sensitive or of high market value.", "uuid": "e64f2f6c-b462-4598-adae-28deebe06b16" }, { "code": "Hardware_08", "description": "Limit the possibilities of hardware alteration", "uuid": "ef06c517-ac35-4e18-ba7f-3664d60420b9" }, { "code": "Hardware_09", "description": "[workstations] Retrieve data, except for data defined as private or personal, from workstations before they are assigned to other persons.", "uuid": "c7ac7e92-0578-4579-adc2-dc13409f6e9d" }, { "code": "Hardware_10", "description": "[mobile devices] Limit the amount of personal data stored on mobile devices to the strict minimum, and prohibit such storage during travel abroad if needs be.", "uuid": "3d7fe818-5b01-4928-bb97-222697aa367b" }, { "code": "Hardware_11", "description": "[mobile devices] Configure devices so that they lock after a few minutes of inactivity.", "uuid": "c9f7a9a6-5e64-463f-b041-ef3013d543dd" }, { "code": "Hardware_12", "description": "[removable storage devices] Limit the use of removable storage devices to those provided by the IT department.", "uuid": "94f90dd1-bc14-40cd-88f4-6222ef2441cf" }, { "code": "Hardware_13", "description": "[removable storage devices] Prohibit the use of wireless USB flash drives (e.g.: Bluetooth).", "uuid": "022c09ba-3275-43bb-87c7-a1370a534d4d" }, { "code": "Hardware_14", "description": "[removable storage devices] Prohibit the use of USB flash drives on hardware that is not secure (antivirus, firewall, etc.).", "uuid": "1aa1e4fc-de28-4123-9ffe-950d9116e9ae" }, { "code": "Hardware_15", "description": "[removable storage devices] Restrict the use of USB flash drives to work-related purposes.", "uuid": "7ff93175-c45f-4573-866c-843fa93f5609" }, { "code": "Hardware_16", "description": "[removable storage devices] Disable the autorun functionality on all workstations (group strategy).", "uuid": "90e4d611-b595-40f0-963c-abc571001408" }, { "code": "Hardware_17", "description": "[removable storage devices] Encrypt personal data stored on removable storage devices.", "uuid": "f3725d8d-eb72-4b93-8a5d-331b137b4c93" }, { "code": "Hardware_18", "description": "[removable storage devices] Return removable storage devices that are either defective or no longer necessary, to the IT department.", "uuid": "3bf45eda-a432-43b7-a983-e0dfdb18bdbf" }, { "code": "Hardware_19", "description": "[removable storage devices] Securely destroy unnecessary personal data storage devices.", "uuid": "34981e25-763b-4337-b041-e05ef82b820d" }, { "code": "Hardware_20", "description": "[multifunction printers and copiers] Change \"manufacturer\" default passwords.", "uuid": "f3bc733e-1b69-4f0c-93a7-72365c10591d" }, { "code": "Hardware_21", "description": "[multifunction printers and copiers] Disable unnecessary network interfaces.", "uuid": "77d2099a-ddc0-46d9-b29d-d54c60b36ece" }, { "code": "Hardware_22", "description": "[multifunction printers and copiers] Disable or delete unnecessary services.", "uuid": "c9cb46a4-696e-47e6-b047-de4042900586" }, { "code": "Hardware_23", "description": "[multifunction printers and copiers] Encrypt data stored on hard disks wherever possible.", "uuid": "fead86d0-b8b9-45be-9499-7b3c92083dcf" }, { "code": "Hardware_24", "description": "[multifunction printers and copiers] Restrict the sending of electronic documents to internal email addresses and, in certain cases, restrict the sending of electronic documents to a single email address.", "uuid": "5ac8ca33-5366-48ff-a7b3-5d4b70d9e05f" }, { "code": "Information for the data subjects_01", "description": "Determine and justify the practical means that will be implemented to inform the data subjects, or justify when they are impossible to implement.", "uuid": "41c3e30b-3e14-4f9c-a03e-14481ecd8db7" }, { "code": "Information for the data subjects_02", "description": "Ensure that the notification is complete, clear and appropriate to the target audience based on the nature of the personal data and the practical means chosen.", "uuid": "b1a8f108-26ab-40dd-8b69-80f2b2380fb0" }, { "code": "Information for the data subjects_03", "description": "Ensure that the notification is provided by the time the data are collected.", "uuid": "3fe0606e-2a86-4afb-9d73-b72bc90c9012" }, { "code": "Information for the data subjects_04", "description": "Ensure that the data cannot be collected without providing this information.", "uuid": "cd6b1192-ed8b-48f1-99bd-dd0486d07744" }, { "code": "Information for the data subjects_05", "description": "If possible, provide a means by which to show that notification was provided.", "uuid": "0457059d-5f55-4a61-998a-e7ca1f690bad" }, { "code": "Information for the data subjects_06", "description": "[employees of an organization] Obtain the prior opinion of the staff representative organizations in the cases set forth in Labor Code.", "uuid": "2191cdbc-f411-41c6-8b77-baa0c2fdafd9" }, { "code": "Information for the data subjects_07", "description": "[employees of an organization] Use the method that is most appropriate to the organization.", "uuid": "191d466a-3d41-4883-ab9b-f85788e6ce85" }, { "code": "Information for the data subjects_08", "description": "[collecting personal data via a website] Provide direct or easily accessible information for Internet users.", "uuid": "6406b9ab-72d4-4473-879c-2aa2d630f457" }, { "code": "Information for the data subjects_09", "description": "[collecting data via a mobile app] Provide direct or easily accessible information for users.", "uuid": "13aa56e4-2f0c-4439-bdae-8e6fe2420fed" }, { "code": "Information for the data subjects_10", "description": "[collecting data via a mobile app] Inform the user if the app is likely to access the device's identifiers, by specifying whether these identifiers are communicated to third parties.", "uuid": "537329de-73ae-49ec-8a91-97a5f0e2d667" }, { "code": "Information for the data subjects_11", "description": "[collecting data via a mobile app] Inform the user if the app is likely to run in the background.", "uuid": "865b7fe1-779f-4410-a9a1-b54dfc205081" }, { "code": "Information for the data subjects_12", "description": "[collecting data via a mobile app] Present the protections for accessing the device to the user.", "uuid": "f4523be3-7ffc-46d9-b6e9-27ec09507091" }, { "code": "Information for the data subjects_13", "description": "[collecting personal data by telephone] Issue an automatic message before the conversation begins with information on subjects' rights, the reason for recording the conversation (for training purposes or to monitor service quality), if necessary, and an opportunity to object to recording (on legitimate grounds).", "uuid": "1d7dcc08-df36-4fd4-9cad-9a6567852aad" }, { "code": "Information for the data subjects_14", "description": "[collecting personal data by telephone] Set up means for authenticating the caller (e.g.: via information that is known only to the organization and data subject).", "uuid": "30d53d6e-c454-483d-bcd6-db29d6f48bd3" }, { "code": "Information for the data subjects_15", "description": "[collecting data via a form] Place the appropriate notice on the form in a typeface identical to the rest of the document.", "uuid": "b65b69c8-4bef-4165-8462-0e1eae30969a" }, { "code": "Information for the data subjects_16", "description": "[targeted advertising] Make the information available to Internet users in visible, legible form.", "uuid": "a29cf640-fc41-45e8-9582-465181e2028a" }, { "code": "Information for the data subjects_17", "description": "[targeted advertising] Inform Internet users about the various forms of targeted advertising they are likely to see via the service they are accessing and the various procedures used, the categories of information processed to adapt the advertising content and, as needed, the information that is not gathered and how they may agree to the display of behavioral or personalized advertising. Notification must be provided and consent obtained before any information is stored or before accessing information already stored in the terminal equipment.", "uuid": "dc20eeec-47fd-4f4f-914a-ff2a81e43a59" }, { "code": "Information for the data subjects_18", "description": "[updating existing processing] Provide specific notification about new forms of processing (for example, new purposes or new recipients).", "uuid": "1a5ebce9-7783-4e5a-9f15-6d4130ed84c4" }, { "code": "Integrity monitoring_01", "description": "Identify the data that must be monitored for integrity based on the risks identified.", "uuid": "81096f3d-434f-4ca6-b263-6402645f3a35" }, { "code": "Integrity monitoring_02", "description": "Choose a method for monitoring their integrity based on the context, the risks assessed and the robustness required.", "uuid": "1ebe2b48-44a6-4976-9f1a-86ae43656806" }, { "code": "Integrity monitoring_03", "description": "Determine when the function is to be applied and when the integrity monitoring should be performed based on implementation of the business process.", "uuid": "70393b55-d5b1-46f9-bb75-dff01c045a30" }, { "code": "Integrity monitoring_04", "description": "When the data are sent to a database, analytical measures must be set up to prevent scripting or SQL injection attacks.", "uuid": "aebd360b-cd9a-4a10-8116-e752edf8f3ff" }, { "code": "Integrity monitoring_05", "description": "Choose a hash mechanism recognized by the appropriate organizations and that provides security proof.", "uuid": "abd478b5-b3e6-4f59-9499-c6e059e37baf" }, { "code": "Integrity monitoring_06", "description": "Adopt electronic signature solutions based on public algorithms known to be strong.", "uuid": "f8939c47-62ad-4e9a-a7f2-c9de2732e655" }, { "code": "Logical access_01", "description": "Manage users' profiles by separating tasks and areas of responsibility (preferably in centralized fashion) to limit access to personal data exclusively to authorized users by applying need-to-know and least-privilege principles.", "uuid": "1aedf963-d4c1-4858-aa6a-83f1172295ca" }, { "code": "Logical access_02", "description": "Identify every person with legitimate access to personal data (employees, contracting parties and other third parties) by a unique identifier.", "uuid": "1cf018d8-33e0-4f03-b87e-d0ecf15b8668" }, { "code": "Logical access_03", "description": "If the use of generic or shared identifiers cannot be avoided, obtain validation from top management and implement methods for tracing the use of this kind of identifier.", "uuid": "24b38f5e-a0a2-41b4-94d4-04ebe1d73f16" }, { "code": "Logical access_04", "description": "Limit access to the tools and administration interfaces to authorized persons.", "uuid": "7940afda-6f90-43ce-93de-9e13c2b388db" }, { "code": "Logical access_05", "description": "Limit the use of accounts that provide elevated privileges to operations that require them.", "uuid": "a9a8432a-73d4-4f0d-8184-c8847a571cb4" }, { "code": "Logical access_06", "description": "Limit the use of \"administrator\" accounts to the IT department and to administration actions that require them.", "uuid": "4d6297a1-0193-41d3-8868-37efa49c968b" }, { "code": "Logical access_07", "description": "Every account, particularly if it has elevated privileges (for example, an administrator account), must have its own password.", "uuid": "ddb71c7d-1e28-4592-b033-f05e1403077e" }, { "code": "Logical access_08", "description": "Log information connected to the use of privileges.", "uuid": "3c9ad118-203a-4e8f-906b-7508506aacba" }, { "code": "Logical access_09", "description": "Conduct an annual review of privileges to identify and delete unused accounts and to realign the privileges with each user's functions.", "uuid": "810ce7c4-c1f2-46d1-a87d-da0e06f10684" }, { "code": "Logical access_10", "description": "Withdraw the rights of employees, contracting parties and other third parties when they are no longer authorized to access a premises or a resource or when their employment contract ends, and adjust the rights in the event of a job transfer.For individuals with a temporary account (including interns and service providers), configure an expiration date when the account is established.", "uuid": "3ff50b19-8155-4e23-aba6-a6538b4d71f0" }, { "code": "Logical access_11", "description": "Choose an authentication method to open sessions that is appropriate to the context, the risk level and the robustness expected.", "uuid": "ac78bbf8-87a7-48ae-8630-568011da98df" }, { "code": "Logical access_12", "description": "Prohibit the passwords used from appearing unencrypted in programs, files, scripts, traces or log files or on the screen when they are entered.", "uuid": "9fc35976-da32-43f0-afae-f1045efac451" }, { "code": "Logical access_13", "description": "Determine the actions to be taken in the event of a failed authentication.", "uuid": "b7911bea-4083-4e81-ba64-f9b114c13b2f" }, { "code": "Logical access_14", "description": "Limit authentication by identifiers and passwords to the workstation access control (unlocking only).", "uuid": "dd4cf1bf-f164-4f4d-a0c2-8826d3e6ea77" }, { "code": "Logical access_15", "description": "Authenticate the workstation with the remote information system (servers) using cryptographic mechanisms.", "uuid": "5663e669-0760-416b-90ef-5e81c909318a" }, { "code": "Logical access_16", "description": "Adopt a password policy, implement it and monitor it automatically to the extent that applications and resources allow, and inform users about it.", "uuid": "27d1daee-57b8-4b19-be2a-66e11b3c61b7" }, { "code": "Logical access_17", "description": "Adopt a specific password policy for administrators, implement it and monitor it automatically to the extent that the applications and resources allow, and inform administrators of it.", "uuid": "bdbf127d-b63f-402a-8897-da74fa058598" }, { "code": "Logical access_18", "description": "Immediately change default passwords after installing an application or a system.", "uuid": "86066bc7-c9fe-4825-904c-98569deb4d93" }, { "code": "Logical access_19", "description": "Create an initial unique random password for each user account, transmit it securely to the user, for example by using two separate channels (paper and others) or a scratch-off field, and require that it be changed when the first connection is made and when the user receives a new password (for example, if the old password is forgotten).", "uuid": "6d751f03-c787-492f-9118-fb7d2da905fb" }, { "code": "Logical access_20", "description": "Store the authentication information (including passwords for accessing information systems and private keys linked to electronic certificates) so that it is accessible only to authorized users.", "uuid": "1aea53f6-194e-40ae-8cc1-c165e01575a6" }, { "code": "Logical access_21", "description": "If many passwords or secrets (including private keys and certificates) must be used, implement a centralized authentication solution using OTPs or secure vaults.", "uuid": "7d2dc652-2129-4e3e-a828-eb5c12e91fad" }, { "code": "Maintenance_01", "description": "Establish a procurement contract to govern maintenance operations when they are carried out by service providers.", "uuid": "4d5e5e9c-cba4-4204-a996-de155230d9b6" }, { "code": "Maintenance_02", "description": "Record all maintenance operations in a logbook.", "uuid": "af3621e5-6901-471d-9367-4f56d41feaff" }, { "code": "Maintenance_03", "description": "Govern remote maintenance operations.", "uuid": "6ce0b616-a0b7-4434-b106-a2ad1aaaf142" }, { "code": "Maintenance_04", "description": "Encrypt or erase data contained on hardware (desktop computers or laptops, servers, etc.) that are sent for external maintenance. If this is not possible, remove the equipment storage devices before dispatch to maintenance or manage maintenance internally.", "uuid": "6b6ca736-930c-44f9-a751-a688fd5163f2" }, { "code": "Maintenance_05", "description": "[workstations] During maintenance operations that require remote access to a workstation, only perform the operation after obtaining the user's agreement, and indicate to the latter on the screen if the access is effective.", "uuid": "bd928759-84d2-4469-8946-b3dbfad554a5" }, { "code": "Maintenance_06", "description": "[workstations] When a maintenance operation requires physical intervention on a workstation containing sensitive data, delete the data during the maintenance.", "uuid": "2d9e26f1-0652-41bd-9f1d-7098aa35ef14" }, { "code": "Maintenance_07", "description": "[smartphone] Configure telephones before delivering them to users.", "uuid": "1f89e0d0-ca12-43eb-8816-49032071bba0" }, { "code": "Maintenance_08", "description": "[smartphone] Inform users, such as in a memo provided at delivery, about how to use their phone, the applications installed on it (e.g. Business Mail, Exchange, etc.), the services provided, and the security rules to be followed.", "uuid": "2c7aafdb-82b9-498e-833f-c1d1d53c8eeb" }, { "code": "Maintenance_09", "description": "[storage devices] Erase all contents securely or physically destroy storage devices that are discarded.", "uuid": "f07bb13a-7363-42ab-a90f-ed746612f2ed" }, { "code": "Maintenance_10", "description": "[storage devices] During maintenance operations that require remote access to a workstation, only perform the operation after obtaining the user's agreement.", "uuid": "46ff3960-e7fb-4696-b4b5-ba9dadafef13" }, { "code": "Maintenance_11", "description": "[multifunction printers and copiers] If maintenance is performed by a third party, set up measures to block access to personal data.", "uuid": "0a3f6ab5-1481-4341-bfab-c87bd7a228fd" }, { "code": "Maintenance_12", "description": "[multifunction printers and copiers] If a locally networked multifunction printer or copier is maintained remotely by a third party, take specific measures to protect access to this equipment.", "uuid": "7145ea83-4e8c-4cd2-b4b3-33971db52618" }, { "code": "Maintenance_13", "description": "[multifunction printers and copiers] Block access to personal data stored on discarded multifunction printers or copiers.", "uuid": "e0064066-b27a-40a1-9b4b-fb5ed06b3896" }, { "code": "Malware_01", "description": "Install an antivirus application on servers and workstations and configure it.", "uuid": "65114d0a-e751-4b45-934f-0e1706d1954c" }, { "code": "Malware_02", "description": "Update the antivirus software.", "uuid": "5011211c-ac04-40c7-90c2-f562d3284ee0" }, { "code": "Malware_03", "description": "Implement filtering measures that can filter network inflows and outflows (including firewalls and proxies).", "uuid": "29496756-8f16-4422-9836-dc8bd7745af9" }, { "code": "Malware_04", "description": "Transfer antivirus security events to a centralized server for statistical analysis and ex post management of problems (to detect an infected server or a virus that has been detected and not eradicated by the antivirus application, etc.).", "uuid": "41c92fbf-3051-4a25-a1bb-991ef2fe0b8b" }, { "code": "Malware_05", "description": "Install an anti-spyware program on the workstations, configure it and keep it up-to- date.", "uuid": "2a24a644-282c-4894-9229-31dd0dcfff56" }, { "code": "Management of incidents and data breaches_01", "description": "Define the roles and responsibilities of the stakeholders, as well as procedures for providing feedback and responses in the event of a personal data breach.", "uuid": "de0f99e6-3155-4c00-b236-5b5ee808bbd0" }, { "code": "Management of incidents and data breaches_02", "description": "Establish a directory of individuals responsible for managing personal data breaches.", "uuid": "bf83096f-1f4a-41aa-ab7b-f74c9611edb9" }, { "code": "Management of incidents and data breaches_03", "description": "Develop a response plan in the event of a personal data breach for each high risk, update it and test it periodically.", "uuid": "9e2deca0-636b-48ef-a730-f658625a6645" }, { "code": "Management of incidents and data breaches_04", "description": "Categorize the personal data breaches based on their impact on data subjects' privacy.", "uuid": "fd5f40a6-766d-44a1-b5f3-ad3d733c2d08" }, { "code": "Management of incidents and data breaches_05", "description": "Handle the incidents based on their categorization (event, incident, damaging event or crisis.).", "uuid": "8aae7bf3-966e-4948-8709-72df31e775c2" }, { "code": "Management of incidents and data breaches_06", "description": "Keep up-to-date documentation on data breaches.", "uuid": "fd65829e-e1e4-441e-80ae-0a8bfc4c3139" }, { "code": "Management of incidents and data breaches_07", "description": "Analyze the possibility of improving the security measures based on the personal data breaches that have occurred.", "uuid": "7a89917d-7dce-42c4-84dc-84d8bdad5d2e" }, { "code": "Networks_01", "description": "Keep up-to-date a detailed map of the network.", "uuid": "ce24b7a9-b37c-478c-9998-90632c530a6a" }, { "code": "Networks_02", "description": "Make an inventory of all Internet access points and add them to the network map, make sure that measures put in place are enforced at each access point.", "uuid": "60cb8791-6373-4e0c-9869-fbfb8c9d9882" }, { "code": "Networks_03", "description": "Ensure the availability of computer communications networks.", "uuid": "2d883236-aa41-47ff-b49f-7da0f12c5d37" }, { "code": "Networks_04", "description": "Segment the network into impenetrable logical subnets based on the services intended to be deployed.", "uuid": "7507e56f-24f9-4c08-9362-40e3a4ffb193" }, { "code": "Networks_05", "description": "Prohibit all direct communication between internal workstations and external networks.", "uuid": "e835c995-7944-4046-8f73-395f1d0601e6" }, { "code": "Networks_06", "description": "Only use connections that are explicitly allowed (restrict absolutely necessary communication ports to the proper execution of installed applications) by a firewall.", "uuid": "3c73630e-ec15-4323-92a1-bf5dc390d692" }, { "code": "Networks_07", "description": "Monitor network activity after informing data subjects of such monitoring.", "uuid": "591fd1ac-fc95-4277-907d-68f114f09862" }, { "code": "Networks_08", "description": "Set up a major intrusion response plan with organizational and technical measures for identifying and containing compromises.", "uuid": "271513a6-75d7-44ee-9331-f4b6f1e09f26" }, { "code": "Networks_09", "description": "Automatically identify hardware as a means of authenticating connections from specific locations and hardware.", "uuid": "5a634931-316e-49e4-9e55-e4f167ec3f9c" }, { "code": "Networks_10", "description": "Secure management traffic and restrict or prohibit physical and logical access to remote diagnostic and configuration ports.", "uuid": "d1150e3f-8480-45bf-96cb-720c5f8ff3d7" }, { "code": "Networks_11", "description": "Prohibit the connection of uncontrolled hardware.", "uuid": "530c47bc-d615-45ce-9895-046e5169d6c1" }, { "code": "Networks_12", "description": "Transmit secret information guaranteeing the confidentiality of personal data (decryption key, password, etc.) in a separate transmission using, where possible, a channel different from that used to transmit data.", "uuid": "4909075a-3ccd-4b55-bf06-16d292736a41" }, { "code": "Networks_13", "description": "[active network hardware] Use the SSH protocol or a direct hardware connection for connecting to active network hardware (firewall, routers, switches) and prohibit the use of the Telnet protocol except for direct connections.", "uuid": "1b072b0d-6b8f-4edb-9e0f-be780020b985" }, { "code": "Networks_14", "description": "[remote-administration tools] Restrict the remote administration of local IT resources to IT department staff and to IT resources within the limits of their duties.", "uuid": "09d79fda-1949-4f39-a5dc-a6c2bf9dd052" }, { "code": "Networks_15", "description": "[remote-administration tools] Uniquely identify users of remote-administration tools.", "uuid": "eb4da876-2842-40f1-b2d5-3d238176c8dd" }, { "code": "Networks_16", "description": "[remote-administration tools] Authenticate users of remote-administration tools with at least a robust password and, where possible, a digital certificate.", "uuid": "7cfd31d6-4f3e-409e-8a35-93f99653a822" }, { "code": "Networks_17", "description": "[remote-administration tools] Keep a log of the activity of users of remote-administration tools.", "uuid": "138ee3bc-171c-4084-9ae9-5a6816b31044" }, { "code": "Networks_18", "description": "[remote-administration tools] Secure the secure authentication flow.", "uuid": "005c6c29-079b-4802-954d-cb2fac3055a8" }, { "code": "Networks_19", "description": "[remote-administration tools] Remote administration must be covered by prior agreement on the part of the user.", "uuid": "04afbb2f-8830-4b8a-8298-b7c5a40f2143" }, { "code": "Networks_20", "description": "[remote-administration tools] Prohibit changes to the tool's security settings and the viewing of passwords or secret information used.", "uuid": "49218fd1-80f0-4242-a481-9ef57205abbb" }, { "code": "Networks_21", "description": "[remote-administration tools] Block the retrieval of secret information for the purposes of establishing a connection from a workstation.", "uuid": "f6cceae4-a755-44cf-9742-98c8551a9a0b" }, { "code": "Networks_22", "description": "[remote-administration tools] Encrypt all traffic flows.", "uuid": "1aa37c6a-20e4-4423-a9cc-bb07ab7bc1c5" }, { "code": "Networks_23", "description": "[remote-administration tools] The user must be informed that remote administration is under way on his/her workstation (for example via an icon).", "uuid": "76acdf16-872a-4fae-84f3-1b962de9b521" }, { "code": "Networks_24", "description": "[mobile or remote devices] Set up a strong solution for authenticating users who access internal information systems (when this is possible).", "uuid": "9830b820-50b1-4ec2-ba3a-36aedc6d7123" }, { "code": "Networks_25", "description": "[mobile or remote devices] Encrypt communications between mobile devices and internal information systems.", "uuid": "566e4419-d66d-4742-aff6-ec82328e75a9" }, { "code": "Networks_26", "description": "[mobile or remote devices] Install a firewall to protect network traffic to and from mobile devices. This firewall must be enabled as soon as a mobile device leaves the organization's premises.", "uuid": "2918ca8c-11e7-4a36-9d04-8e992764eb2e" }, { "code": "Networks_27", "description": "[wireless interfaces] Prohibit non-secure communications for connections via wireless interfaces.", "uuid": "efb6ed9b-a3f1-4440-95d6-b714d8b05c81" }, { "code": "Networks_28", "description": "[wireless interfaces] Prohibit simultaneous network connections via a wireless interface and the Ethernet interface.", "uuid": "6cbd4df9-8d32-4120-b4c4-53a5b7ee9c2f" }, { "code": "Networks_29", "description": "[wireless interfaces] Disable unused wireless connection interfaces (Wi-Fi, Bluetooth, infrared, 4G, etc.) on hardware and software.", "uuid": "568092c7-943f-4202-9686-6f745cf3b514" }, { "code": "Networks_30", "description": "[wireless interfaces] Control wireless networks.", "uuid": "ec7afbcd-496b-4d6d-a168-6c96947fe3eb" }, { "code": "Networks_31", "description": "[Wifi] Use the WPA or WPA2 protocol with AES-CCMP encryption or the \"Enterprise\" mode of the WPA and WPA2 protocols (using a RADIUS server as well as the EAP- TLS or PEAP subprotocols).", "uuid": "7c223c18-678f-4c3d-be0e-643eb66eddb5" }, { "code": "Networks_32", "description": "[Wifi] Prohibit ad-hoc networks.", "uuid": "c0fab12f-6d49-415b-a1d9-289fe8c81e4b" }, { "code": "Networks_33", "description": "[Wifi] Use and configure a firewall at network entry and exit points in order to partition off connected hardware as needed.", "uuid": "bd03815c-8243-4ea7-af45-a805eda8691f" }, { "code": "Networks_34", "description": "[Bluetooth] Impose mutual authentication with remote devices.", "uuid": "511b5ca4-89c6-4383-858c-d45133a0a778" }, { "code": "Networks_35", "description": "[Bluetooth] Restrict usage to file sharing with hardware controlled by the IT department.", "uuid": "8e0244ad-ce81-4c00-be5a-6f8e0eb8ab53" }, { "code": "Networks_36", "description": "[Bluetooth] Encrypt sharing traffic.", "uuid": "d4d34379-d6f7-4dca-b465-8f47fed709a7" }, { "code": "Networks_37", "description": "[infrared] Perform authentication prior to establishing connections and sending/receiving files or commands.", "uuid": "a08e87a9-84b6-48cc-a735-dd9f1d29e835" }, { "code": "Networks_38", "description": "[mobile telephony networks] Protect SIM cards with PINs that must be entered each time a device is used.", "uuid": "588f6c93-b675-4f82-9494-da2984833a13" }, { "code": "Networks_39", "description": "[Web browsing] Use the SSL protocol (HTTPS) to ensure server authentication and confidentiality of communications.", "uuid": "0960767a-3798-42d2-9766-8a544d6454aa" }, { "code": "Networks_40", "description": "[file transfers] Use the SFTP protocol or possibly the SCP protocol.", "uuid": "3ab07920-30d5-4368-b5b7-96c085dfa4b9" }, { "code": "Networks_41", "description": "[fax machines] Place fax machines in a physically secure room only accessible by authorized personnel.", "uuid": "aeca1cdd-0dba-4a08-86a9-199d0dc1a44c" }, { "code": "Networks_42", "description": "[fax machines] Set up a personal access code system for the printing of messages.", "uuid": "45b46846-ae73-4f1e-ad1f-56085fa7f0c7" }, { "code": "Networks_43", "description": "[fax machines] When sending faxes, have the identity of the destination fax displayed so that the recipient's identity may be checked.", "uuid": "392f2a2d-b717-4230-9d65-feb6f8f3c0e9" }, { "code": "Networks_44", "description": "[fax machines] When sending faxes, have the identity of the destination fax displayed so that the recipient's identity may be checked.", "uuid": "847559d4-6855-475d-8099-28dfcf8c6a53" }, { "code": "Networks_45", "description": "[fax machines] Follow up each fax by sending the originals to the recipient.", "uuid": "9dc411bc-b69e-4413-8191-882b5cb070b6" }, { "code": "Networks_46", "description": "[fax machines] Pre-enter the numbers of potential recipients in the fax machine's built-in phone book (where available).", "uuid": "5a66bc71-a621-4eee-b9af-5bdaae2fc18b" }, { "code": "Networks_47", "description": "[ADSL/Fiber] Make an inventory of the local Internet access points.", "uuid": "f5c1911b-6dec-45da-a702-656048918d03" }, { "code": "Networks_48", "description": "[ADSL/Fiber] Physically isolate the local Internet access points from the internal network.", "uuid": "f135d1b6-595d-4b6f-9129-654ad0131024" }, { "code": "Networks_49", "description": "[local access points] Only use them for specific legitimate needs (e.g. loss of availability of access to the direct distance dialing network).", "uuid": "6fa31f5c-5905-4849-ac5a-f6e5679d3eaf" }, { "code": "Networks_50", "description": "[local access points] Enable them only when they are used.", "uuid": "fd7e5584-6f01-4d2a-8428-51efe44ba9ad" }, { "code": "Networks_51", "description": "[local access points] Disable their wireless interface (Wi-Fi) if they have one.", "uuid": "62ee5964-4a5e-4bf6-8d8d-54d73f283a4d" }, { "code": "Networks_52", "description": "[email] Encrypt attachments containing personal data.", "uuid": "69e8a5ad-1b0d-4544-8d98-2c4a57aeb5bb" }, { "code": "Networks_53", "description": "[email] Make users aware that they must avoid opening email of unknown origin, and especially risky attachments (with extensions such as .pif, .com, .bat, .exe, .vbs, and .lnk), or configure the system so that it is impossible to open them.", "uuid": "3cf88fb5-6356-4b3e-a291-e2228852ac45" }, { "code": "Networks_54", "description": "[email] Make users aware that they should not pass on hoaxes, etc.", "uuid": "acdc4e21-c206-495f-a618-c16cc0ea5325" }, { "code": "Networks_55", "description": "[instant messaging] Prohibit the installation and use of instant messaging software. If such software is necessary, inform users about the risks involved and the good practices to follow.", "uuid": "387e8c03-52ed-4f29-854f-7c77a9a36ea9" }, { "code": "Non-human risk sources_01", "description": "Establish fire prevention, detection and protection systems.", "uuid": "e9a6a6c2-36d4-43e2-97d7-a758160ae171" }, { "code": "Non-human risk sources_02", "description": "Install temperature monitoring systems.", "uuid": "91cfea4c-20b0-4be1-aeea-ec68b813ffcc" }, { "code": "Non-human risk sources_03", "description": "Establish a power supply monitoring and relief system.", "uuid": "fddb164a-8cd8-4c88-9865-eb09e168eae6" }, { "code": "Non-human risk sources_04", "description": "Install systems to prevent water damage.", "uuid": "83c2a188-77b1-4a96-857d-39c5d2c9d147" }, { "code": "Non-human risk sources_05", "description": "Ensure that the essential services (including power, water and air conditioning) are sized appropriately based on the systems they support.", "uuid": "443af974-738a-474f-994e-a8555d57eb35" }, { "code": "Non-human risk sources_06", "description": "Specify an appropriate response time, in the event of failure, in maintenance contracts covering the equipment used in the operation of essential and security services (including extinguishers, air conditioners, water, smoke and heat detectors, opening and unauthorized entry detection and generator) and check the equipment at least annually.", "uuid": "67ce43a0-8ed7-4ab2-9343-de474df5d54d" }, { "code": "Non-human risk sources_07", "description": "In the case of high availability requirements, connect the telecommunications infrastructure via at least two different, independent access points and ensure that they can switch from one to the other very quickly. If availability needs are very high, consider a backup site.", "uuid": "a7ddedda-ca2a-4fc8-9a27-f414f06ff038" }, { "code": "Operating security_01", "description": "Document the operating procedures, update them and make them available to all users concerned (every action on the system, whether it involves administration operations or the use of an application, must be explained in the users' reference documents).", "uuid": "0c906d42-562d-4d6c-817d-c237697026c7" }, { "code": "Operating security_02", "description": "Maintain an up-to-date inventory of the software and hardware used in operation.", "uuid": "971e238f-6539-4309-9fbd-bbe551184a3d" }, { "code": "Operating security_03", "description": "Conduct monitoring of vulnerabilities discovered in the software (including firmware) used in operation, and correct them at the earliest possible opportunity.", "uuid": "a58cb9b6-3c4b-4718-ad26-96971c6e8da2" }, { "code": "Operating security_04", "description": "Maintain an up-to-date inventory of the software and hardware used in operation.", "uuid": "59afc518-72aa-4698-a8dd-d414e90416c2" }, { "code": "Operating security_05", "description": "Prohibit the use of production servers (database servers, Web servers, messaging server, etc.) for other purposes than those initially intended", "uuid": "4b1d4939-dcf8-4449-bffb-7ecf309593e6" }, { "code": "Operating security_06", "description": "Use data storage units that use physical redundancy mechanisms (such as RAID), or mechanisms for duplicating data between several servers and/or sites.", "uuid": "e310d89d-cb9f-4a4f-9478-f0214fd81bf6" }, { "code": "Operating security_07", "description": "Check that the size of storage and computing capacities is sufficient for allowing the processing to operate correctly \u2013 even during activity peaks.", "uuid": "1e14c624-18e7-4db4-b7d0-67f3c5a94c64" }, { "code": "Operating security_08", "description": "Check that the physical hosting conditions (temperature, humidity, energy supply, etc.) are compatible with the intended use of hardware, and include backup mechanisms (inverter and/or backup supply and/or generator).", "uuid": "4ce6491a-dfb5-4a39-b09c-e229f4d4a3ab" }, { "code": "Operating security_09", "description": "Limit access to hardware that is sensitive and/or of high market value.", "uuid": "0f707a1a-3beb-4c0c-8662-7dfd7c9fd437" }, { "code": "Operating security_10", "description": "Limit the possibilities of hardware alteration.", "uuid": "001e35ba-544b-43a1-a94e-3cc3aecde0c5" }, { "code": "Operating security_11", "description": "Provide for an Activity Recovery Plan (PRA) or Activity Continuity Plan (PCA), based on the availability objectives of the processing carried out.", "uuid": "2f02df3f-b652-449f-9e47-018baa1b4a7e" }, { "code": "Operating security_12", "description": "Set up a security incident management procedure allowing such incidents to be detected, recorded, described and resolved.", "uuid": "97d227c8-215b-4b24-a858-f0e181476b03" }, { "code": "Organization_01", "description": "Have the data controller appoint an assistant to help them enforce the General Data Protection Regulation (GDPR) and provide such assistant with the means to perform their duties.", "uuid": "e296be10-3b93-4ed0-bbb2-3e84e330f639" }, { "code": "Organization_02", "description": "Define the roles, responsibilities and interactions between all data protection stakeholders.", "uuid": "83f5e4ad-f20e-4bbc-8912-56923387da9b" }, { "code": "Organization_03", "description": "Set up a monitoring committee formed of the data controller, the person in charge of assisting the controller in enforcing compliance with the GDPR and the stakeholders. This committee must meet regularly (at least once a year) to set objectives and review the organization's entire range of processing operations.", "uuid": "82b6cd19-b2e2-405e-9728-a7bd7251ac6f" }, { "code": "Paper document_01", "description": "Include a visible, explicit reference on each page of the documents that include sensitive personal data.", "uuid": "d41faa6b-99bd-4b71-9bec-66a2d5334c95" }, { "code": "Paper document_02", "description": "Include a visible, explicit reference in the business applications that provide access to personal data.", "uuid": "38b3b764-c6b1-447a-81aa-90ba5fb02472" }, { "code": "Paper document_03", "description": "Choose paper formats and printing methods that are suitable to the storage conditions (storage duration, ambient humidity, etc.).", "uuid": "43021e79-ec81-4867-8bc4-55bc5330a32b" }, { "code": "Paper document_04", "description": "Retrieve printed documents containing personal data immediately after they are printed or, where possible, carry out secure printing.", "uuid": "6e1ba563-e4ff-452b-b793-34b6c42c3837" }, { "code": "Paper document_05", "description": "Restrict the distribution of paper documents containing personal data to individuals who require them for work-related purposes.", "uuid": "c9e78377-c4ef-49e6-937b-6d3720206b38" }, { "code": "Paper document_06", "description": "Store paper documents containing personal data in a secure cabinet.", "uuid": "b3cd646a-9ee6-4e60-bb21-74c086e1a89a" }, { "code": "Paper document_07", "description": "Destroy, using a shredder of the appropriate certification level, paper documents that are no longer necessary and which contain personal data.", "uuid": "1c5b07c9-70c4-44b7-9d23-0d5112589210" }, { "code": "Paper document_08", "description": "Only send paper documents containing personal data that are necessary for processing.", "uuid": "9d218324-5fec-4547-a1bc-502b3ba86905" }, { "code": "Paper document_09", "description": "Keep close track of the circulation of paper documents containing personal data.", "uuid": "d2b72130-8771-49a7-aa39-eb9e3c3abe43" }, { "code": "Paper document_10", "description": "Choose a transmission channel that is suited to the risks and frequency of transmission.", "uuid": "97f4548c-8a5a-4128-848f-5c44b886adf1" }, { "code": "Paper document_11", "description": "Improve trust in companies used to deliver paper documents containing personal data.", "uuid": "c9004d16-3c95-4491-a581-e8493e5ac7bb" }, { "code": "Paper document_12", "description": "Protect paper documents containing personal data.", "uuid": "b20a6adb-cb65-4dca-9401-fe0f08f67b18" }, { "code": "Physical access_01", "description": "Categorize areas of the buildings by risk.", "uuid": "c50ec4bf-c87b-450f-99d3-7444767bb529" }, { "code": "Physical access_02", "description": "Maintain an up-to-date list of individuals (including visitors, employees, authorized employees, trainees and service providers) who are authorized to enter each area.", "uuid": "c688ba0f-d671-4718-ba97-6bfbc999257a" }, { "code": "Physical access_03", "description": "Select methods for authenticating employees that are proportional to the risks associated with each area.", "uuid": "c71ee1c8-164c-4aff-9796-412f2018ef81" }, { "code": "Physical access_04", "description": "Select visitor authentication methods (for example, persons coming to attend a meeting, external service providers or auditors) proportional to the risks associated with each area.", "uuid": "3d8139f7-6e50-4613-b17e-d54c00188544" }, { "code": "Physical access_05", "description": "Define actions to take if authentication fails (identity cannot be confirmed or lack of authorization to enter a security area).", "uuid": "19de6071-7aa0-4c45-bee8-563c7c6446e2" }, { "code": "Physical access_06", "description": "Keep a record of access granted after notifying the data subjects.", "uuid": "a482d122-b761-403f-b916-7757918cfb45" }, { "code": "Physical access_07", "description": "Visitors needing to access premises outside public reception areas should be escorted (from the time they arrive, during their visit and until they exit the premises) by a member of the organization.", "uuid": "be8b8190-8b98-45c1-8f72-4d1a565b1a5c" }, { "code": "Physical access_08", "description": "Protect the most sensitive areas in proportion to the risks.", "uuid": "19576116-27b2-4eda-ad2f-c0ffdc51f09b" }, { "code": "Physical access_09", "description": "Install a warning system in the event of unauthorized entry.", "uuid": "764b70e6-79be-4338-8a85-df02a0845424" }, { "code": "Physical access_10", "description": "Establish a system to slow individuals who may have penetrated an area they are prohibited from entering and a system for intervening in such situations to ensure intervention before the unauthorized persons can leave the area.", "uuid": "6935ed7e-c2ff-41e1-84f0-abb94789e6c6" }, { "code": "Policy_01", "description": "Set out important aspects relating to data protection within a documentary base making up the data protection policy and in a form suited to each type of content (risks, key principles to be followed, target objectives, rules to be applied, etc.) and each communication target (users, IT department, policymakers, etc.).", "uuid": "3044ec83-7f6c-4f36-9b41-fd8f4148f0db" }, { "code": "Policy_02", "description": "Distribute the data protection policy to those in charge of enforcing it.", "uuid": "5c8cfba8-eaaf-49d4-a8c2-eb80e38bedf3" }, { "code": "Policy_03", "description": "Allow individuals in charge of enforcing the data protection policy to formally request exceptions in the event of implementation difficulties, review the impacts of all exception requests on the related risks and, where applicable, have acceptable exceptions approved by the data controller and amend the data protection policy accordingly.", "uuid": "0cfa2120-97ad-4553-9634-eb882d082611" }, { "code": "Policy_04", "description": "Establish a multi-annual action plan and monitor implementation of data protection policy.", "uuid": "f5325095-e849-4311-929f-4f98b1a3f6b9" }, { "code": "Policy_05", "description": "Allow for exceptions to the data protection policy.", "uuid": "265e4f9a-c3fa-45a4-bb88-329c9842a610" }, { "code": "Policy_06", "description": "Anticipate how to take into account difficulties in enforcing the data protection policy.", "uuid": "7da96d90-bb4b-4a7a-843d-d34404a6af91" }, { "code": "Policy_07", "description": "Regularly check compliance with the rules of the data protection policy and the implementation of the action plan.", "uuid": "860682f8-a917-436b-8c3b-e1204cef9c88" }, { "code": "Policy_08", "description": "Regularly revise the data protection policy.", "uuid": "9bc3437a-1156-41bc-a5a7-7f227acecb9c" }, { "code": "Prior formalities_01", "description": "Check that the data processing does indeed comply with the declared purpose.", "uuid": "e35056d7-f710-494a-b88d-b889cca71b24" }, { "code": "Prior formalities_02", "description": "Perform a Privacy Impact Assessment (PIA) and have it validated.", "uuid": "a68526c7-2924-4d5b-8e3c-46e4ff4e661a" }, { "code": "Prior formalities_03", "description": "Consult the supervisory authority if the residual risks are high, pursuant to Article 36 of the General Data Protection Regulation (GDPR).", "uuid": "2cfe236e-a265-4ad6-b465-3f1c54e4b583" }, { "code": "Prior formalities_04", "description": "Carry out the other sectoral and contractual formalities applicable to the processing (e.g. formalities associated with other codes and regulations, contract with an external data source, etc.)", "uuid": "5f305f28-fae7-427e-a438-2a94270a8eed" }, { "code": "Processors_01", "description": "A procurement contract must be signed with each processor, setting out all of the points stipulated in Art. 28 of the GDPR.", "uuid": "56e18e09-aba6-45e7-bcad-b6e095d3c109" }, { "code": "Processors_02", "description": "Regulate the procurement relations via a contract signed intuitu person\u00e6.", "uuid": "7368415c-5c8e-4388-8f37-e0a12b42e27c" }, { "code": "Processors_03", "description": "Require the processor to forward its Information Systems Security Policy (PSSI) along with all supporting documents of its information security certifications and append said documents to the contract.", "uuid": "1ae3cecb-b8c2-4513-8a7e-87ef4737b586" }, { "code": "Processors_04", "description": "Precisely determine and set, on a contractual basis, the operations that the processor will be required to carry out on personal data.", "uuid": "c923a487-93d3-4ad7-a0a9-a379b586903f" }, { "code": "Processors_05", "description": "Determine, on a contractual basis, the division of responsibility regarding the legal processes aimed at allowing the data subjects to exercise their rights.", "uuid": "df423c35-2f36-4da7-8b9b-45c420faede5" }, { "code": "Processors_06", "description": "Explicitly prohibit or regulate use of tier-2 processors.", "uuid": "f2c8f0fd-8e8c-4977-9b6a-3935cfcbfe5c" }, { "code": "Processors_07", "description": "Clarify in the contract that compliance with the data protection obligations is a binding requirement of the contract.", "uuid": "117e287b-32ca-47b9-8fb5-bf5ec461b9c8" }, { "code": "Processors_08", "description": "[providers of cloud computing services] Require the provider to apply at least logical separation between the organization's data and the data of its other clients.", "uuid": "d508b338-1c29-4d0f-815c-f8724b16817d" }, { "code": "Processors_09", "description": "[providers of cloud computing services] Very clearly define the locations in which the data are likely to be stored, and the countries from which the data stored in the cloud are likely to be accessible.", "uuid": "b2b88c80-8c5e-47e7-bf45-03a92fcaa049" }, { "code": "Project management_01", "description": "Use a risk management approach as soon as a service is devised or an application designed.", "uuid": "0943a203-920c-4869-a562-c739bd1f14c1" }, { "code": "Project management_02", "description": "Favor the use of trusted names in ISS and data protection (procedures, products, management systems, organizations, individuals, etc.).", "uuid": "66063408-245e-4027-a2bc-86f360996e2a" }, { "code": "Project management_03", "description": "Favor the use of recognized and proven guidelines.", "uuid": "b5c8636e-490e-4989-89d5-9816c36ed059" }, { "code": "Project management_04", "description": "Carry out supervisory authority formalities before launching new processing operations.", "uuid": "a5225278-26a4-4920-abe0-5256c40435d7" }, { "code": "Project management_05", "description": "[software acquisitions] Make sure that developers and maintainers have sufficient resources to perform their tasks.", "uuid": "0e76309c-a1e9-4361-bd60-fe30cad19371" }, { "code": "Project management_06", "description": "[software acquisitions] Favor interoperable and user-friendly applications.", "uuid": "d344ad67-fe91-477a-b150-87d78e59f02f" }, { "code": "Project management_07", "description": "[software acquisitions] Carry out IT developments in an IT environment distinct from the running environment.", "uuid": "c25ecdc1-1eff-4101-af9b-34d31c5a1f2c" }, { "code": "Project management_08", "description": "[software acquisitions] Protect the availability, integrity and, where necessary, confidentiality of source codes.", "uuid": "68d3ef08-0b9a-4341-a335-afb27e80021a" }, { "code": "Project management_09", "description": "[software acquisitions] Impose data entry and recording formats that minimize the amount of data collected.", "uuid": "ea1e195a-de83-4e5b-97f3-d5d7c74dddf3" }, { "code": "Project management_10", "description": "[software acquisitions] Make sure that data formats are compatible with the implementation of a storage duration.", "uuid": "f0a432b1-5c69-4a69-950f-b2e37bc3963f" }, { "code": "Project management_11", "description": "[software acquisitions] Integrate access control to data by user categories during development.", "uuid": "c06e557e-2436-4b3d-8fa0-552d184f69f9" }, { "code": "Project management_12", "description": "[software acquisitions] Avoid using free-form text fields. If such fields are required, the following wording must either appear as a watermark or disappear once a user starts typing inside the field: \"Individuals have a right of access to the information about them entered in this field. The information you enter in this field must be RELEVANT to the context. Such information must neither include any subjective opinions nor reveal \"either directly or indirectly, an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or any information relating to said individual's health or sex life\".", "uuid": "5f06b644-3743-486c-8431-1bac8186c729" }, { "code": "Project management_13", "description": "[software acquisitions] Prohibit the use of actual data prior to the implementation, and anonymize them where necessary.", "uuid": "ccbce76a-86fe-4cce-a46b-bab851fcbf78" }, { "code": "Project management_14", "description": "[software acquisitions] Make sure that software runs correctly and as specified during acceptance testing.", "uuid": "0c846c96-c091-4e40-a9d8-bec9828fd839" }, { "code": "Purpose_01", "description": "Describe the data processing purposes in detail and justify their legitimacy.", "uuid": "0af91e8e-6412-4ec2-86f0-d00b4f1c83dc" }, { "code": "Purpose_02", "description": "Explain the purposes of sharing with third parties as well as the data processing purposes for improving the service.", "uuid": "c9133806-5bfe-4c1b-85cf-7717b7316936" }, { "code": "Purpose_03", "description": "Explain the specific conditions under which the processing will take place, particularly by clarifying data matching where applicable.", "uuid": "325f56ec-a483-4ee3-8b70-1a36e8218ad2" }, { "code": "Relations with third parties_01", "description": "Identify all third parties who have or could have legitimate access to personal data.", "uuid": "70118f99-45c3-4068-aac2-0970b75078a3" }, { "code": "Relations with third parties_02", "description": "Determine their role in the processing (including IT administrators, processors, recipients, persons responsible for processing data and authorized third parties) based on the actions they will perform.", "uuid": "e67de690-620b-4dfc-84b9-f1b41789ebae" }, { "code": "Relations with third parties_03", "description": "Determine the respective responsibilities based on the risks connected to the personal data.", "uuid": "8fbc269e-b6bc-4fcb-99a9-d3e01b2dbd11" }, { "code": "Relations with third parties_04", "description": "Determine the appropriate form for establishing rights and obligations based on the third parties' legal structure and their geographic location.", "uuid": "affffb06-4f24-4609-b02c-dc94f9eef84d" }, { "code": "Relations with third parties_05", "description": "Formally document the rules that persons must comply with throughout the life cycle of the relationship related to the processing or the personal data, based on the person's category and the actions that he/she will perform.", "uuid": "bc2c32c5-0d94-470c-965b-1362354d0170" }, { "code": "Relations with third parties_06", "description": "[internal service providers] Apply to said service providers the same measures as for the organization's employees: training in data protection issues, requirement to comply with the rules for using the organization's IT resources, appended to the rules of procedure.", "uuid": "addc6cd5-341c-4e65-9f97-80363edc2d23" }, { "code": "Relations with third parties_07", "description": "[internal service providers] Provide said service providers with a workstation inside the organization or check that use of the workstation supplied by their employer is compatible with the organization's security objectives.", "uuid": "4188ca8c-6e9d-47f3-afb2-14f6524f1d69" }, { "code": "Relations with third parties_08", "description": "[internal service providers] Make sure said service providers are properly bound with their employer by a confidentiality clause applicable to their employer's client organizations.", "uuid": "5a653d24-a00c-47e9-9df8-c5da8f03fa59" }, { "code": "Relations with third parties_09", "description": "[internal service providers] Manage clearance authorizations for such service providers specifically by granting time-bound authorizations that automatically end on the provisional end date for their assignment.", "uuid": "cb8a4285-4740-43dd-ad88-3fec51d119de" }, { "code": "Relations with third parties_10", "description": "[third-party recipients] Govern the transmission of data to said third-parties via a contract setting out.", "uuid": "9e9a5a6c-fc2d-4248-afe3-30457f3c8718" }, { "code": "Relations with third parties_11", "description": "[third-party recipients] Require the third party to publish a privacy protection policy covering the processing making use of the data transmitted and outlining the security objectives pursuant to the IT system security policy.", "uuid": "2ebe062a-a1f9-432c-9b15-4c44c1e121e6" }, { "code": "Relations with third parties_12", "description": "[third-party recipients] If data are transmitted via the Internet, always encrypt the data flows.", "uuid": "ecfa059a-ce80-46b6-80a3-49d09eefff9b" }, { "code": "Relations with third parties_13", "description": "[third-party recipients] Systematically inform the third party when the data subjects exercise their right to rectification.", "uuid": "71b7fe30-963e-4ff8-9744-0fd5b34747c7" }, { "code": "Relations with third parties_14", "description": "[authorized third parties] Only reply to requests that are officially sent (by mail or fax) and reply using the same communications channel. Do not take account of requests sent by email and do not reply using this communications channel.", "uuid": "f50afe3d-22eb-453b-9c0f-3a8209ee42d0" }, { "code": "Relations with third parties_15", "description": "[authorized third parties] Check the legal basis of each request for communication.", "uuid": "8cdc1082-78c0-4064-8ee0-2f43560f2a4f" }, { "code": "Relations with third parties_16", "description": "[authorized third parties] Authenticate the parties submitting the requests and only reply to them.", "uuid": "4235ff42-c907-4089-9b07-1443ee2cbbb2" }, { "code": "Relations with third parties_17", "description": "[authorized third parties] Reply strictly to the request by only supplying the data asked for in the request.", "uuid": "39a72d0c-9c2e-43ee-8725-478cd01397e4" }, { "code": "Right of access and data portability_01", "description": "Determine the practical means that will be implemented to allow the exercise of the right of access. Individuals must be able to exercise this right as quickly as possible, within two months without exception (one month under the GDPR) for data, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and they must not incur expenses that exceed copying costs.", "uuid": "676fcbe6-c3f9-45a5-8338-4cbfa5a8d1b7" }, { "code": "Right of access and data portability_02", "description": "Ensure that the right of access can always be exercised.", "uuid": "e95147b7-c5ea-478b-9a58-1ff58779a065" }, { "code": "Right of access and data portability_03", "description": "Confirm that requests to exercise the right of access submitted on-site provide the identity of the individuals submitting requests and the identity of the individuals they may appoint as their representative.", "uuid": "c10b1012-d440-426d-919e-4314090bb711" }, { "code": "Right of access and data portability_04", "description": "Confirm that requests to exercise the right of access submitted by regular mail are signed and accompanied by a photocopy of a piece of identification (which should not be retained unless proof must be kept) and that they specify a reply-to address.", "uuid": "4a6e08eb-25a3-4705-87a6-00ae4dc26e0d" }, { "code": "Right of access and data portability_05", "description": "Confirm that requests to exercise the right of access submitted by email (using an encrypted channel if transmitted via the Internet) are accompanied by a digitized piece of identification (which should not be retained unless proof must be kept and, in that case, in black and white, low definition and as an encrypted file).", "uuid": "d2f46aae-123a-4047-be3d-9c77d1b1cfe0" }, { "code": "Right of access and data portability_06", "description": "Ensure that all information that data subjects may request can be provided while still protecting the personal data of third parties.", "uuid": "7a3dd186-475f-471d-9f5b-702cdf2aaed0" }, { "code": "Right of access and data portability_07", "description": "[medical files] Provide the information within eight days following the request and within two months if the information is more than five years old (as of the date on which the medical information was assembled).", "uuid": "b0308ad7-11e9-440a-8a19-234b47f54bb9" }, { "code": "Right of access and data portability_08", "description": "[medical files] Allow those who hold parental rights (for minors) and legal representatives (for individuals subject to guardianship) to exercise the right of access.", "uuid": "51777d5c-5290-4861-ada7-4b1fadac38a4" }, { "code": "Rights to rectification and erasure_01", "description": "Determine the practical means that will be implemented to permit the exercise of the right to rectification. Individuals must be able to exercise this right as quickly as possible, within two months without exception, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and must not involve any cost to them.", "uuid": "3e5aca0a-a8eb-4005-b549-e14091d02295" }, { "code": "Rights to rectification and erasure_02", "description": "Ensure that the right to rectification may always be exercised.", "uuid": "820e628b-f40d-4454-87b1-eb33e2c4cf7e" }, { "code": "Rights to rectification and erasure_03", "description": "Ensure that the right to rectification may always be exercised.", "uuid": "2ae0587e-65dc-4c2a-9e02-557642a9ffce" }, { "code": "Rights to rectification and erasure_04", "description": "Ensure that the identity of individuals submitting requests will be verified.", "uuid": "749726d9-1fad-4f68-97f9-9a9d6d3b7701" }, { "code": "Rights to rectification and erasure_05", "description": "Ensure that the accuracy of the corrections requested will be verified.", "uuid": "3f2092db-7b8b-47b4-a1e3-5ad2e03c2b99" }, { "code": "Rights to rectification and erasure_06", "description": "Ensure that the data to be deleted are properly erased.", "uuid": "443cde40-ee08-4089-b4d0-239af70e728f" }, { "code": "Rights to rectification and erasure_07", "description": "Ensure that the individuals submitting requests receive confirmation.", "uuid": "89f0882c-0b65-47c9-85dd-c6a675ec890e" }, { "code": "Rights to rectification and erasure_08", "description": "Ensure that the third parties to whom the data may have been sent are informed of the corrections made.", "uuid": "4dd00be3-f30a-4401-8bb8-475e79bf21d7" }, { "code": "Rights to rectification and erasure_09", "description": "Upon receiving an erasure request, inform the user if the personal data are going to be kept all the same (technical requirements, legal obligations.)", "uuid": "fa8b29ba-bef5-484f-90ec-60dd75ea91bf" }, { "code": "Rights to rectification and erasure_10", "description": "Implementing the right to be forgotten for minors.", "uuid": "8222db32-6b4d-4b60-b70b-422764a49dc5" }, { "code": "Rights to rectification and erasure_11", "description": "[online targeted advertising] Provide a way for individuals to access the areas of interest in their profile and a way to modify them. The individual's identity may be authenticated based on the information used to access his or her account or on the cookie (or equivalent) on his or her computer.", "uuid": "68485fa9-6933-4444-81e8-91690350a102" }, { "code": "Rights to restriction and to object_01", "description": "Determine the practical means that will be implemented to allow individuals to exercise the right to object. Individuals must be able to exercise this right as quickly as possible, within two months without exception, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and must not involve any cost to them.", "uuid": "7a35cf66-ace9-44fc-ae3d-4cbacab0d099" }, { "code": "Rights to restriction and to object_02", "description": "Ensure that the right to object may always be exercised and that the personal data collected and processed actually allow the exercise of the right to object.", "uuid": "9ef3e939-b392-4567-9253-36e67d0657a1" }, { "code": "Rights to restriction and to object_03", "description": "Ensure that \"the interested party is able to express his or her choice prior to the final validation of his or her responses\".", "uuid": "8f61de26-82bc-40bb-bbe7-b2205e26a885" }, { "code": "Rights to restriction and to object_04", "description": "Confirm that requests to exercise the right to object submitted on-site provide for verification of the identity of the individuals submitting requests and the identity of the individuals they may appoint as their representative.", "uuid": "595a5219-5458-4c44-8593-0dd33334c199" }, { "code": "Rights to restriction and to object_05", "description": "Confirm that requests to exercise the right to object submitted by regular mail are signed and accompanied by a photocopy of a piece of identification (which should not be retained unless proof must be kept) and that they specify a reply-to address.", "uuid": "5c557a20-1b92-4182-8712-b81b469ccd27" }, { "code": "Rights to restriction and to object_06", "description": "Confirm that requests to exercise the right to object submitted by email (using an encrypted channel if transmitted via the Internet) include a digitized piece of identification (which should not be retained unless proof must be kept and, in that case, in black and white, low definition and as an encrypted file).", "uuid": "bb7a66aa-2629-4922-bb39-ea134171eea8" }, { "code": "Rights to restriction and to object_07", "description": "Ensure that individuals exercising their right to object provide legitimate grounds and that those grounds are evaluated (except in the case of marketing and processing for the purpose of health research, which provides the individual a discretionary right to object).", "uuid": "97c2d533-638f-4b8a-974b-74d767f11301" }, { "code": "Rights to restriction and to object_08", "description": "Ensure that all recipients of the processing are notified of the objections submitted by the data subjects.", "uuid": "e2421127-348a-4457-b196-1e7d88c67e82" }, { "code": "Rights to restriction and to object_09", "description": "[processing via telephone] Provide a mechanism allowing data subjects to express their objection by telephone.", "uuid": "b53d86b0-4b43-45e2-bc95-d38f27521377" }, { "code": "Rights to restriction and to object_10", "description": "[processing via electronic form] Create an easily accessible form with opt-out boxes to check or allow the user to unsubscribe from a service (delete an account).", "uuid": "a5742264-b164-426c-be4f-a8a2030e4768" }, { "code": "Rights to restriction and to object_11", "description": "[processing via email] Ensure that the sender of the messages is clearly identified.", "uuid": "2b0fb90e-89d0-4030-b177-3bb617a63893" }, { "code": "Rights to restriction and to object_12", "description": "[processing via email] Ensure that the body of the messages relates to the subject of the messages.", "uuid": "8d9c1918-8b86-47b3-a9f7-d7d78fe9c3fb" }, { "code": "Rights to restriction and to object_13", "description": "[processing via email] Allow recipients to object by responding to the message or by clicking on a link. Individuals should not be required to identify themselves to unsubscribe.", "uuid": "cb78228a-4041-44a8-a689-bf6578874463" }, { "code": "Rights to restriction and to object_14", "description": "[processing via a connected object or mobile app] Existence of \"Privacy\" settings in mobile apps.", "uuid": "6bb37898-960e-4ca7-98e7-95e81e4bddd3" }, { "code": "Rights to restriction and to object_15", "description": "[processing via a connected object or mobile app] Allow the mobile app user to object to the collection of special data.", "uuid": "7459271b-d172-4ad6-81da-cb209817a995" }, { "code": "Rights to restriction and to object_16", "description": "[processing via a connected object or mobile app] Take underage users into account.", "uuid": "44daf7b1-6e18-4b46-a66c-f79b94e4cfe2" }, { "code": "Rights to restriction and to object_17", "description": "[processing via a connected object or mobile app] Properly stop any collection of data where the user withdraws his/her consent.", "uuid": "145b5b1e-fadd-46ee-942a-645112753615" }, { "code": "Risk management_01", "description": "List the personal data processing operations, whether automated or otherwise, the data processed (e.g. client files, contracts) and the supporting assets on which they rely.", "uuid": "fe95ad70-790a-456e-a46e-1585608fe899" }, { "code": "Risk management_02", "description": "Assess the way in which the fundamental principles (information, consent, right of access, etc.) are respected.", "uuid": "814d402c-daf5-4f3b-88e7-82cfc5f7b1c9" }, { "code": "Risk management_03", "description": "Assess the risks of each processing.", "uuid": "c70188fa-c058-415e-a704-5f089a20faec" }, { "code": "Risk management_04", "description": "Implement and check the planned measures. Where the existing and planned measures are considered appropriate for guaranteeing the right level of security in light of the risks, their application and monitoring must be ensured.", "uuid": "f5f11b9a-a9f1-4836-8da4-a3a7ef479e93" }, { "code": "Risk management_05", "description": "Make sure a security audit is carried out periodically \u2013 annually where possible. Each audit must be accompanied by an action plan, the implementation of which should be monitored at the highest level.", "uuid": "9335ac84-9854-4c75-8841-c059c9e9ed6a" }, { "code": "Risk management_06", "description": "Update the map periodically and at each major change.", "uuid": "09c8fe47-6d8e-4130-b6f4-98127bfe2eb2" }, { "code": "Staff management_01", "description": "Make sure that individuals who have access to personal data and the processing of such data are qualified for their jobs.", "uuid": "7f6b0b2f-b85a-4b3d-a7ab-69d4d1a08f4d" }, { "code": "Staff management_02", "description": "Make sure that the working conditions of individuals with access to personal data and the processing of such data are satisfactory.", "uuid": "c80aacb6-80d5-4222-92b7-d7482e0da130" }, { "code": "Staff management_03", "description": "Raise the awareness of individuals with access to personal data and the processing of such data about the risks associated with exploitation of their vulnerabilities.", "uuid": "2aaa85f4-a8a1-4d03-940c-fed3552a5943" }, { "code": "Storage durations_01", "description": "Define, for each data category, storage durations that are time-limited and appropriate to the purpose of the processing and/or legal requirements.", "uuid": "9364fb43-09ae-42e0-b273-8b2b0ff24d39" }, { "code": "Storage durations_02", "description": "Check that the processing enables the end of the storage duration to be detected (set up an automatic mechanism based on the date on which the data are created or last used).", "uuid": "2d0ddcc8-aca7-4833-b10a-1ce35039f496" }, { "code": "Storage durations_03", "description": "Confirm that the processing allows the deletion of personal data when the storage duration expires and that the method chosen to delete them is appropriate to the risks to privacy of the data subjects.", "uuid": "fb34159c-869f-47fd-afdb-07d7c5c6add6" }, { "code": "Storage durations_04", "description": "Once the storage duration has expired, subject to intermediate archiving of the necessary data, delete the data with immediate effect.", "uuid": "e662c3c9-6b20-48fc-afbf-4940f89193a6" }, { "code": "Supervision_01", "description": "Regularly inspect personal data processing operations to ensure that they comply with GDPR as well as the effectiveness and appropriateness of planned measures.", "uuid": "ab36dcfc-8acd-4ef4-9670-0951f2d038b4" }, { "code": "Supervision_02", "description": "Set data protection objectives in the field of privacy and define indicators for determining whether these objectives are met.", "uuid": "46bac0c0-104c-498f-bb3e-af702c95c734" }, { "code": "Supervision_03", "description": "Regularly assess data protection.", "uuid": "93b8e97a-f1bb-4962-a3e2-c78138ff0c93" }, { "code": "Surveillance_01", "description": "Set up a logging architecture that retains a record of security incidents and the time they occurred.", "uuid": "5480b920-a87a-4e8d-903c-4e2b959a0749" }, { "code": "Surveillance_02", "description": "Select the incidents to be logged based on the context, supporting assets (including workstations, firewall, network equipment and servers), risks and legal framework.", "uuid": "1e9bfd52-15f3-4d71-aded-d530a582999f" }, { "code": "Surveillance_03", "description": "Comply with the requirements of GDPR if the logged events include personal data.", "uuid": "1c5e91ea-3a5e-4e49-a151-2d221f650842" }, { "code": "Surveillance_04", "description": "Conduct periodic analyses of the logged information, and if needs be establish a system that detects weak signals automatically.", "uuid": "36c52a02-e84b-4850-aef7-6643002bbe07" }, { "code": "Surveillance_05", "description": "Retain the incident logs for six months unless legal and regulatory restrictions require specific storage durations.", "uuid": "860a6f94-976b-4761-985c-c3a4d220be70" }, { "code": "Surveillance_06", "description": "[firewall] Establish a filtering policy that prohibits any direct communication between the internal workstations and the exterior (permit connections only via the firewall) and allow only those flows that are explicitly authorized (firewall blockage of all connections except those identified as necessary).", "uuid": "b0998e5c-5e6f-4f1a-97f0-4997f2b1a8f2" }, { "code": "Surveillance_07", "description": "[firewall] Log all successful authorized connections and all rejected attempts to connect.", "uuid": "bbaedcb2-560f-43a1-a28b-3a3fb9a77181" }, { "code": "Surveillance_08", "description": "[firewall] Export the logs via a secure channel to a dedicated server.", "uuid": "6ef6c9a0-bcab-4aa5-9fe6-e848a88ad46a" }, { "code": "Surveillance_09", "description": "[network equipment] Log the activity on each port of a switch or a router.", "uuid": "c0cd756e-dc5a-4cf7-aa43-da45f3fcbd60" }, { "code": "Surveillance_10", "description": "[network equipment] Export the logs to a dedicated server using an integrated client syslog or via a netflow.", "uuid": "c2e4f784-1347-499f-a76d-180a78756afd" }, { "code": "Surveillance_11", "description": "[network equipment] Monitor the volume based on times and monitor compliance with any access control lists (ACL) for the routers.", "uuid": "90a8ee4a-7138-44e2-a52d-a55ddeaf0b15" }, { "code": "Surveillance_12", "description": "[server] Log as much information as possible regarding client requests on the web servers to identify configuration defects and injections of SQL queries.", "uuid": "e1b1359e-d937-4028-a6a2-1d3da2c2c44a" }, { "code": "Surveillance_13", "description": "[server] Log users' activity on the proxy servers.", "uuid": "657c1b9d-6675-40b5-9a6d-5f29e4d12d7c" }, { "code": "Surveillance_14", "description": "[server] Log all queries made to the DNS servers, whether issued by Internet users or internal network clients.", "uuid": "89954a92-cae7-4685-8ec1-552af649cc8f" }, { "code": "Surveillance_15", "description": "[server] Log the time- and date-stamped authentication data and the length of each connection on the remote access servers.", "uuid": "43f776b1-40c5-4c10-b220-306e85583ac7" }, { "code": "Surveillance_16", "description": "[server] Log the reception and management of messages on the messaging servers.", "uuid": "ebda03ad-7d72-45ab-8c85-f71b89ed797e" }, { "code": "Traceability_01", "description": "Depending on the country in question, justify the choice of remote hosting and indicate the legal supervision arrangements implemented in order to ensure adequate protection of the data which are subject to a cross-border transfer.", "uuid": "c124943d-08c4-45b2-97ce-17eeff247a10" }, { "code": "Traceability_02", "description": "Set up user authentication making it possible to attribute the logged incidents.", "uuid": "94de88c6-f55d-451b-a844-4c97bc3b677c" }, { "code": "Traceability_03", "description": "Comply with the requirements of GDPR as regards logged events attached to an identified user.", "uuid": "e0e84602-ed80-4927-bd9e-cc4fc032869c" }, { "code": "Traceability_04", "description": "Conduct periodic analyses of the logged information and, if needs be, establish a system that detects abnormal activity automatically.", "uuid": "04f41149-f24e-4120-aa99-78c0e30448c6" }, { "code": "Transfer outside EU_01", "description": "State the geographic storage location for the different types of processing data.", "uuid": "9f6b1062-13cd-4ecb-a43c-bcbab3655af6" }, { "code": "Transfer outside EU_02", "description": "Depending on the country in question, justify the choice of remote hosting and indicate the legal supervision arrangements implemented in order to ensure adequate protection of the data which are subject to a cross-border transfer.", "uuid": "94e7783a-5e67-45a6-a439-01f0492fdc1e" }, { "code": "Website_01", "description": "Use a certificate signed by an \"approved\" trusted root authority.", "uuid": "d49de769-1ea6-4046-a829-5e1990c6042f" }, { "code": "Website_02", "description": "Traffic encryption must be guaranteed by TLS; then, it is necessary to configure the web server so that this only accepts this type of protocol (particularly exclude the SSL protocol and render encryption compulsory during SSL negotiations)", "uuid": "d8f38e66-61a1-4033-b530-3cef1ec16aed" }, { "code": "Website_03", "description": "Define a Content-Security-Policy only including stakeholders whom you authorize to place content on your website.", "uuid": "2e7e68ce-861c-417a-893e-5034dcb9f559" }, { "code": "Website_04", "description": "Conduct on-site security audits.", "uuid": "ffca4dc3-0dff-4c78-95bd-0aca191f8f23" }, { "code": "Workstations_01", "description": "Ensure that the IT department provides users with workstations that are kept secure and in working order.", "uuid": "b1fcea2c-d822-4ccf-9fb2-ba401a747610" }, { "code": "Workstations_02", "description": "Small workstations, especially laptops, can be easily stolen. They must therefore be equipped with anti-theft cables whenever their users are not nearby and the premises are not protected by physical security measures.", "uuid": "6b75e464-9a3f-4e3f-8605-e6bf06e320df" }, { "code": "Workstations_03", "description": "Retrieve data, except for data defined as private or personal, from workstations before they are assigned to other persons.", "uuid": "dd87892a-27d0-4680-be98-aa1d9372c722" }, { "code": "Workstations_04", "description": "Erase data from workstations before assigning them to other persons or if such workstations are shared.", "uuid": "82ed5d4a-9600-407e-898e-eac4c2936f4f" }, { "code": "Workstations_05", "description": "Delete temporary data each time a person logs onto a shared workstation.", "uuid": "c15b93e3-9ef1-4efb-a5f6-018c1d176b53" }, { "code": "Workstations_06", "description": "If a workstation becomes compromised, inspect the system for all signs of intrusion in order to determine whether other information has been compromised by the attacker.", "uuid": "5b1d0450-a746-4688-97f5-08b1283c1db4" }, { "code": "Workstations_07", "description": "Maintain systems and applications up-to-date (versions, security patches, etc.) or, where this is not possible (e.g. applications available only on a system that is no longer supported by the software company), isolate the machine and closely monitor the logs.", "uuid": "a50db22c-4108-4c18-8209-d860708f07a0" }, { "code": "Workstations_08", "description": "Document configurations and update them whenever major changes are made.", "uuid": "caec7b23-f185-4bac-ac21-275f8c109b52" }, { "code": "Workstations_09", "description": "Reduce the possibilities of misuse.", "uuid": "7002e5b3-1696-4cbb-b698-8e019bb3b0ef" }, { "code": "Workstations_10", "description": "Protect workstations access.", "uuid": "5e0092bc-7eb8-4599-8a0a-728aa7e224cf" }, { "code": "Workstations_11", "description": "Enable protection measures afforded by the system and the applications.", "uuid": "390ad031-333f-4449-bf96-5aa2b34f02ac" }, { "code": "Workstations_12", "description": "Prohibit local sharing of directories or data on workstations.", "uuid": "7b5ff016-d3fc-4468-88a0-8a73cb5e153c" }, { "code": "Workstations_13", "description": "Store user data on a backed-up network space, not on workstations.", "uuid": "9dc44b61-d124-47f5-a272-25023edea841" }, { "code": "Workstations_14", "description": "If data must be stored on a local workstation, provide users with means of synchronization or backup and inform them how to use these means.", "uuid": "130bf4ae-d3f4-4409-96a1-0d91c37f261e" }, { "code": "Workstations_15", "description": "Secure the configuration of Web browsers.", "uuid": "6481e72d-5c49-40a0-bedb-452ac59836ff" }, { "code": "Workstations_16", "description": "Deploy a secure browser on all servers that are to be used to access the Internet or an intranet.", "uuid": "72bf8a1c-b98c-476d-8d6a-4feb688d8e70" }, { "code": "Workstations_17", "description": "Limit the number of plugins, remove any that are not used, regularly update those that are left installed.", "uuid": "319fcc62-4d32-4903-9ba1-aef7d58c0900" }, { "code": "Workstations_18", "description": "Prohibit the use of downloaded applications that are not from safe sources.", "uuid": "df180601-4736-4f3f-a3ff-aee76f31a5ea" }, { "code": "Workstations_19", "description": "Search for exploitable vulnerabilities.", "uuid": "1399ed3f-423f-4a7f-8143-646477f3bb22" }, { "code": "Workstations_20", "description": "Check system integrity using integrity checkers (which check the integrity of selected files).", "uuid": "87b654c1-47a5-4c35-848b-f53a8404907a" }, { "code": "Workstations_21", "description": "Confirm that the maximum size of the incident logs is adequate and, in particular, that the oldest incidents are not automatically deleted if the maximum size is reached.", "uuid": "f36a4d0b-ba0b-4c36-bca6-39f5ee193e1d" }, { "code": "Workstations_22", "description": "Log application, security and system-related incidents.", "uuid": "02cc65ae-2522-4ebf-97a0-4f3d3230736e" }, { "code": "Workstations_23", "description": "Export the logs using domain management functionalities or via a client syslog.", "uuid": "c74af249-f469-40e3-bee4-631299caf240" }, { "code": "Workstations_24", "description": "Analyze primarily the connection and disconnection times, the type of protocol used to connect and the type of user who uses it, the original IP connection address, successive connection failures and unplanned interruptions of applications or tasks.", "uuid": "3a08d397-5234-43c4-bef4-74c23bd83bab" }, { "code": "Workstations_25", "description": "[mobile devices] Encrypt personal data stored on mobile devices.", "uuid": "3c61efd4-f671-49ac-8137-e942341c0d75" }, { "code": "Workstations_26", "description": "[mobile devices] Limit the amount of personal data stored on mobile devices to the strict minimum, and prohibit such storage during travel abroad if needs be.", "uuid": "1e3d14e1-2acd-4510-9428-52222cb5366e" }, { "code": "Workstations_27", "description": "[mobile devices] Ensure the availability of personal data stored on mobile devices.", "uuid": "afd91008-7339-4160-8193-998cc570f2e5" }, { "code": "Workstations_28", "description": "[mobile devices] Erase personal data from mobile devices as soon as such data is entered in the organization's information system.", "uuid": "07b2d2df-e1b9-4752-9be9-aab849ac6bda" }, { "code": "Workstations_29", "description": "[mobile devices] Place privacy filters on mobile devices whenever they are used outside the organization.", "uuid": "55607dc8-949c-4d95-a216-f602a0d61958" }, { "code": "Workstations_30", "description": "[smartphones] Configure smartphones before delivering them to users.", "uuid": "b84dfff8-2705-4b25-8fc7-eea8b61f9af4" }, { "code": "Workstations_31", "description": "[smartphones] Inform users, such as in a memo provided at delivery, about how to use their phone, the applications installed on it (e.g. Business Mail, Exchange, etc.), the services provided, and the security rules to be followed.", "uuid": "96e207b0-160a-4d9f-818c-5a6098b88685" }, { "code": "Workstations_32", "description": "[server] Isolate the server from the rest of the network in a specific DMZ or VLAN, use up-to-date virus, spyware and spam protection, immediately install operating system security updates, authenticate devices with digital certificates (where possible), etc.", "uuid": "df5cfbbc-c589-49ac-ac0c-4eafe4e815ee" }, { "code": "Workstations_33", "description": "[smartphones] Secure phones at the end of their life cycle.", "uuid": "28662b29-7c3b-43cd-8ba8-952298ae3a8f" } ], "version": 1 } 2019-11-28T14:05:15.667751+00:00 https://objects.monarc.lu/object/get/28 ISO/IEC 27002 2021-01-17T22:00:06.110311+00:00 MONARC { "label": "ISO/IEC 27002", "language": "EN", "refs": [ "https://www.iso.org/standard/54533.html" ], "uuid": "98ca84fb-db87-11e8-ac77-0800279aaa2b", "values": [ { "category": "Information security policies", "code": "5.1.1", "label": "Policies for information security", "uuid": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security policies", "code": "5.1.2", "label": "Review of the policies for information security", "uuid": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.1", "label": "Information security roles and responsibilities", "uuid": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.2", "label": "Segregation of duties", "uuid": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.3", "label": "Contact with authorities", "uuid": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.4", "label": "Contact with special interest groups", "uuid": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.1.5", "label": "Information Security in Project Management", "uuid": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.2.1", "label": "Mobile device policy", "uuid": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "category": "Organization of information security", "code": "6.2.2", "label": "Teleworking", "uuid": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.1.1", "label": "Screening", "uuid": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.1.2", "label": "Terms and conditions of employment", "uuid": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.2.1", "label": "Management responsibilities", "uuid": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.2.2", "label": "Information security awareness, education and training", "uuid": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.2.3", "label": "Disciplinary process", "uuid": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "category": "Human resource security", "code": "7.3.1", "label": "Termination or change of employment responsibilities", "uuid": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.1", "label": "Inventory of Assets", "uuid": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.2", "label": "Ownership of assets", "uuid": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.3", "label": "Acceptable use of assets", "uuid": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.1.4", "label": "Return of assets", "uuid": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.2.1", "label": "Classification guidelines", "uuid": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.2.2", "label": "Labelling of information", "uuid": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.2.3", "label": "Handling of assets", "uuid": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.3.1", "label": "Management of removeable media", "uuid": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.3.2", "label": "Disposal of media", "uuid": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "category": "Asset management", "code": "8.3.3", "label": "Physical Media transfer", "uuid": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.1.1", "label": "Access control policy", "uuid": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.1.2", "label": "Access to networks and network services", "uuid": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.1", "label": "User registration and deregistration", "uuid": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.2", "label": "User access provisioning", "uuid": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.3", "label": "Management of privileged access rights", "uuid": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.4", "label": "Management of secret authentication information of users", "uuid": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.5", "label": "Review of user access rights", "uuid": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.2.6", "label": "Removal or adjustment of access rights", "uuid": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.3.1", "label": "Use of secret authentication information", "uuid": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.1", "label": "Information access restriction", "uuid": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.2", "label": "Secure log-on procedures", "uuid": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.3", "label": "Password management system", "uuid": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.4", "label": "Use of privileged utility programs", "uuid": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "category": "Access control", "code": "9.4.5", "label": "Access control to program source code", "uuid": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptography", "code": "10.1.1", "label": "Policy on the use of cryptographic controls", "uuid": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "category": "Cryptography", "code": "10.1.2", "label": "Key management", "uuid": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.1", "label": "Physical security perimeter", "uuid": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.2", "label": "Physical entry controls", "uuid": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.3", "label": "Securing offices, rooms and facilities", "uuid": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.4", "label": "Protecting against external and environmental attacks", "uuid": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.5", "label": "Working in secure areas", "uuid": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.1.6", "label": "Delivery and loading areas", "uuid": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.1", "label": "Equipment siting and protection", "uuid": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.2", "label": "Supporting utilities", "uuid": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.3", "label": "Cabling Security", "uuid": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.4", "label": "Equipment maintenance", "uuid": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.5", "label": "Security of equipment off-premises", "uuid": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.6", "label": "Security of equipment and assets off-premises", "uuid": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.7", "label": "Secure disposal or re-use of equipment", "uuid": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.8", "label": "Unattended user equipment", "uuid": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "category": "Physical and environmental security", "code": "11.2.9", "label": "Clear desk and clear screen policy", "uuid": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.1", "label": "Documented operating procedures", "uuid": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.2", "label": "Change management", "uuid": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.3", "label": "Capacity management", "uuid": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.1.4", "label": "Separation of development, testing and operational environments", "uuid": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.2.1", "label": "Controls against malicious code", "uuid": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.3.1", "label": "Information Backup", "uuid": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.1", "label": "Event logging", "uuid": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.2", "label": "Protection of log information", "uuid": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.3", "label": "Administrator and operator logs", "uuid": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.4.4", "label": "Clock synchronisation", "uuid": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.5.1", "label": "Installation of software on operational systems", "uuid": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.6.1", "label": "Management of technical vulnerabilities", "uuid": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.6.2", "label": "Restrictions on software installation", "uuid": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "category": "Operations security", "code": "12.7.1", "label": "Information systems audit controls", "uuid": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.1.1", "label": "Network controls", "uuid": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.1.2", "label": "Security of network services", "uuid": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.1.3", "label": "Segregation in networks", "uuid": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.1", "label": "Information transfer policies and procedures", "uuid": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.2", "label": "Agreements on information transfer", "uuid": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.3", "label": "Electronic messaging", "uuid": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "category": "Communications security", "code": "13.2.4", "label": "Confidentiality or non-disclosure agreements", "uuid": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.1.1", "label": "Information security requirements analysis and specification", "uuid": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.1.2", "label": "Securing application services on public networks", "uuid": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.1.3", "label": "Protecting application services transactions", "uuid": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.1", "label": "Secure development policy", "uuid": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.2", "label": "System change control procedures", "uuid": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.3", "label": "Technical review of applications after operating platform changes", "uuid": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.4", "label": "Restrictions on changes to software packages", "uuid": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.5", "label": "Secure system engineering principles", "uuid": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.6", "label": "Secure development environment", "uuid": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.7", "label": "Outsourced software development", "uuid": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.8", "label": "System security testing", "uuid": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.2.9", "label": "System acceptance testing", "uuid": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "category": "System acquisition, development and maintenance", "code": "14.3.1", "label": "Protection of test data", "uuid": "267fdb78-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.1.1", "label": "Information security policy for supplier relationships", "uuid": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.1.2", "label": "Addressing security within supplier agreements", "uuid": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.1.3", "label": "Informaiton and communication technology supply chain", "uuid": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.2.1", "label": "Monitoring and review of supplier services", "uuid": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "category": "Supplier relationships", "code": "15.2.2", "label": "Managing changes to supplier services", "uuid": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.1", "label": "Responsibilities and procedures", "uuid": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.2", "label": "Reporting information security events", "uuid": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.3", "label": "Reporting information security weaknesses", "uuid": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.4", "label": "Assessment of and decision on information security events", "uuid": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.5", "label": "Response in information security incidents", "uuid": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.6", "label": "Learning from information security incidents", "uuid": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "category": "information security incident management", "code": "16.1.7", "label": "Collection of evidence", "uuid": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.1.1", "label": "Planning information security continuity", "uuid": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.1.2", "label": "Implementing information security continuity", "uuid": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.1.3", "label": "Verify, review and evaluate information security continuity", "uuid": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "category": "Information security aspects of business continuity management", "code": "17.2.1", "label": "Availability of information processing facilities", "uuid": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.1", "label": "Identification of applicable legislation", "uuid": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.2", "label": "Intellectual Property Rights", "uuid": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.3", "label": "Protection of records", "uuid": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.4", "label": "Privacy and protection of personally identifiable information", "uuid": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.1.5", "label": "Regulation of cryptographic controls", "uuid": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.2.1", "label": "Independent review of information security", "uuid": "267fc84f-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.2.2", "label": "Compliance with security policies and standards", "uuid": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "category": "Compliance", "code": "18.2.3", "label": "Technical compliance review", "uuid": "267fe600-f705-11e8-b555-0800279aaa2b" } ], "version": 1, "version_ext": "ISO/IEC 27002:2013" } 2019-11-28T14:06:47.966060+00:00 https://objects.monarc.lu/object/get/31 NIST SP 800-53 (Rev.5) - ISO/IEC 27002 2021-01-17T22:00:06.106655+00:00 MONARC { "label": "NIST SP 800-53 (Rev.5) - ISO/IEC 27002", "refs": [ "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft" ], "uuid": "5696c21b-4b52-4230-be0c-89352b8c9baa", "values": [ { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "ebf10522-0f57-4880-aa73-e28a206b7be4", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "8245e3a6-09ee-488a-880f-8d1b811b2091", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "e2323e31-d4c5-4f58-8de3-529d41c7fde6", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "35f0172f-4770-4f69-9aa7-8b48a880c85a", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "cea02331-b15a-42bb-ae5c-826afb449240", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "f8e45f26-413c-4c61-be2c-216ec688ecb1", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "2006d82c-a148-470f-ad3d-339980bb69b9", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "a06fe04e-e834-42c9-8b4f-d998eb493136", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "48e9827d-60b5-4637-89fa-45dfb4231ff7", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "48e9827d-60b5-4637-89fa-45dfb4231ff7", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "33d42330-bde6-4964-82c9-fd2eaa07792d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "1b2e1483-0a0e-4c84-ad44-42db07d6172f", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "5dad70d6-04e6-4ad0-9c32-c565e40329ad", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "5dad70d6-04e6-4ad0-9c32-c565e40329ad", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "5dad70d6-04e6-4ad0-9c32-c565e40329ad", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "250001c2-f02d-496c-917e-70034724bfd6", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "250001c2-f02d-496c-917e-70034724bfd6", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "250001c2-f02d-496c-917e-70034724bfd6", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "5d4dc43c-9c46-4fc5-969b-02a1421acf42", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "5d4dc43c-9c46-4fc5-969b-02a1421acf42", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "5d4dc43c-9c46-4fc5-969b-02a1421acf42", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ccd5e72f-92d7-4824-8caa-9a75209849d2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "468658d8-61b8-4757-8c28-d6017337ea91", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a32e8643-88b7-4fa6-9a25-f67b9236b9d0", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "0de44076-cd30-439a-9375-c7c6692da6b2", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "6145995f-74e1-4479-ba93-c1cdd9e34f8c", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc90c0a-8c92-4e75-ba67-a9dd2a64ca9d", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "cb39be02-c637-4984-ad59-ad1b5afd7609", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "b9383590-e160-4840-b6e7-9476aeb6b8c0", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "aff838cd-5392-4620-be39-87c4ae7b6d33", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "aff838cd-5392-4620-be39-87c4ae7b6d33", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "aff838cd-5392-4620-be39-87c4ae7b6d33", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "30ccd853-e570-4c61-98d0-4837692d0654", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "30ccd853-e570-4c61-98d0-4837692d0654", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "30ccd853-e570-4c61-98d0-4837692d0654", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d447bf80-7c6e-4e16-9f69-a15ed7eafd92", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "e499f145-1fad-49e2-9403-f50a2a9801e8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9bc48f7a-6863-421d-96c5-7e7099ef2415", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "1efbb7bc-a9df-41b0-af65-c8c7cc593246", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "1efbb7bc-a9df-41b0-af65-c8c7cc593246", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "1efbb7bc-a9df-41b0-af65-c8c7cc593246", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "6c55f12d-0f58-4caf-9c27-91c38d3620e3", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "6c55f12d-0f58-4caf-9c27-91c38d3620e3", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "6c55f12d-0f58-4caf-9c27-91c38d3620e3", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "0af9100d-df42-4d7e-953d-8c1fd56dff85", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5264169d-4e61-40b7-800e-1998f41af781", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "698ebcc9-cf38-49d4-9a7a-dce61bbff968", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "27086d2c-4ed0-4163-89c3-d280559102ea", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "4d738f6e-3999-4a07-97f8-552ef2df77f3", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "4d738f6e-3999-4a07-97f8-552ef2df77f3", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "dce2b6b6-33dd-45b1-9006-e09493aa95e3", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "d0557646-d1eb-4d79-8670-b1cdaf1072be", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "36ae972c-4543-4548-8946-47cb651ed0ef", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "36ae972c-4543-4548-8946-47cb651ed0ef", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "36ae972c-4543-4548-8946-47cb651ed0ef", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "8ccaf96b-99b1-4677-be72-1e072cc26ebd", "match": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "control": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "50310b7b-0a4b-4572-998c-5954f7d6750e", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "4f08538a-9f7d-422f-aaae-0949bf39c028", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "4c98569b-ec41-4758-b8a3-5bd75b56d38b", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "4c98569b-ec41-4758-b8a3-5bd75b56d38b", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "60a84903-025a-40c5-9cf6-dad960e55cf1", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "60a84903-025a-40c5-9cf6-dad960e55cf1", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "60a84903-025a-40c5-9cf6-dad960e55cf1", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "1dfd046a-a422-4089-9fda-c141e865042a", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "1dfd046a-a422-4089-9fda-c141e865042a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "1dfd046a-a422-4089-9fda-c141e865042a", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "01096bf7-a45e-40d9-851e-72a6b8d7344a", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "01096bf7-a45e-40d9-851e-72a6b8d7344a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "5ba61017-362e-411b-929d-c76c27358660", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "b705c1c5-aee2-4cb0-9f55-f045fc627f34", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "5278ff6f-473b-4a2c-8234-1a6a3198c701", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "99e77822-723b-4a08-8ee0-4c73ad494db7", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "23ab9d48-396c-4f20-9344-e6a6bd2439a2", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "23ab9d48-396c-4f20-9344-e6a6bd2439a2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "1bf6a2b8-b728-49a2-953f-0a965d966db1", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "7c68c0c2-fea5-44d1-8580-5170edd92e22", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "df6812ce-357b-44ae-8979-a663a85fa687", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "df6812ce-357b-44ae-8979-a663a85fa687", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "b41dacdb-78d6-4744-bcae-5a46b95cfe04", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "4123ace0-da01-431c-997c-bd03e3319f36", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "72eed0db-aa5a-4677-899f-b56d01187c6e", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d351c523-45f7-405c-aa9e-eb4289dea021", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "90b76f4c-10ec-4530-a7c8-b3d488d8886d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "67e6c588-aea1-47c7-a34e-e04bf91df582", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "74b14d2d-6320-4ac9-9b74-d93177dd4329", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "10213f53-5179-42f2-beb6-1364872d983d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "69e93c59-0239-4bc8-8d5f-d2c65c706f46", "match": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "control": "69e93c59-0239-4bc8-8d5f-d2c65c706f46", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "69e93c59-0239-4bc8-8d5f-d2c65c706f46", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "54802539-1d62-43c3-8f7e-8c7e03087812", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c2260bd5-161f-4fb9-8496-0de50c2c3440", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "c2260bd5-161f-4fb9-8496-0de50c2c3440", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e1211579-cdf4-4357-ba8a-3a5c46401837", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "7fb408ab-f358-489d-be81-5b9395da78a7", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "9d4a3657-457f-4223-adfe-d0b2df91ffc3", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "9d4a3657-457f-4223-adfe-d0b2df91ffc3", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "508b0a74-cd81-4a65-b2c1-bb4c193adc53", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "9368a916-1fac-4dd2-b621-751ef4483a72", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "bcc51690-d12c-41a8-bd76-6aae187a8afc", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "14555491-0f15-428b-9ecd-836c6307675c", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "14555491-0f15-428b-9ecd-836c6307675c", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "14555491-0f15-428b-9ecd-836c6307675c", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "70ccf1af-4cad-443a-9dcd-9b49c4b6aec8", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "50272033-eb78-4309-84e0-303320d75b87", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "50272033-eb78-4309-84e0-303320d75b87", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "50272033-eb78-4309-84e0-303320d75b87", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "025d84e9-5612-404e-acf4-5d860c01a73c", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "b0779c7f-7db2-4af2-ab93-5c000a889408", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "cc087e48-874b-4953-adcc-96fac3f19306", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "cc087e48-874b-4953-adcc-96fac3f19306", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "5b92c7ee-202b-4de8-983c-74937b86b48f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ee9525ea-a06f-4862-b6c8-c09fa266ea38", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "dc814dd1-359d-4245-839c-5a1cdd6e1bad", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "f7c64768-dc70-4e4d-b121-58f41bfde7c6", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "f7c64768-dc70-4e4d-b121-58f41bfde7c6", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "f7c64768-dc70-4e4d-b121-58f41bfde7c6", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "c1738677-3cae-4833-97b4-f2f3c04dd5e0", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "06679cfa-1bfd-436a-b99d-698fb275dfdb", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "06679cfa-1bfd-436a-b99d-698fb275dfdb", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "06679cfa-1bfd-436a-b99d-698fb275dfdb", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "e8ed7158-ffc1-44a4-8673-80286ad97b36", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "e8ed7158-ffc1-44a4-8673-80286ad97b36", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "990ee3a7-3044-4c8f-8387-946a7a9aba76", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "6d3fbb99-fa7d-4c65-9c5f-928044a5840f", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "5cf67afa-7a43-4dd4-b1db-dd28862a689c", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "51e4fd6c-0aa8-4604-b13d-bf74c9706922", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "51e4fd6c-0aa8-4604-b13d-bf74c9706922", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "9dda0a30-be3d-4752-867d-bf9570971c52", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "9dda0a30-be3d-4752-867d-bf9570971c52", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "9dda0a30-be3d-4752-867d-bf9570971c52", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "6448f036-bdb2-4f21-8e30-0acf8073215d", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "6448f036-bdb2-4f21-8e30-0acf8073215d", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "6448f036-bdb2-4f21-8e30-0acf8073215d", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "de6195c6-1fc1-423a-a748-785653c9324f", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "de6195c6-1fc1-423a-a748-785653c9324f", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "de6195c6-1fc1-423a-a748-785653c9324f", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "aead24db-a196-4daf-a099-60b1d1991d70", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "aead24db-a196-4daf-a099-60b1d1991d70", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "aead24db-a196-4daf-a099-60b1d1991d70", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "53ae3aa9-d88e-4f55-a040-375cfe348c48", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "53ae3aa9-d88e-4f55-a040-375cfe348c48", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "244cbc08-55d5-46ea-ba28-aec72f16b337", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "244cbc08-55d5-46ea-ba28-aec72f16b337", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "2fd70998-9247-4efd-923d-276f5c76b3b9", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "b3523d09-add6-4b33-aa3e-6f780d83a9d6", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3c492512-da9f-4112-a76a-3e5cb0400e6f", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "8047a1c6-e890-4817-982d-04fcdc2820a2", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "8047a1c6-e890-4817-982d-04fcdc2820a2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "control": "7b481f8c-2485-40a8-aee7-03b39721e103", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7f388f12-77ec-47bf-b816-79cb42086b09", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "7f388f12-77ec-47bf-b816-79cb42086b09", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5b9bdfcc-3150-4c4a-8b08-386d9a829585", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "293ebc1c-0452-41f8-ab14-101846241a47", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "898d7024-6d3f-4d9a-868f-34ea1e451801", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "08327040-541f-40b4-a1cc-815d9298afe0", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d5a60a37-684d-4b4b-b8a2-7d03814ff70d", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ecefd9da-a07c-41c2-9397-017e878bdb67", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "44b2a62a-6bc7-4474-b618-f1bc15e9798f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ec1457b8-d116-45a4-8c61-5b8ddba8a2b9", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "b395f91d-24a4-4720-8534-3b491bb41002", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "b395f91d-24a4-4720-8534-3b491bb41002", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e1219fd8-9db2-4297-99da-63be2b433aa8", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "e1219fd8-9db2-4297-99da-63be2b433aa8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e25168b6-fb5b-4ae7-a14c-6afc86246348", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "ab16520f-0c45-404d-8852-df2722a96412", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "8e3958aa-59c3-4c3e-9cf0-1283d783ec46", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "8e3958aa-59c3-4c3e-9cf0-1283d783ec46", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3585bbce-5c3b-4a2a-8a53-5c4af9467365", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "41ad2d98-3dc5-4167-a8cf-869b3b53c495", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d7d3d288-cd67-40ea-871a-4aa256262dbf", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a43a957c-c1ce-462f-87b8-bcb962a26991", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9c603ddb-5850-42a9-85bd-641667182bed", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "9c603ddb-5850-42a9-85bd-641667182bed", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "54ca56bb-3a0e-47b9-8cdb-b28976481e54", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "54ca56bb-3a0e-47b9-8cdb-b28976481e54", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e2aa9575-d1f9-440c-a3ae-72f79489dd3c", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "ce8a976a-536a-44ea-bb8b-bcf28a6931c8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "15f0293a-cef3-4c58-a6cf-725f0ea044c5", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "7f02ee88-5118-467b-bffc-c6176276db0a", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "7f02ee88-5118-467b-bffc-c6176276db0a", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "7f02ee88-5118-467b-bffc-c6176276db0a", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a6ae4db0-5f77-4e60-ae47-fa721623bcdb", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "3e6cdfcd-14f3-4b34-a6d4-62d677332806", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "22faa4a0-2027-4150-8176-c77e84e3f03d", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "4d28a85e-20d2-4186-995e-de48a90eebb4", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "4d28a85e-20d2-4186-995e-de48a90eebb4", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "4d28a85e-20d2-4186-995e-de48a90eebb4", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "db5781c8-b759-47de-9862-27b2d3c2b568", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "db5781c8-b759-47de-9862-27b2d3c2b568", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "012149b7-7c59-4220-83bf-d6879a886f20", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "012149b7-7c59-4220-83bf-d6879a886f20", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "012149b7-7c59-4220-83bf-d6879a886f20", "match": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "control": "54db3434-c9cc-4a09-90a0-7e94aa29ae61", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "54db3434-c9cc-4a09-90a0-7e94aa29ae61", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "4b7824ea-dc4e-4938-9ebd-36b865f88585", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "675a9b3f-8abe-4b6f-948e-b701c2a02a84", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "8a174f26-95ff-41dd-8042-039189065395", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "8a174f26-95ff-41dd-8042-039189065395", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9e62441a-c6d5-4707-a835-6230dc5b0d53", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "f19db716-460e-44f8-a2d2-304cbbe54b73", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "f19db716-460e-44f8-a2d2-304cbbe54b73", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "e54190a1-12f2-46d1-b36b-0e7b49b85e43", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "a6a327ee-3850-4c6c-8828-03cbe4ac83df", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "control": "d6871e86-4df5-4d80-8529-3ec214940b69", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "729aa83b-a59b-48a0-b0a0-c592402dcae7", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "d32c4960-9581-4717-9a02-690d61709153", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "6fd6cc79-208a-4f2c-8a05-9adae75fd255", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "6fd6cc79-208a-4f2c-8a05-9adae75fd255", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "64f93d70-568f-404a-a049-b7f37598ec66", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "769c7460-a4d0-45f3-a36e-4b8347526278", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "650ec6f8-fbad-4fe7-a0db-62d3861a5372", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "650ec6f8-fbad-4fe7-a0db-62d3861a5372", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "650ec6f8-fbad-4fe7-a0db-62d3861a5372", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "95f027c8-c84f-474f-bd23-872f96e00dc9", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "95f027c8-c84f-474f-bd23-872f96e00dc9", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "bf85f2a4-2b80-4ae9-b4b5-5c2084c04061", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "7277cac1-5813-4356-b108-72fe5263f8c3", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "11fe35fa-d904-4137-9961-307097961e0c", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "a6586afd-bc0f-4334-88da-615989665368", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "583129dc-d3e3-49c3-8ee9-3fbf18e020de", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "09932f73-e48b-4d2b-bced-733f4039902e", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "6726eb21-52f9-4922-a1d6-50c098ddba74", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "edd532b7-577e-441b-820c-3b73fbd11c79", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "d44c41d6-5fa9-4fac-9751-a8236a103c35", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "c2f67a16-dc82-4d43-a71b-63e2143f9b73", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "a35f7748-5868-46cd-9dea-b4e87fde8311", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "a35f7748-5868-46cd-9dea-b4e87fde8311", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "96e2a11b-1b39-4903-be42-374102c930df", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "83caa43e-7179-4477-8665-66d47d058417", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "15dfbe37-4a2d-4df7-b00c-f558524b561c", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "fa2d6a81-6a4e-41c7-91da-9024f91a7685", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "8cf0e5df-fb43-4dd0-a65e-d635d5902ffc", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "2fd75399-324e-40ed-9a82-80089816f398", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "039e5e9e-19cf-436b-b4fd-d0cfa4547110", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "bf1d6c37-e1e1-4c78-8055-79a364219193", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "bf1d6c37-e1e1-4c78-8055-79a364219193", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "bf1d6c37-e1e1-4c78-8055-79a364219193", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "bca47b93-453b-47d8-8527-16c4fdd8f6e5", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "bca47b93-453b-47d8-8527-16c4fdd8f6e5", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "5c1413f5-14f3-48bc-b371-5fda85e52cb8", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "5c1413f5-14f3-48bc-b371-5fda85e52cb8", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" } ], "version": 1 } 2019-11-29T08:21:17.716282+00:00 https://objects.monarc.lu/object/get/35 NIS security measures - NIST Core 2021-01-17T22:00:06.105643+00:00 MONARC { "label": "NIS security measures - NIST Core", "uuid": "9f6e74bb-c643-4654-bc6d-76dcab49c357", "values": [ { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "d2e86e2d-5bec-42a2-b642-69995b6abcf0" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "cc6aad46-1887-4da6-93e3-c707be07b9f5" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "0550c268-534a-4311-920d-84466e4865c4" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "1bad7834-b740-48ff-8450-5792b55614db" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "7c09a9bf-407c-4509-94c0-af8314fc3b86" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "6d0bfd47-88dc-484a-aed8-196eaa12c4db" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "98ce2a28-d424-4436-8c41-2ec0e8d563fa" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "e384f897-1b70-49a5-8491-24c035e1451f" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "7a9f7d35-6714-4182-ae88-d9ff575224a6" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "97331ab3-3365-4fb0-894c-578c460720fa" }, { "control": "030ef936-d0fe-4d6b-9238-e3004f58f7b6", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "7a4074cc-5b40-486a-9a52-6b49be7f95e6" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "29613b2e-8def-417e-85fa-31aa5ef5de3b" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "4e2499c0-d23d-4977-9e9f-6323af31be24" }, { "control": "d646a78e-68d8-4d60-a01f-455b1a0df4f1", "match": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "01d259f0-ece0-4f7c-91bf-d09844c576cc" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "987e9304-80fd-4470-b8b4-213f41a0a957" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "92a81683-1877-48d3-9d5a-c7c0ddd9852b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "231fc2b1-80c2-450e-9d80-f804f5a8984c" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "acfea27c-c6d5-421a-9ae4-2db82610cc41" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "46555297-7af1-4d59-ac07-6e627aef4dda" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "63f9f527-2c63-4fda-acda-7ebcf3025873" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "30a7a092-3e00-4d33-aec2-66d019c2ff03" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "800fc6f9-e574-4152-89e6-30bae7da4adc" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "6386d5df-56f8-46ad-b181-e870491004a5" }, { "control": "f5f8ef4a-25f2-4169-b279-424081fc6125", "match": "a6b301ed-e0c1-467d-8e42-e2796c64b785" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "50fc2488-b730-48ae-abf8-93e60f141404" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "766520fa-3439-4382-babc-eb7d9d6b1f52" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "a6b301ed-e0c1-467d-8e42-e2796c64b785" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "7cd438b8-038b-4f1f-a431-a1a1a83e009c" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "6da92eea-2f74-458f-a643-361df7ea9f2f" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "831f20de-eadb-44a7-82f3-fcb116d8cb69" }, { "control": "efcb645f-ca20-484d-a3b7-6ef98db907ff", "match": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "382fe4f1-9f05-4169-a343-2c961a8cf359" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "f01b50b8-0e54-4f8f-afee-0ec56f788a42" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "a8f83595-0327-4e24-9557-0e8d9b82856f" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "70e202bf-2270-4daf-8fb5-4f6fb10de979" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "54eeaae4-2b82-43ce-9a61-40d453116d8d" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "bbb99e89-ee33-46fc-bc03-1582631210c4" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "48a13f85-a811-43fa-a0e8-89f67fb2743f" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "f9d1a926-5d39-4123-8b83-a94c21ff18e5" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "23e4c883-c358-4b64-8d7e-249c67b7f1f2" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "025611cb-8431-4a9c-a88c-039141472418" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "9b355a55-73ce-4d55-8016-d93e3c555a55" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "69f50c12-9eab-4305-be4f-97a2002ccc0c" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "31dc508e-664e-4173-8757-00ec985115c8" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "3f6e72ed-2984-452d-badd-5563acbf0450" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "e6ab0d96-2ced-445d-a19f-97710b2cc346" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "0c7c3558-9c78-4bcc-816b-9123c899b653" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "4fe097cd-e0c0-4698-a209-43ffb553a279" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "b237b4b1-a21a-4122-b4c8-e068ad58ef21" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "2736e702-38ef-439d-9e8b-989ef56f8735" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "e94941eb-31da-40e0-b944-07c43233e7c0" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "0de24c0a-53cb-4481-9b8d-fccc252e4f03" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "cce52cf2-aa85-4f33-8cb8-b0508f452c25" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "34a2e449-b69d-4f75-a548-8c5faee598b5" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "75942c69-3336-4e82-bf59-515aaa6e3513" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "2e411d93-1836-4dbc-baf1-a747d2a9915a" }, { "control": "f87f15fe-0170-4164-90de-091d9519d140", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "control": "f87f15fe-0170-4164-90de-091d9519d140", "match": "e4f85702-5874-4361-beec-45d00b379c5b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "e4f85702-5874-4361-beec-45d00b379c5b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "e4380999-3c82-4b85-86cd-86f1f37f97ab" } ], "version": 1 } 2019-11-29T08:21:32.137657+00:00 https://objects.monarc.lu/object/get/34 NIS security measures - ISO/IEC 27002 2021-01-17T22:00:06.104674+00:00 MONARC { "label": "NIS security measures - ISO/IEC 27002", "uuid": "f461053a-ab34-42a6-80cd-83a140b06de1", "values": [ { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "02527779-a76f-42fc-b420-6726099d4241", "match": "267fc6a6-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc989-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "cfda8669-f42c-4917-833e-b873110b4380", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "26b54bed-01d5-4614-b0ed-907af072b8a9", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "7d1e4532-ddb1-408c-8a9d-ffed0cef3821", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fd1ea-f705-11e8-b555-0800279aaa2b" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "1b9d05fc-e385-4fdb-aa44-54e069a9ea91", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "725706a3-fa1d-48e1-8458-21974439b34b", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "957b42b2-b3c6-4d0c-b32e-fcc4bea29ffd", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "f5f8ef4a-25f2-4169-b279-424081fc6125", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd723-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "157d5514-b3cd-4d31-9bff-560a1a436d96", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "f5f8ef4a-25f2-4169-b279-424081fc6125", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "a3f6ee47-de81-400a-a7dc-79e79fb73729", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "efcb645f-ca20-484d-a3b7-6ef98db907ff", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "efcb645f-ca20-484d-a3b7-6ef98db907ff", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "fd44edba-005b-447c-8612-c0a92cbb0ec6", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "fd44edba-005b-447c-8612-c0a92cbb0ec6", "match": "267fdacc-f705-11e8-b555-0800279aaa2b" }, { "control": "7374508b-6114-4219-8834-7b87117fcbf9", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "8e6bf606-42cf-4f85-bedd-5e633d241183", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "4baf165d-b157-4c19-bbd6-ad3ddd5dbe79", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "7374508b-6114-4219-8834-7b87117fcbf9", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "0ca52ad9-4570-46be-88ce-d22efd4a145b", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "b24b90b0-eeea-4a56-b5ef-2c484467c97a", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "e1a91f54-34e4-45c7-8eae-dfc6dee15854", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "8ead422e-2d73-48e8-82f9-b82fe363d072", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "11c11899-6a4d-4937-ae09-fc3dcfdb26f9", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "6b327343-7f81-4a40-bc46-194cf5aa54df", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "9fa537a3-efc0-4624-aeae-ab975076e1c0", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fe847-f705-11e8-b555-0800279aaa2b" }, { "control": "752f00ca-196b-4055-b660-4a09185ce3a7", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "7374508b-6114-4219-8834-7b87117fcbf9", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "66b045d6-77a5-426f-afe5-55cac81ac5c8", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "ea405481-cbe2-4e15-b2a3-f45563e160cc", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "f739cbb5-8ed4-4136-b4c0-4fd3edb84cd8", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "f87f15fe-0170-4164-90de-091d9519d140", "match": "267fea72-f705-11e8-b555-0800279aaa2b" } ], "version": 1 } 2019-11-29T08:22:02.954644+00:00 https://objects.monarc.lu/object/get/32 NIST Core - NIST SP 800-53 (Rev.5) 2021-01-17T22:00:06.100817+00:00 MONARC { "label": "NIST Core - NIST SP 800-53 (Rev.5)", "refs": [ "https://www.nist.gov/cyberframework/framework" ], "uuid": "39e559bb-2365-4455-b220-517e129992ef", "values": [ { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "515fb4c4-2a45-47b7-9a7a-5878f1bbad9c" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "515fb4c4-2a45-47b7-9a7a-5878f1bbad9c" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "6c55f12d-0f58-4caf-9c27-91c38d3620e3" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "063f894b-5f12-4e99-8277-6e21692c977d" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "control": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c", "match": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2" }, { "control": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "76c33e82-04e2-4ee5-88c6-40939d8349a7" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "63f9f527-2c63-4fda-acda-7ebcf3025873", "match": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "control": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "1a422e41-50fc-4c74-b1e4-e3d40b7c82f3", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "7c9127dc-e0e8-4a6f-9cf9-82f5a7b18f37" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "6d3fbb99-fa7d-4c65-9c5f-928044a5840f" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "b705c1c5-aee2-4cb0-9f55-f045fc627f34" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "6fd6cc79-208a-4f2c-8a05-9adae75fd255" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "468658d8-61b8-4757-8c28-d6017337ea91" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "9bc48f7a-6863-421d-96c5-7e7099ef2415" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "698ebcc9-cf38-49d4-9a7a-dce61bbff968" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "b41dacdb-78d6-4744-bcae-5a46b95cfe04" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "74b14d2d-6320-4ac9-9b74-d93177dd4329" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "7fb408ab-f358-489d-be81-5b9395da78a7" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "bcc51690-d12c-41a8-bd76-6aae187a8afc" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "5b92c7ee-202b-4de8-983c-74937b86b48f" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "c1738677-3cae-4833-97b4-f2f3c04dd5e0" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "3c492512-da9f-4112-a76a-3e5cb0400e6f" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "675a9b3f-8abe-4b6f-948e-b701c2a02a84" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "11fe35fa-d904-4137-9961-307097961e0c" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "96e2a11b-1b39-4903-be42-374102c930df" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "293ebc1c-0452-41f8-ab14-101846241a47" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "468658d8-61b8-4757-8c28-d6017337ea91" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "9bc48f7a-6863-421d-96c5-7e7099ef2415" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "698ebcc9-cf38-49d4-9a7a-dce61bbff968" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "c1aa25a1-a0cf-483d-8b7d-44725cd3f6ed" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "b41dacdb-78d6-4744-bcae-5a46b95cfe04" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "74b14d2d-6320-4ac9-9b74-d93177dd4329" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "7fb408ab-f358-489d-be81-5b9395da78a7" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "bcc51690-d12c-41a8-bd76-6aae187a8afc" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "5b92c7ee-202b-4de8-983c-74937b86b48f" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "c1738677-3cae-4833-97b4-f2f3c04dd5e0" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "3c492512-da9f-4112-a76a-3e5cb0400e6f" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "3ceb9dfc-c9e2-4cb6-830d-8170d53d5b05" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "675a9b3f-8abe-4b6f-948e-b701c2a02a84" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "53cbe570-60ce-4aba-9f32-f7cfce6fdc56" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "11fe35fa-d904-4137-9961-307097961e0c" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "96e2a11b-1b39-4903-be42-374102c930df" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "54613df0-e745-4205-a828-827aca596814" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "898d7024-6d3f-4d9a-868f-34ea1e451801" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "ecefd9da-a07c-41c2-9397-017e878bdb67" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "ec1457b8-d116-45a4-8c61-5b8ddba8a2b9" }, { "control": "d2e86e2d-5bec-42a2-b642-69995b6abcf0", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "2080500f-047a-4695-841f-326310fd6a79" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "d32c4960-9581-4717-9a02-690d61709153" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "83caa43e-7179-4477-8665-66d47d058417" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "9a9f32cf-d951-4909-98fe-c6a936af3913" }, { "control": "1bad7834-b740-48ff-8450-5792b55614db", "match": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "9dd48833-5045-4e37-aa9a-2b69ee11739d" }, { "control": "98ce2a28-d424-4436-8c41-2ec0e8d563fa", "match": "08327040-541f-40b4-a1cc-815d9298afe0" }, { "control": "98ce2a28-d424-4436-8c41-2ec0e8d563fa", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "e384f897-1b70-49a5-8491-24c035e1451f", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "7a9f7d35-6714-4182-ae88-d9ff575224a6", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "2d2a7dc6-2770-4897-ac0b-492e7ddd24ed" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "97331ab3-3365-4fb0-894c-578c460720fa", "match": "9a4b8ede-d722-44b8-a04f-ae78cbd266ab" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "e30e5bc6-c3f4-4714-9c0a-6aed3e4daa6d" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "650ec6f8-fbad-4fe7-a0db-62d3861a5372" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "44b2a62a-6bc7-4474-b618-f1bc15e9798f" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "8b250e6b-4463-4d55-9241-c99db31a838c" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "e499f145-1fad-49e2-9403-f50a2a9801e8" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "69e93c59-0239-4bc8-8d5f-d2c65c706f46" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "e1211579-cdf4-4357-ba8a-3a5c46401837" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "e37e0d76-3ea8-49e4-b65b-a5e2645a902a" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "1bf6a2b8-b728-49a2-953f-0a965d966db1" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "7c68c0c2-fea5-44d1-8580-5170edd92e22" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "17a82de8-0490-4100-a4fb-2ad9af49d594" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "f0b81b68-372d-4ced-9c6b-7d8ae3da799c" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "625e343d-7aa1-46e1-939b-50f5b8f5f5b4" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "f1dc5cba-17a8-4bee-aad0-d6b0ca84124d" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "e8ed7158-ffc1-44a4-8673-80286ad97b36" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "b3ee40ae-b296-4e88-9033-cb669e98f11c" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "1b2e1483-0a0e-4c84-ad44-42db07d6172f" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "250001c2-f02d-496c-917e-70034724bfd6" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "fc9d8985-7dea-4b78-b977-7c5ac82e15f2" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "d44c41d6-5fa9-4fac-9751-a8236a103c35" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "35f0172f-4770-4f69-9aa7-8b48a880c85a" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "cea02331-b15a-42bb-ae5c-826afb449240" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "90b4a207-023d-4ac4-a1dd-c5ca32453de2" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "33d42330-bde6-4964-82c9-fd2eaa07792d" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "2feed753-8333-46b9-b4a0-ffd78e6d5f96" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "ebf10522-0f57-4880-aa73-e28a206b7be4" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "33d42330-bde6-4964-82c9-fd2eaa07792d" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "250001c2-f02d-496c-917e-70034724bfd6" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "5493d4a2-bae6-4bdf-ba84-79bbae4fb53b" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "e3d43ffd-1286-42c0-98fa-0e2e75d233e7" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "f8e45f26-413c-4c61-be2c-216ec688ecb1" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "2006d82c-a148-470f-ad3d-339980bb69b9" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "a06fe04e-e834-42c9-8b4f-d998eb493136" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "48e9827d-60b5-4637-89fa-45dfb4231ff7" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "db302cfa-325b-4d4d-a6b3-f85618ca4eb6" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "90b4a207-023d-4ac4-a1dd-c5ca32453de2" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "99e77822-723b-4a08-8ee0-4c73ad494db7" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "b82eba2f-bbf7-4390-aa9e-e35ccae691ba" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "e37e0d76-3ea8-49e4-b65b-a5e2645a902a" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "23ab9d48-396c-4f20-9344-e6a6bd2439a2" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "d0c5fc8d-1e95-4e70-bdfd-f31d368af8f0" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "df6812ce-357b-44ae-8979-a663a85fa687" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "17a82de8-0490-4100-a4fb-2ad9af49d594" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "f0b81b68-372d-4ced-9c6b-7d8ae3da799c" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "625e343d-7aa1-46e1-939b-50f5b8f5f5b4" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "3f956648-f1a8-4c8f-9e4b-11e4da8afc6a" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "6c3aaa6d-9e7c-4dd3-b753-ba11c11ae5a6" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "64694da5-0ca9-44f6-bd94-0dc1fa8f69ea" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "1476a1d4-f1f5-42ae-93a6-1227a89cb3e3" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "b395f91d-24a4-4720-8534-3b491bb41002" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "b6ed1637-26e3-4278-9552-89601f278d8c" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "6726eb21-52f9-4922-a1d6-50c098ddba74" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "a35f7748-5868-46cd-9dea-b4e87fde8311" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "583129dc-d3e3-49c3-8ee9-3fbf18e020de" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "282a9038-ea94-420f-bbaf-fe4abc7addce" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "6726eb21-52f9-4922-a1d6-50c098ddba74" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "b0779c7f-7db2-4af2-ab93-5c000a889408" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "de6195c6-1fc1-423a-a748-785653c9324f" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "6145995f-74e1-4479-ba93-c1cdd9e34f8c" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "f929ec71-03e0-40a2-92eb-4078894a18a2" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "35f0172f-4770-4f69-9aa7-8b48a880c85a" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "cea02331-b15a-42bb-ae5c-826afb449240" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "244cbc08-55d5-46ea-ba28-aec72f16b337" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "012149b7-7c59-4220-83bf-d6879a886f20" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "583129dc-d3e3-49c3-8ee9-3fbf18e020de" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "edd532b7-577e-441b-820c-3b73fbd11c79" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "716c6729-ab0f-4334-a9e6-278dea6a702b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "35964415-2e6b-4a69-b04b-5e0208872f56" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "b4f2c588-db91-4ad4-8122-9d3805a8a54a" }, { "control": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f", "match": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "control": "892d5462-ee77-4379-ab88-a78f3eff45c1", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "892d5462-ee77-4379-ab88-a78f3eff45c1", "match": "b4f2c588-db91-4ad4-8122-9d3805a8a54a" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "4d738f6e-3999-4a07-97f8-552ef2df77f3" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "dce2b6b6-33dd-45b1-9006-e09493aa95e3" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "dfeeec44-4cd4-49f8-8a41-2c03f786f818" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "d0557646-d1eb-4d79-8670-b1cdaf1072be" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "b53a00fb-054c-4f9e-8aff-69ad91c1dcb8" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "d6871e86-4df5-4d80-8529-3ec214940b69" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "729aa83b-a59b-48a0-b0a0-c592402dcae7" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "6fd6cc79-208a-4f2c-8a05-9adae75fd255" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "cd6f1fb6-d9ee-40c8-bc00-8b485185cf15" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "9df48cd7-7ec8-4ac6-9563-68087e9c49d6" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "650ec6f8-fbad-4fe7-a0db-62d3861a5372" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "95f027c8-c84f-474f-bd23-872f96e00dc9" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "2fd75399-324e-40ed-9a82-80089816f398" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "1f5c3fc5-4d27-4018-9f49-ca7edc61d5b4" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "fc3d8c4c-8ced-4f4a-8ad0-a1ae01b35a21" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "9e1e9b36-aa61-4d54-a07c-2c74c341282c" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "f2787cae-deb0-4090-9ed7-866b15d96df2" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "4d738f6e-3999-4a07-97f8-552ef2df77f3" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "769c7460-a4d0-45f3-a36e-4b8347526278" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "60a84903-025a-40c5-9cf6-dad960e55cf1" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "5cdd85f2-15b0-4c61-b3d4-66f4ba9114c8" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "990ee3a7-3044-4c8f-8387-946a7a9aba76" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "5cf67afa-7a43-4dd4-b1db-dd28862a689c" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "51e4fd6c-0aa8-4604-b13d-bf74c9706922" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "9dda0a30-be3d-4752-867d-bf9570971c52" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "6448f036-bdb2-4f21-8e30-0acf8073215d" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "53ae3aa9-d88e-4f55-a040-375cfe348c48" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "b0779c7f-7db2-4af2-ab93-5c000a889408" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "8047a1c6-e890-4817-982d-04fcdc2820a2" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "d5a60a37-684d-4b4b-b8a2-7d03814ff70d" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "5d4dc43c-9c46-4fc5-969b-02a1421acf42" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "1dfd046a-a422-4089-9fda-c141e865042a" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "b827b7db-76ee-4fda-b193-3004feef59e0" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "5278ff6f-473b-4a2c-8234-1a6a3198c701" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "54802539-1d62-43c3-8f7e-8c7e03087812" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "e1211579-cdf4-4357-ba8a-3a5c46401837" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "aead24db-a196-4daf-a099-60b1d1991d70" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "4c98569b-ec41-4758-b8a3-5bd75b56d38b" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "3e6cdfcd-14f3-4b34-a6d4-62d677332806" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "fd87a967-2217-418d-8378-b0773b7ca356" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "22faa4a0-2027-4150-8176-c77e84e3f03d" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "4d28a85e-20d2-4186-995e-de48a90eebb4" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "db5781c8-b759-47de-9862-27b2d3c2b568" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "012149b7-7c59-4220-83bf-d6879a886f20" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "4b7824ea-dc4e-4938-9ebd-36b865f88585" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "7277cac1-5813-4356-b108-72fe5263f8c3" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "83caa43e-7179-4477-8665-66d47d058417" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "9d4a3657-457f-4223-adfe-d0b2df91ffc3" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "508b0a74-cd81-4a65-b2c1-bb4c193adc53" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "be8d5a19-945d-4b26-9499-790193e65b06" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "9368a916-1fac-4dd2-b621-751ef4483a72" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "a8768b25-29ff-4b0a-a61e-89a2dacb2ff8" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "0de44076-cd30-439a-9375-c7c6692da6b2" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "8b250e6b-4463-4d55-9241-c99db31a838c" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "aefeafa5-2f92-4a78-a149-6b00f8a0f9f1" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "6145995f-74e1-4479-ba93-c1cdd9e34f8c" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "bcc90c0a-8c92-4e75-ba67-a9dd2a64ca9d" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "8314aca6-82c0-4955-a6d3-78f41146ef15" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "b9383590-e160-4840-b6e7-9476aeb6b8c0" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "aff838cd-5392-4620-be39-87c4ae7b6d33" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "52e68421-ebcf-453f-8e42-48813d47dcf6" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "30ccd853-e570-4c61-98d0-4837692d0654" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "ca6dc3b4-45ad-4a17-84c2-06fe7de2936e" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "d447bf80-7c6e-4e16-9f69-a15ed7eafd92" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "43d6e18f-7d4e-43f5-af7f-ea6d07d37299" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "e499f145-1fad-49e2-9403-f50a2a9801e8" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "14555491-0f15-428b-9ecd-836c6307675c" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "70ccf1af-4cad-443a-9dcd-9b49c4b6aec8" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "50272033-eb78-4309-84e0-303320d75b87" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "025d84e9-5612-404e-acf4-5d860c01a73c" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "cc087e48-874b-4953-adcc-96fac3f19306" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "b6ed1637-26e3-4278-9552-89601f278d8c" }, { "control": "02cc6244-c9d8-4db1-aeb3-a05933207c9d", "match": "f3cc0b06-2294-49fe-aca4-3eb929cc87eb" }, { "control": "02cc6244-c9d8-4db1-aeb3-a05933207c9d", "match": "d0557646-d1eb-4d79-8670-b1cdaf1072be" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "1b2e1483-0a0e-4c84-ad44-42db07d6172f" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "5dad70d6-04e6-4ad0-9c32-c565e40329ad" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "a33021fe-acc7-43cb-9556-8d0ccfe41cf1" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "4797690e-c2e2-4106-878e-14d789fe1b06" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "6938d14b-381c-4077-9505-7c33c62b6e34" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "ac363e88-daae-4198-aa53-f704e103ef02" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "d80f59b0-9c5f-4ca8-b18f-9e07f791e66e" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "a3829b6b-d219-4f77-9da6-528349ddd6e4" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "6eadc9b8-2337-4847-ace5-f68686199ee7" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "d9e23dad-dcf3-4def-86e9-5af6a6d631ce" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "41ba0004-50a7-44bb-9ca4-5f84ce06e4c0" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "f3a16482-f15d-49ea-b206-b3f7400513fd" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "108a06d5-4b5d-4728-9823-d106445d8880" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "cb78c641-26f3-4a31-bcec-ab7ffdeafef2" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "be303727-2dc9-4e23-a026-282fa8012ed6" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "714ae5c2-00a0-4163-b949-699dfd3ab8a0" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "f98811b7-6972-4372-96b0-4f13bb8d49d6" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "b5a7b5c7-6c5b-4014-b30c-6fe8325b564c" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "1dfd046a-a422-4089-9fda-c141e865042a" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "01096bf7-a45e-40d9-851e-72a6b8d7344a" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "b705c1c5-aee2-4cb0-9f55-f045fc627f34" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "5278ff6f-473b-4a2c-8234-1a6a3198c701" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "3bffd1eb-e6a7-47ad-927a-0d679048ed5a" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "a6a327ee-3850-4c6c-8828-03cbe4ac83df" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "76c33e82-04e2-4ee5-88c6-40939d8349a7" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "e2323e31-d4c5-4f58-8de3-529d41c7fde6" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "6c55f12d-0f58-4caf-9c27-91c38d3620e3" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "3b076d55-a168-4e4e-ba44-cac820929399" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "f929ec71-03e0-40a2-92eb-4078894a18a2" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "a6586afd-bc0f-4334-88da-615989665368" }, { "control": "9b355a55-73ce-4d55-8016-d93e3c555a55", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "2fd70998-9247-4efd-923d-276f5c76b3b9" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "8245e3a6-09ee-488a-880f-8d1b811b2091" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "ca6dc3b4-45ad-4a17-84c2-06fe7de2936e" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "8ccaf96b-99b1-4677-be72-1e072cc26ebd" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "0e0864af-bd66-4012-b7ea-75ee7a57ef0b" }, { "control": "70e202bf-2270-4daf-8fb5-4f6fb10de979", "match": "15dfbe37-4a2d-4df7-b00c-f558524b561c" }, { "control": "70e202bf-2270-4daf-8fb5-4f6fb10de979", "match": "8cf0e5df-fb43-4dd0-a65e-d635d5902ffc" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "6f766bc2-750a-4249-89c9-39cf288143d5" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "d8aa0a75-a5b2-4556-9664-5b1d5ea7419c" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "54db3434-c9cc-4a09-90a0-7e94aa29ae61" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "729aa83b-a59b-48a0-b0a0-c592402dcae7" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "64f93d70-568f-404a-a049-b7f37598ec66" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "67e16eb6-14cb-41a4-aea0-8f0dc7ed1023" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "27086d2c-4ed0-4163-89c3-d280559102ea" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "36ae972c-4543-4548-8946-47cb651ed0ef" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "2fd70998-9247-4efd-923d-276f5c76b3b9" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "6922787a-2fcb-4cfe-a3bc-a75e7c49fccd" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "280c9bba-f2e4-401f-911a-cdab227ac433" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "06679cfa-1bfd-436a-b99d-698fb275dfdb" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "15dfbe37-4a2d-4df7-b00c-f558524b561c" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "8047a1c6-e890-4817-982d-04fcdc2820a2" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "8ff7acc4-c71b-4e1d-89f3-0c7db4a5055f" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "5ba61017-362e-411b-929d-c76c27358660" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "a3a1db7e-c1e1-409d-aa9a-e4b4ca925be6" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "e8449cab-54ae-4bd4-8b6e-de2820e8ec4b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "69e93c59-0239-4bc8-8d5f-d2c65c706f46" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "1efbb7bc-a9df-41b0-af65-c8c7cc593246" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "34a2e449-b69d-4f75-a548-8c5faee598b5", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "34a2e449-b69d-4f75-a548-8c5faee598b5", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "34a2e449-b69d-4f75-a548-8c5faee598b5", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf", "match": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "cb39be02-c637-4984-ad59-ad1b5afd7609" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "e48c2a77-93da-4afb-bde7-7bd957196286" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "d4546ede-ed2f-4bbc-a485-150bbdb4e9c2" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a", "match": "8314aca6-82c0-4955-a6d3-78f41146ef15" }, { "control": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "10213f53-5179-42f2-beb6-1364872d983d" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7", "match": "3d9c8de5-f6f2-4a5d-8093-74849dc24a82" }, { "control": "83c3ab70-566c-4bbe-a3b8-940d9fbb5ad7", "match": "e1219fd8-9db2-4297-99da-63be2b433aa8" }, { "control": "2736e702-38ef-439d-9e8b-989ef56f8735", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "e94941eb-31da-40e0-b944-07c43233e7c0", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "5264169d-4e61-40b7-800e-1998f41af781" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "8a174f26-95ff-41dd-8042-039189065395" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "9e62441a-c6d5-4707-a835-6230dc5b0d53" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "5ba61017-362e-411b-929d-c76c27358660" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "c2260bd5-161f-4fb9-8496-0de50c2c3440" }, { "control": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa", "match": "4f08538a-9f7d-422f-aaae-0949bf39c028" }, { "control": "c8de5e1f-7893-42b3-852d-fa4f79bc68fa", "match": "3e0e9ea8-db9d-4825-b76a-17859f2f8e67" } ], "version": 1 } 2019-11-29T08:22:15.611784+00:00 https://objects.monarc.lu/object/get/29 NIST Core - ISO/IEC 27002 2021-01-17T22:00:06.098536+00:00 MONARC { "label": "NIST - ISO/IEC 27002", "refs": [ "https://www.nist.gov/cyberframework/framework" ], "uuid": "47c88411-1870-4b86-99e9-6e2325a28559", "values": [ { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "231fc2b1-80c2-450e-9d80-f804f5a8984c", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "267fc90c-f705-11e8-b555-0800279aaa2b" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "267fc94c-f705-11e8-b555-0800279aaa2b" }, { "control": "f4f7466f-0ae6-4867-a2ee-6be4e1f02329", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "b0cebf68-a023-40af-ba24-e59bd4a45c90", "match": "267fd3e3-f705-11e8-b555-0800279aaa2b" }, { "control": "57e92f7c-f5ed-4611-a1be-d7f4e1456f9c", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "50fc2488-b730-48ae-abf8-93e60f141404", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "766520fa-3439-4382-babc-eb7d9d6b1f52", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "46555297-7af1-4d59-ac07-6e627aef4dda", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "eaa4fb9d-e687-41a0-8d4b-1ca972bed10a", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "75942c69-3336-4e82-bf59-515aaa6e3513", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "7a4074cc-5b40-486a-9a52-6b49be7f95e6", "match": "267fc596-f705-11e8-b555-0800279aaa2b" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "29613b2e-8def-417e-85fa-31aa5ef5de3b", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe08b-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe307-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "4e2499c0-d23d-4977-9e9f-6323af31be24", "match": "267fe510-f705-11e8-b555-0800279aaa2b" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "cc6aad46-1887-4da6-93e3-c707be07b9f5", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "0550c268-534a-4311-920d-84466e4865c4", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "7c09a9bf-407c-4509-94c0-af8314fc3b86", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "6d0bfd47-88dc-484a-aed8-196eaa12c4db", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "03dee2e6-285f-44e4-acc5-2388f62584a5", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "b9d19a14-74ab-46ae-8456-189d1a180dbf", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "267fc8cc-f705-11e8-b555-0800279aaa2b" }, { "control": "1e5aa8d3-b1e9-43e0-9e7e-54bdadac89ea", "match": "267fe959-f705-11e8-b555-0800279aaa2b" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "f6d606f5-9a22-4a53-87c1-ebe36f4fe939", "match": "267fd16b-f705-11e8-b555-0800279aaa2b" }, { "control": "aa988775-7261-412e-bbee-bfd90db78a59", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fe782-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fcc3c-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "a6b301ed-e0c1-467d-8e42-e2796c64b785", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcd30-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcdec-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "382fe4f1-9f05-4169-a343-2c961a8cf359", "match": "267fd7a0-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fd9d0-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fda0e-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "7ec8092e-3e41-43e0-a8b2-c42b980dd29b", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "8feec5e9-c2b2-465b-8fa3-8b65b6a09fcb", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "800fc6f9-e574-4152-89e6-30bae7da4adc", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "d44d0823-1523-457a-b028-6ea0da3adb34", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd899-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd6e4-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd761-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd954-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fd8d8-f705-11e8-b555-0800279aaa2b" }, { "control": "14aab29b-4760-4f32-ad21-06367a8ea05e", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "01d259f0-ece0-4f7c-91bf-d09844c576cc", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "6386d5df-56f8-46ad-b181-e870491004a5", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "4879e4fb-cd0e-4968-8dd2-4b6dbe977cdc", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "987e9304-80fd-4470-b8b4-213f41a0a957", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "92a81683-1877-48d3-9d5a-c7c0ddd9852b", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "d798a390-f23a-4bbc-abe5-588ab58811c6", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "38022045-6812-4623-8409-7a9d6b3f7ce8", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "acfea27c-c6d5-421a-9ae4-2db82610cc41", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "267fd1a8-f705-11e8-b555-0800279aaa2b" }, { "control": "e4380999-3c82-4b85-86cd-86f1f37f97ab", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd0b1-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd659-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd69f-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd993-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd917-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fdbf1-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fda8c-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fcdac-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd85b-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd462-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fc77e-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "e760c443-e572-43cb-bf5b-8aeb3b42ef65", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fd4ac-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "e5b116b5-b806-4863-92ba-d8c2f477813b", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "6604ef4c-a1d7-43d2-90e4-d2b8d97d880f", "match": "267fd0ef-f705-11e8-b555-0800279aaa2b" }, { "control": "892d5462-ee77-4379-ab88-a78f3eff45c1", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "30a7a092-3e00-4d33-aec2-66d019c2ff03", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fe6b9-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fda50-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fe8a1-f705-11e8-b555-0800279aaa2b" }, { "control": "7cd438b8-038b-4f1f-a431-a1a1a83e009c", "match": "267fdf36-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdc38-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "6f6442e8-952b-4a13-9e97-7c233a7b2a1c", "match": "267fdcf3-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fd272-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "2e411d93-1836-4dbc-baf1-a747d2a9915a", "match": "267fe37d-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fcd6f-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fce44-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fce8a-f705-11e8-b555-0800279aaa2b" }, { "control": "f01b50b8-0e54-4f8f-afee-0ec56f788a42", "match": "267fcecb-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fd369-f705-11e8-b555-0800279aaa2b" }, { "control": "0fd12bc3-c80d-4baa-bc1b-a7fbfb152f86", "match": "267fcf90-f705-11e8-b555-0800279aaa2b" }, { "control": "bb1c6655-a3fc-4d43-8e1b-50f5e418c1aa", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "ac4be007-d8cb-4da5-9a84-118c2841a6f5", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fdf76-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "4fe097cd-e0c0-4698-a209-43ffb553a279", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f85702-5874-4361-beec-45d00b379c5b", "match": "267fe022-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fca6b-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcaad-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fc6f7-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcb29-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcb79-f705-11e8-b555-0800279aaa2b" }, { "control": "4279b240-b560-4632-a557-9af1322930fd", "match": "267fcbce-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fdc8c-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "48d2b0ff-ebc0-445b-8f20-3ae47d43242c", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcfdf-f705-11e8-b555-0800279aaa2b" }, { "control": "6da92eea-2f74-458f-a643-361df7ea9f2f", "match": "267fcf4f-f705-11e8-b555-0800279aaa2b" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "267fcf0a-f705-11e8-b555-0800279aaa2b" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "267fc88e-f705-11e8-b555-0800279aaa2b" }, { "control": "831f20de-eadb-44a7-82f3-fcb116d8cb69", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd567-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fd610-f705-11e8-b555-0800279aaa2b" }, { "control": "3dcdd5d1-48e8-4b66-8567-65e0f0c8be4a", "match": "267fe660-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fc9c9-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fca19-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fe71a-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fd32a-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fd421-f705-11e8-b555-0800279aaa2b" }, { "control": "0f278ef8-3a97-4e0e-bc30-66d530bdea47", "match": "267fd7dd-f705-11e8-b555-0800279aaa2b" }, { "control": "02cc6244-c9d8-4db1-aeb3-a05933207c9d", "match": "267fd81b-f705-11e8-b555-0800279aaa2b" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "267fd3a6-f705-11e8-b555-0800279aaa2b" }, { "control": "6b2a7cc7-c35a-4020-92d8-5935e1229676", "match": "267fd4ed-f705-11e8-b555-0800279aaa2b" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "267fdfbe-f705-11e8-b555-0800279aaa2b" }, { "control": "3e3e542a-67b2-4a77-b09b-9dc9b977cd8e", "match": "267fea72-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd029-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd073-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd2b1-f705-11e8-b555-0800279aaa2b" }, { "control": "24ac8920-3747-45bb-b9d1-1ca0d1d84d3f", "match": "267fd2ee-f705-11e8-b555-0800279aaa2b" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "69f50c12-9eab-4305-be4f-97a2002ccc0c", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "31dc508e-664e-4173-8757-00ec985115c8", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "3f6e72ed-2984-452d-badd-5563acbf0450", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "52d551ef-7334-45a3-9dd7-0b8d239ba1f6", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "267fcca4-f705-11e8-b555-0800279aaa2b" }, { "control": "dec6cf8c-1714-45f4-bfd2-23a049fb9b35", "match": "267fcce9-f705-11e8-b555-0800279aaa2b" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "a8f83595-0327-4e24-9557-0e8d9b82856f", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "70e202bf-2270-4daf-8fb5-4f6fb10de979", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "267fdb18-f705-11e8-b555-0800279aaa2b" }, { "control": "54eeaae4-2b82-43ce-9a61-40d453116d8d", "match": "267fe8fe-f705-11e8-b555-0800279aaa2b" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "bbb99e89-ee33-46fc-bc03-1582631210c4", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "267fdd55-f705-11e8-b555-0800279aaa2b" }, { "control": "e4f36efd-2e64-4ee8-9fd1-af2bec0b68d0", "match": "267fd12f-f705-11e8-b555-0800279aaa2b" }, { "control": "ebc0b0f8-4403-481f-be4a-7f35ae3cb6be", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "48a13f85-a811-43fa-a0e8-89f67fb2743f", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "267fe3de-f705-11e8-b555-0800279aaa2b" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "267fe58f-f705-11e8-b555-0800279aaa2b" }, { "control": "f9d1a926-5d39-4123-8b83-a94c21ff18e5", "match": "267fe600-f705-11e8-b555-0800279aaa2b" }, { "control": "23e4c883-c358-4b64-8d7e-249c67b7f1f2", "match": "267fe7e9-f705-11e8-b555-0800279aaa2b" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "025611cb-8431-4a9c-a88c-039141472418", "match": "267fde31-f705-11e8-b555-0800279aaa2b" }, { "control": "ad0458f2-c836-4c7d-9d8f-6333fc6af2e9", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "b237b4b1-a21a-4122-b4c8-e068ad58ef21", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "267fc73c-f705-11e8-b555-0800279aaa2b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "267fcaeb-f705-11e8-b555-0800279aaa2b" }, { "control": "cce52cf2-aa85-4f33-8cb8-b0508f452c25", "match": "267fde78-f705-11e8-b555-0800279aaa2b" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "267fc7c0-f705-11e8-b555-0800279aaa2b" }, { "control": "30ff804b-d8e2-44da-a49e-bb1a39e5f81a", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "2d88bd60-ff72-40cc-a2b4-ae7c9cbd2a68", "match": "267fddeb-f705-11e8-b555-0800279aaa2b" }, { "control": "bb37f7e5-ff5d-4b9a-a621-dfb26f3fccaf", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "267fd529-f705-11e8-b555-0800279aaa2b" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "267fd5ae-f705-11e8-b555-0800279aaa2b" }, { "control": "e6ab0d96-2ced-445d-a19f-97710b2cc346", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "0c7c3558-9c78-4bcc-816b-9123c899b653", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "cf3d3d41-f0d5-4eb9-b6c5-537d72ea645a", "match": "267fdef6-f705-11e8-b555-0800279aaa2b" }, { "control": "1ea30a61-92f4-4ae0-a349-3f947bf0dc94", "match": "267fe9b4-f705-11e8-b555-0800279aaa2b" }, { "control": "2736e702-38ef-439d-9e8b-989ef56f8735", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "2736e702-38ef-439d-9e8b-989ef56f8735", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "e94941eb-31da-40e0-b944-07c43233e7c0", "match": "267fd22e-f705-11e8-b555-0800279aaa2b" }, { "control": "e94941eb-31da-40e0-b944-07c43233e7c0", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "0de24c0a-53cb-4481-9b8d-fccc252e4f03", "match": "267fdda3-f705-11e8-b555-0800279aaa2b" }, { "control": "01314572-becc-4780-945f-9ed3a40af900", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "f0753789-bcc3-4f66-9bb5-b6179bb367de", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "0d124100-372e-429b-9e2f-d12211f005e1", "match": "267fea11-f705-11e8-b555-0800279aaa2b" }, { "control": "52ab8937-c260-4cf3-a807-ce1381afa4c9", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "421b5608-0f1d-4de5-b646-ff9538f8493f", "match": "267fdeb8-f705-11e8-b555-0800279aaa2b" }, { "control": "771e3059-9eb4-4313-94b4-f0e8fa102498", "match": "267fc80f-f705-11e8-b555-0800279aaa2b" } ], "version": 1 } 2019-11-29T09:10:50.441030+00:00 https://objects.monarc.lu/object/get/5116 Preventive Measure 2021-01-17T22:00:06.097033+00:00 MISP { "authors": [ "Various" ], "label": "Preventive Measure", "uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65", "values": [ { "code": "Backup and Restore Process", "description": "Make sure to have adequate backup processes on place and frequently test a restore of these backups.(Schr\u00f6dinger's backup - it is both existent and non-existent until you've tried a restore", "meta": { "complexity": "Medium", "effectiveness": "High", "impact": "Low", "refs": [ "http://windows.microsoft.com/en-us/windows/back-up-restore-faq#1TC=windows-7." ], "type": [ "Recovery" ] }, "uuid": "5f942376-ea5b-4b23-9c26-81d3aeba7fb4" }, { "code": "Block Macros", "description": "Disable macros in Office files downloaded from the Internet. This can be configured to work in two different modes:A.) Open downloaded documents in 'Protected View'B.) Open downloaded documents and block all macros", "meta": { "complexity": "Low", "effectiveness": "High", "impact": "Low", "refs": [ "https://support.office.com/en-us/article/Enable-or-disable-macros-in-Office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6?ui=en-US&rs=en-US&ad=US", "https://www.404techsupport.com/2016/04/office2016-macro-group-policy/?utm_source=dlvr.it&utm_medium=twitter" ], "type": [ "GPO" ] }, "uuid": "79563662-8d92-4fd1-929a-9b8926a62685" }, { "code": "Disable WSH", "description": "Disable Windows Script Host", "meta": { "complexity": "Low", "effectiveness": "Medium", "impact": "Medium", "possible_issues": "Administrative VBS scripts on Workstations", "refs": [ "http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Customization/DisableWindowsScriptingHostWSH.html" ], "type": [ "GPO" ] }, "uuid": "e6df1619-f8b3-476c-b5cf-22b4c9e9dd7f" }, { "code": "Filter Attachments Level 1", "description": "Filter the following attachments on your mail gateway:.ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .ht, .hta, .inf, .ins, .isp, .jar, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .ocx, .pcd, .ps1, .reg, .scr, .sct, .shs, .svg, .url, .vb, .vbe, .vbs, .wbk, .wsc, .ws, .wsf, .wsh, .exe, .pif, .pub", "meta": { "complexity": "Low", "effectiveness": "Medium", "impact": "Low", "type": [ "Mail Gateway" ] }, "uuid": "7055b72b-b113-4f93-8387-e6f58ce5fc92" }, { "code": "Filter Attachments Level 2", "description": "Filter the following attachments on your mail gateway:(Filter expression of Level 1 plus) .doc, .xls, .rtf, .docm, .xlsm, .pptm", "meta": { "complexity": "Low", "effectiveness": "High", "impact": "High", "possible_issues": "Office Communication with old versions of Microsoft Office files (.doc, .xls) ", "type": [ "Mail Gateway" ] }, "uuid": "8c9bbbf5-a321-4eb1-8c03-a399a9687687" }, { "code": "Restrict program execution", "description": "Block all program executions from the %LocalAppData% and %AppData% folder", "meta": { "complexity": "Medium", "effectiveness": "Medium", "impact": "Medium", "possible_issues": "Web embedded software installers", "refs": [ "http://www.fatdex.net/php/2014/06/01/disable-exes-from-running-inside-any-user-appdata-directory-gpo/", "http://www.thirdtier.net/ransomware-prevention-kit/" ], "type": [ "GPO" ] }, "uuid": "6a234b1d-8e86-49c4-91d6-cc3be3d04f74" }, { "code": "Show File Extensions", "description": "Set the registry key \"HideFileExt\" to 0 in order to show all file extensions, even of known file types. This helps avoiding cloaking tricks that use double extensions. (e.g. \"not_a_virus.pdf.exe\")", "meta": { "complexity": "Low", "effectiveness": "Low", "impact": "Low", "refs": [ "http://www.sevenforums.com/tutorials/10570-file-extensions-hide-show.htm" ], "type": [ "User Assistence" ] }, "uuid": "5b911d46-66c8-4180-ab97-663a0868264e" }, { "code": "Enforce UAC Prompt", "description": "Enforce administrative users to confirm an action that requires elevated rights", "meta": { "complexity": "Low", "effectiveness": "Medium", "impact": "Low", "possible_issues": "administrator resentment", "refs": [ "https://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx" ], "type": [ "GPO" ] }, "uuid": "3f8c55db-611e-4831-b624-f9cbdc3b0e11" }, { "code": "Remove Admin Privileges", "description": "Remove and restrict administrative rights whenever possible. Malware can only modify files that users have write access to.", "meta": { "complexity": "Medium", "effectiveness": "Medium", "impact": "Medium", "possible_issues": "Higher administrative costs", "type": [ "Best Practice" ] }, "uuid": "168f94d3-4ffc-4ea6-8f2e-8ba699f0fef6" }, { "code": "Restrict Workstation Communication", "description": "Activate the Windows Firewall to restrict workstation to workstation communication", "meta": { "complexity": "Medium", "effectiveness": "Low", "impact": "Low", "type": [ "Best Practice" ] }, "uuid": "fb25c345-0cee-4ae7-ab31-c1c801cde1c2" }, { "code": "Sandboxing Email Input", "description": "Using sandbox that opens email attachments and removes attachments based on behavior analysis", "meta": { "complexity": "Medium", "effectiveness": "High", "type": [ "Advanced Malware Protection" ] }, "uuid": "7960740f-71a5-42db-8a1a-1c7ccbf83349" }, { "code": "Execution Prevention", "description": "Software that allows to control the execution of processes - sometimes integrated in Antivirus softwareFree: AntiHook, ProcessGuard, System Safety Monitor", "meta": { "complexity": "Medium", "effectiveness": "Medium", "type": [ "3rd Party Tools" ] }, "uuid": "bfda0c9e-1303-4861-b028-e0506dd8861c" }, { "code": "Change Default \"Open With\" to Notepad", "description": "Force extensions primarily used for infections to open up in Notepad rather than Windows Script Host or Internet Explorer", "meta": { "complexity": "Low", "effectiveness": "Medium", "impact": "Medium", "possible_issues": "Some extensions will have legitimate uses, e.g., .vbs for logon scripts.", "refs": [ "https://bluesoul.me/2016/05/12/use-gpo-to-change-the-default-behavior-of-potentially-malicious-file-extensions/" ], "type": [ "GPO" ] }, "uuid": "3b7bc1b2-e04f-4492-b3b1-87bb6701635b" }, { "code": "File Screening", "description": "Server-side file screening with the help of File Server Resource Manager", "meta": { "complexity": "Low", "effectiveness": "Medium", "impact": "Low", "refs": [ "http://jpelectron.com/sample/Info%20and%20Documents/Stop%20crypto%20badware%20before%20it%20ruins%20your%20day/1-PreventCrypto-Readme.htm" ], "type": [ "Monitoring" ] }, "uuid": "79769940-7cd2-4aaa-80da-b90c0372b898" }, { "code": "Restrict program execution #2", "description": "Block program executions (AppLocker)", "meta": { "complexity": "Medium", "effectiveness": "Medium", "impact": "Medium", "possible_issues": "Configure & test extensively", "refs": [ "https://technet.microsoft.com/en-us/library/dd759117%28v=ws.11%29.aspx", "http://social.technet.microsoft.com/wiki/contents/articles/5211.how-to-configure-applocker-group-policy-to-prevent-software-from-running.aspx" ], "type": [ "GPO" ] }, "uuid": "feb6cddb-4182-4515-94dc-0eadffcdc098" }, { "code": "EMET", "description": "Detect and block exploitation techniques", "meta": { "complexity": "Medium", "effectiveness": "Medium", "impact": "Low", "refs": [ "www.microsoft.com/emet", "http://windowsitpro.com/security/control-emet-group-policy" ], "type": [ "GPO" ] }, "uuid": "5f0a749f-88f2-4e6e-8fd8-46307f8439f6" }, { "code": "Sysmon", "description": "Detect Ransomware in an early stage with new Sysmon 5 File/Registry monitoring", "meta": { "complexity": "Medium", "effectiveness": "Low", "impact": "Low", "refs": [ "https://twitter.com/JohnLaTwC/status/799792296883388416" ], "type": [ "3rd Party Tools" ] }, "uuid": "1b1e5664-4250-459b-adbb-f0b33f64bf7e" }, { "code": "Blacklist-phone-numbers", "description": "Filter the numbers at phone routing level including PABX", "meta": { "complexity": "Low", "effectiveness": "Medium", "impact": "Medium", "refs": [ "https://wiki.freepbx.org/display/FPG/Blacklist+Module+User+Guide#BlacklistModuleUserGuide-ImportingorExportingaBlacklistinCSVFileFormat" ] }, "uuid": "123e20c5-8f44-4de5-a183-6890788e5a81" }, { "code": "ACL", "description": "Restrict access to shares users should not be allowed to write to", "meta": { "complexity": "Medium", "effectiveness": "Medium", "impact": "Medium", "refs": [ "https://docs.microsoft.com/en-us/windows/desktop/secauthz/access-control-lists" ] }, "uuid": "3e7a7fb5-8db2-4033-8f4f-d76721819765" } ], "version": 3 } 2019-12-05T20:37:27.056639+00:00 https://objects.monarc.lu/object/get/68 The system can be accessed by everyone 2021-01-17T22:00:06.096840+00:00 MONARC { "code": "1030", "description": "", "label": "The system can be accessed by everyone", "mode": 0, "status": 1, "uuid": "69fbff51-4591-11e9-9173-0800277f0571" } 2019-12-19T13:52:05.327038+00:00 https://objects.monarc.lu/object/get/65 No access rules 2021-01-17T22:00:06.096632+00:00 MONARC { "code": "1028", "description": "", "label": "No access rules", "mode": 0, "status": 1, "uuid": "69fbff25-4591-11e9-9173-0800277f0571" } 2019-12-19T13:52:05.332409+00:00 https://objects.monarc.lu/object/get/5121 Normes minimales sécurité de l'information et vie privée (MNM) 2021-01-17T22:00:06.095491+00:00 NRB { "label": "Normes minimales s\u00e9curit\u00e9 de l'information (MNM)", "uuid": "a7834009-a391-47ee-ba09-dcc2661d2d95", "values": [ { "category": "Principes cl\u00e9s", "code": "5.1.1", "label": "Toute organisation doit int\u00e9grer les principes cl\u00e9s dans sa politique de s\u00e9curit\u00e9 de l\u2019information.", "uuid": "179fef25-18e6-4c6b-8cab-a0b7e99d1b73" }, { "category": "Politique de s\u00e9curit\u00e9 de l\u2019information", "code": "5.2.1", "label": "Information Security Policy3", "uuid": "983a2145-207d-4299-86d6-204c595c69a6" }, { "category": "Politique de s\u00e9curit\u00e9 de l\u2019information", "code": "5.2.2", "label": "Evaluation des risques", "uuid": "6b75904a-f7d1-4fba-8eee-eb1662318dcb" } ], "version": 1 } 2019-12-19T15:52:45.183414+00:00 https://objects.monarc.lu/object/get/5108 CNIL [fr] 2021-01-17T22:00:06.090999+00:00 MONARC { "label": "CNIL", "language": "FR", "refs": [ "https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-fr-basesdeconnaissances.pdf" ], "uuid": "8d24c5ef-0748-4689-b189-3a4e505e3065", "values": [ { "code": "Acc\u00e8s logique_01", "description": "G\u00e9rer les profils d'utilisateurs en s\u00e9parant les t\u00e2ches et les domaines de responsabilit\u00e9, de pr\u00e9f\u00e9rence de mani\u00e8re centralis\u00e9e, afin de limiter l'acc\u00e8s aux donn\u00e9es aux seuls utilisateurs habilit\u00e9s, en appliquant les principes du besoin d'en conna\u00eetre et du moindre privil\u00e8ge.", "uuid": "e118a3c6-7482-4211-b7ec-299efd46138f" }, { "code": "Acc\u00e8s logique_02", "description": "Identifier toute personne ayant un acc\u00e8s l\u00e9gitime aux donn\u00e9es (employ\u00e9s, contractants et autres tiers) par un identifiant unique.", "uuid": "26276cb1-c4e4-467d-b408-54c2d319880e" }, { "code": "Acc\u00e8s logique_03", "description": "Dans le cas o\u00f9 l'utilisation d'identifiants g\u00e9n\u00e9riques ou partag\u00e9s est incontournable, obtenir une validation de la hi\u00e9rarchie et mettre en oeuvre des moyens de tra\u00e7abilit\u00e9 de l'utilisation de ce type d'identifiant.", "uuid": "ceaf2533-f871-401b-9152-22176215a30c" }, { "code": "Acc\u00e8s logique_04", "description": "Limiter l'acc\u00e8s aux outils et interfaces d'administration aux personnes habilit\u00e9es.", "uuid": "e6ebe368-9a36-4fe6-b5d5-868debdf6111" }, { "code": "Acc\u00e8s logique_05", "description": "Limiter l'utilisation des comptes permettant de disposer de privil\u00e8ges \u00e9lev\u00e9s aux op\u00e9rations qui le n\u00e9cessitent.", "uuid": "93a2aa2a-c3e8-4e30-8bb3-ee2d361397f5" }, { "code": "Acc\u00e8s logique_06", "description": "Limiter l'utilisation des comptes \u00ab administrateurs \u00bb au service en charge de l'informatique, et ce, uniquement pour les actions d'administration qui le n\u00e9cessitent.", "uuid": "0b18bac6-9fb1-4192-975e-21b0e72e1bf4" }, { "code": "Acc\u00e8s logique_07", "description": "Chaque compte, et d'autant plus s'il a des privil\u00e8ges \u00e9lev\u00e9s (ex : compte administrateur), doit avoir un mot de passe propre.", "uuid": "bf0202ac-622c-42fc-9ea0-3110e0bb43b6" }, { "code": "Acc\u00e8s logique_08", "description": "Journaliser les informations li\u00e9es \u00e0 l'utilisation des privil\u00e8ges.", "uuid": "44d19a09-c60f-418c-8f5b-4ebd68313bb2" }, { "code": "Acc\u00e8s logique_09", "description": "R\u00e9aliser une revue annuelle des privil\u00e8ges afin d'identifier et de supprimer les comptes non utilis\u00e9s, et de r\u00e9aligner les privil\u00e8ges sur les fonctions de chaque utilisateur.", "uuid": "fea2a14d-15c4-4336-887b-952b2e53a659" }, { "code": "Acc\u00e8s logique_10", "description": "Retirer les droits des employ\u00e9s, contractants et autres tiers d\u00e8s lors qu'ils ne sont plus habilit\u00e9s \u00e0 acc\u00e9der \u00e0 un local ou \u00e0 une ressource ou \u00e0 la fin de leur contrat, et les ajuster en cas de changement de poste. Pour les personnes ayant un compte temporaire (stagiaire, prestataire...), configurer une date d'expiration \u00e0 la cr\u00e9ation du compte.", "uuid": "3567ae95-f967-4d83-b8a5-2e128eb8a4bb" }, { "code": "Acc\u00e8s logique_11", "description": "Choisir un moyen d'authentification pour les ouvertures de session, adapt\u00e9 au contexte, au niveau des risques et \u00e0 la robustesse attendue.", "uuid": "f5fa7cf6-962a-4479-b4dd-b4055940c4c3" }, { "code": "Acc\u00e8s logique_12", "description": "Interdire que les mots de passe utilis\u00e9s apparaissent en clair dans les programmes, fichiers, scripts, traces ou fichiers journaux, ou \u00e0 l'\u00e9cran lors de leur saisie.", "uuid": "109dcedb-1be9-450e-b27f-7e51ee709bac" }, { "code": "Acc\u00e8s logique_13", "description": "D\u00e9terminer les actions \u00e0 entreprendre en cas d'\u00e9chec de l'authentification.", "uuid": "9faa0ed5-8a85-40d1-93a0-ed2e7d0fcf4e" }, { "code": "Acc\u00e8s logique_14", "description": "Limiter l'authentification par identifiants et mots de passe au contr\u00f4le de l'acc\u00e8s au poste de travail (d\u00e9verrouillage uniquement).", "uuid": "d04e18d8-0db0-4a6d-8e2b-9d8ffedd8e61" }, { "code": "Acc\u00e8s logique_15", "description": "Authentifier le poste de travail aupr\u00e8s du syst\u00e8me d'information distant (serveurs) \u00e0 l'aide de m\u00e9canismes cryptographiques.", "uuid": "84390e07-d195-4fe0-8e39-84c29b418224" }, { "code": "Acc\u00e8s logique_16", "description": "Adopter une politique de mots de passe, la mettre en oeuvre et la contr\u00f4ler automatiquement dans la mesure o\u00f9 les applications et les ressources le permettent, et y sensibiliser les utilisateurs.", "uuid": "679cdcd4-b5cc-449d-8570-9767ac8b9050" }, { "code": "Acc\u00e8s logique_17", "description": "Adopter une politique sp\u00e9cifique de mots de passe pour les administrateurs, la mettre en oeuvre et la contr\u00f4ler automatiquement dans la mesure o\u00f9 les applications et les ressources le permettent, et y sensibiliser les administrateurs.", "uuid": "ed213665-55a1-4e17-b48d-14ed86eae184" }, { "code": "Acc\u00e8s logique_18", "description": "Modifier imm\u00e9diatement apr\u00e8s installation d'une application ou d'un syst\u00e8me les mots de passe par d\u00e9faut.", "uuid": "91202b19-adc1-41fc-955d-654b03c724a8" }, { "code": "Acc\u00e8s logique_19", "description": "Cr\u00e9er chaque compte utilisateur avec un mot de passe initial al\u00e9atoire unique, le transmettre de mani\u00e8re s\u00e9curis\u00e9e \u00e0 l'utilisateur, par exemple en utilisant deux canaux s\u00e9par\u00e9s (papier et autres) ou une \u00ab case \u00e0 gratter \u00bb, et le contraindre \u00e0 le modifier lors de sa premi\u00e8re connexion et lorsqu'un nouveau mot de passe lui est fourni (par exemple en cas d'oubli).", "uuid": "8f0e75d1-19d5-4e35-9517-b4c4e600a082" }, { "code": "Acc\u00e8s logique_20", "description": "Stocker les informations d'authentification (mots de passe d'acc\u00e8s aux syst\u00e8mes d'information, cl\u00e9s priv\u00e9es li\u00e9es aux certificats \u00e9lectroniques) de fa\u00e7on \u00e0 \u00eatre accessibles uniquement par des utilisateurs autoris\u00e9s.", "uuid": "852a4c9c-8240-42cc-9581-038a410112cc" }, { "code": "Acc\u00e8s logique_21", "description": "Dans le cas o\u00f9 de nombreux mots de passe ou secrets (cl\u00e9s priv\u00e9es, certificats, etc.) doivent \u00eatre utilis\u00e9s, mettre en place une solution d'authentification centralis\u00e9e, de mots de passe \u00e0 usage unique ou de coffres-forts s\u00e9curis\u00e9s.", "uuid": "32fc5d12-b90c-48aa-8332-006131cfb16b" }, { "code": "Acc\u00e8s physique_01", "description": "Distinguer les zones des b\u00e2timents selon les risques.", "uuid": "8610c9a9-2dc5-4a26-b06c-80b00a4809a4" }, { "code": "Acc\u00e8s physique_02", "description": "Tenir \u00e0 jour une liste des personnes (visiteurs, employ\u00e9s, employ\u00e9s habilit\u00e9s, stagiaires, prestataires, etc.) autoris\u00e9es \u00e0 p\u00e9n\u00e9trer dans chaque zone.", "uuid": "abdffe63-1cf7-4e8c-b2c1-f1f4a6f97aa1" }, { "code": "Acc\u00e8s physique_03", "description": "Choisir des moyens d'authentification des collaborateurs proportionnels aux risques selon chaque zone.", "uuid": "5873e81e-f01e-4be4-ac19-4a1da00c6e7a" }, { "code": "Acc\u00e8s physique_04", "description": "Choisir des moyens d'authentification des visiteurs (personnes venant en r\u00e9union, prestataires externes, auditeurs, etc.) proportionnels aux risques selon chaque zone.", "uuid": "c4ccc241-19ee-4e8f-8531-6cbcd88aa702" }, { "code": "Acc\u00e8s physique_05", "description": "D\u00e9terminer les actions \u00e0 entreprendre en cas d'\u00e9chec de l'authentification (impossible de v\u00e9rifier une identit\u00e9, d\u00e9faut d'habilitation \u00e0 p\u00e9n\u00e9trer dans une zone s\u00e9curis\u00e9e, etc.).", "uuid": "1e71ff0f-e62b-41f6-9dfa-0adda57a4e39" }, { "code": "Acc\u00e8s physique_06", "description": "Conserver une trace des acc\u00e8s apr\u00e8s en avoir inform\u00e9 les personnes concern\u00e9es.", "uuid": "707fc241-d84c-445d-b2ad-00a5b2e3d52f" }, { "code": "Acc\u00e8s physique_07", "description": "Faire accompagner les visiteurs, en dehors des zones d'accueil du public (depuis leur entr\u00e9e, pendant leur visite et jusqu'\u00e0 leur sortie des locaux) par une personne appartenant \u00e0 l'organisme.", "uuid": "6e9286ef-e3e7-4dfe-b609-7ec4edda92fa" }, { "code": "Acc\u00e8s physique_08", "description": "Prot\u00e9ger les zones les plus sensibles de mani\u00e8re proportionnelle aux risques.", "uuid": "cc5ceb8c-d72c-4ecf-a307-2aac21144b78" }, { "code": "Acc\u00e8s physique_09", "description": "Installer un dispositif permettant d'\u00eatre alert\u00e9 en cas d'effraction.", "uuid": "0bceee9c-5fa7-4c8e-9350-ab1c55a1934f" }, { "code": "Acc\u00e8s physique_10", "description": "Pr\u00e9voir les moyens de ralentir les personnes qui auraient p\u00e9n\u00e9tr\u00e9 dans une zone dont l'acc\u00e8s leur est interdit, ainsi que les moyens d'intervention dans de telles situations, de telle sorte que le d\u00e9lai d'intervention soit inf\u00e9rieur au temps qu'il faut aux personnes non autoris\u00e9es pour sortir de la zone.", "uuid": "a1679d06-d84a-4808-8d71-51fcd6f796a5" }, { "code": "Anonymisation _01", "description": "D\u00e9terminer ce qui doit \u00eatre anonymis\u00e9 selon le contexte, la forme de stockage des donn\u00e9es (champs d'une base de donn\u00e9es, extraits de textes, etc.) et les risques identifi\u00e9s.", "uuid": "d1fc946c-b3cb-42f4-b9db-5b4ca070d6f9" }, { "code": "Anonymisation _02", "description": "Anonymiser de mani\u00e8re irr\u00e9versible ce qui doit l'\u00eatre, selon la forme des donn\u00e9es \u00e0 anonymiser (base de donn\u00e9es, documents textuels, etc.) et les risques identifi\u00e9s.", "uuid": "19292c60-80ae-4713-8a32-ed2c7aaae607" }, { "code": "Anonymisation _03", "description": "Si ce qui doit \u00eatre anonymis\u00e9 ne peut l'\u00eatre de mani\u00e8re irr\u00e9versible, choisir les outils (suppression partielle, chiffrement, hachage, hachage \u00e0 cl\u00e9, index, etc.) qui satisfont le mieux possible les besoins fonctionnels.", "uuid": "57800e17-0f6e-4480-a3d6-e44dd3998588" }, { "code": "Archivage_01", "description": "V\u00e9rifier que les processus de gestion des archives sont d\u00e9finis.", "uuid": "9ef28197-0cb6-416d-afaf-7f9b24bfc431" }, { "code": "Archivage_02", "description": "V\u00e9rifier que les r\u00f4les en mati\u00e8re d'archivage sont identifi\u00e9s.", "uuid": "edc6df06-9c0c-4247-9aee-f5794fadf4bd" }, { "code": "Archivage_03", "description": "V\u00e9rifier que les mesures prises permettent de garantir, si besoin, l'identification et l'authentification de l'origine des archives, l'int\u00e9grit\u00e9 des archives, l'intelligibilit\u00e9 et la lisibilit\u00e9 des archives, la dur\u00e9e de conservation des archives, la tra\u00e7abilit\u00e9 des op\u00e9rations effectu\u00e9es sur les archives (versement, consultation, migration, \u00e9limination, etc.), la disponibilit\u00e9 et l'accessibilit\u00e9 des archives, les compl\u00e9ter si ce n'est pas le cas.", "uuid": "5acba894-3f1e-493a-8cb4-718d33522093" }, { "code": "Archivage_04", "description": "D\u00e9terminer les moyens de protection de la confidentialit\u00e9 des donn\u00e9es archiv\u00e9es selon les risques identifi\u00e9s.", "uuid": "cebae15e-1aa4-480d-a39f-f35ff6001a6f" }, { "code": "Archivage_05", "description": "V\u00e9rifier que les autorit\u00e9s d'archivage disposent d'une politique d'archivage.", "uuid": "bf78101a-0197-406f-b027-bd5f96751904" }, { "code": "Archivage_06", "description": "V\u00e9rifier qu'il existe une d\u00e9claration des pratiques d'archivage.", "uuid": "28e18337-0c7a-49eb-8436-1f70b01372db" }, { "code": "Chiffrement_01", "description": "D\u00e9terminer ce qui doit \u00eatre chiffr\u00e9 (un disque dur entier, une partition, un conteneur , certains fichiers, des donn\u00e9es d'une base de donn\u00e9es, un canal de communication, etc.) selon la forme de stockage des donn\u00e9es, les risques identifi\u00e9s et les performances exig\u00e9es .", "uuid": "d1491661-134b-41fc-aca3-74937d131809" }, { "code": "Chiffrement_02", "description": "Choisir le type de chiffrement (sym\u00e9trique ou asym\u00e9trique ) selon le contexte et les risques identifi\u00e9s.", "uuid": "5692f3e1-db9a-4127-8ef8-4c48f1b119d1" }, { "code": "Chiffrement_03", "description": "Recourir \u00e0 des solutions de chiffrement bas\u00e9es sur des algorithmes publics r\u00e9put\u00e9s forts.", "uuid": "6b541553-3b6c-4b3e-b904-33d08ba30a53" }, { "code": "Chiffrement_04", "description": "Mettre en place des mesures pour garantir la disponibilit\u00e9, l'int\u00e9grit\u00e9 et la confidentialit\u00e9 des \u00e9l\u00e9ments permettant de r\u00e9cup\u00e9rer des secrets perdus (mots de passe administrateurs, CD de recouvrement, etc.).", "uuid": "c33fa90c-2f64-46ea-bebc-64adcc9312ea" }, { "code": "Chiffrement_05", "description": "N'employer une cl\u00e9 ou bicl\u00e9 de chiffrement que pour un seul usage.", "uuid": "8fad8a50-3f94-4fda-a878-765bf475a13e" }, { "code": "Chiffrement_06", "description": "Formaliser la mani\u00e8re dont les cl\u00e9s de chiffrement vont \u00eatre g\u00e9r\u00e9es.", "uuid": "f0d035bb-bddc-47b8-9d67-5f04fcaddbb9" }, { "code": "Chiffrement_07", "description": "Choisir un m\u00e9canisme de chiffrement reconnu par les organisations comp\u00e9tentes et qui dispose d'une preuve de s\u00e9curit\u00e9.", "uuid": "0854a91c-8dda-492f-a1ec-f113146fd7fc" }, { "code": "Chiffrement_08", "description": "Mettre en place des m\u00e9canismes de v\u00e9rification des certificats \u00e9lectroniques.", "uuid": "4c00cea1-76cb-4b4d-b5cd-a24e3e15a619" }, { "code": "Chiffrement_09", "description": "Prot\u00e9ger la s\u00e9curit\u00e9 de la g\u00e9n\u00e9ration et de l'utilisation des cl\u00e9s de chiffrement en coh\u00e9rence avec leur niveau dans la hi\u00e9rarchie des cl\u00e9s.", "uuid": "0443fb22-930e-430f-a525-2268afbb4f35" }, { "code": "Chiffrement_10", "description": "[postes de travail] Privil\u00e9gier les dispositifs ne stockant pas les cl\u00e9s sur le mat\u00e9riel \u00e0 chiffrer sauf \u00e0 ce que celui-ci mette en oeuvre un dispositif de stockage s\u00e9curis\u00e9 (par exemple une puce TPM pour les ordinateurs portables).", "uuid": "3c48c7fa-a0a7-4b9c-8c4e-94395f1e2ccf" }, { "code": "Chiffrement_11", "description": "[postes de travail] Chiffrer les donn\u00e9es au niveau du syst\u00e8me d'exploitation (chiffrement d'une partition, d'un r\u00e9pertoire ou d'un fichier) ou \u00e0 l'aide d'un logiciel sp\u00e9cialis\u00e9 (chiffrement d'un conteneur).", "uuid": "cedcb402-1a1e-4796-b6ac-ad13a451731a" }, { "code": "Chiffrement_12", "description": "[bases de donn\u00e9es] Chiffrer l'espace de stockage (au niveau mat\u00e9riel, du syst\u00e8me d'exploitation ou de la base de donn\u00e9es) afin de se prot\u00e9ger d'un vol physique, de la donn\u00e9e elle-m\u00eame (chiffrement par l'application) afin de garantir la confidentialit\u00e9 de certaines donn\u00e9es vis-\u00e0-vis des administrateurs eux-m\u00eames. Le chiffrement par la base de donn\u00e9es peut dans le cas d'\u00e9quipes informatiques cloisonn\u00e9es permettre de rendre les donn\u00e9es uniquement accessibles des administrateurs de base de donn\u00e9es sans que les administrateurs syst\u00e8me y aient acc\u00e8s.", "uuid": "8cc0ea9d-1af1-4311-a454-1ba757bbe022" }, { "code": "Chiffrement_13", "description": "[email] Chiffrer les fichiers stock\u00e9s ou les pi\u00e8ces \u00e0 joindre \u00e0 des courriers \u00e9lectroniques.", "uuid": "22226bd6-bb16-4a2b-9c28-fe2775b71914" }, { "code": "Chiffrement_14", "description": "[email] Chiffrer les messages \u00e9lectroniques.", "uuid": "9a562522-6788-46f2-89f3-5927a5954b83" }, { "code": "Chiffrement_15", "description": "[r\u00e9seaux] Chiffrer le canal de communication entre un serveur authentifi\u00e9 et un client distant.", "uuid": "bd2c611c-fb9d-47c6-a2f5-5abe452dde48" }, { "code": "Cloisonnement_01", "description": "Identifier les seules donn\u00e9es utiles \u00e0 chaque processus m\u00e9tier.", "uuid": "dedea729-0c56-41a9-a507-2648cf80d4c9" }, { "code": "Cloisonnement_02", "description": "S\u00e9parer logiquement les donn\u00e9es utiles \u00e0 chaque processus.", "uuid": "c8a70a56-af4d-4cc0-b8de-dc73b8b36396" }, { "code": "Cloisonnement_03", "description": "V\u00e9rifier de mani\u00e8re r\u00e9guli\u00e8re que les donn\u00e9es sont bien cloisonn\u00e9es, et que des destinataires ou des interconnexions n'ont pas \u00e9t\u00e9 ajout\u00e9s.", "uuid": "ffb3ad05-3d82-4d46-9bab-95e5ef88e27d" }, { "code": "Consentement_01", "description": "D\u00e9terminer et justifier les moyens pratiques qui vont \u00eatre mis en oeuvre pour obtenir le consentement des personnes concern\u00e9es ou justifier de l'impossibilit\u00e9 de les mettre en oeuvre.", "uuid": "714cb101-0a63-42bf-9e95-18d0f60ac9c8" }, { "code": "Consentement_02", "description": "S'assurer que le traitement ne puisse pas \u00eatre mis en oeuvre sans consentement.", "uuid": "1344a6be-8017-41ff-bcb2-7eaca1d7d7ca" }, { "code": "Consentement_03", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re libre.", "uuid": "8b658ce9-e207-4fae-ba69-747f393fe8cb" }, { "code": "Consentement_04", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re \u00e9clair\u00e9e et transparente quant aux finalit\u00e9s du traitement.", "uuid": "b0d8f199-46d7-4766-9c5b-ea7ccdfa1007" }, { "code": "Consentement_05", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re sp\u00e9cifique \u00e0 une finalit\u00e9.", "uuid": "5275ce0f-d24e-41b8-9058-d1b4e7ca851e" }, { "code": "Consentement_06", "description": "En cas de sous-traitance, encadrer les obligations de chacun dans un document \u00e9crit, explicite et accept\u00e9 des deux parties.", "uuid": "2d7ac8b6-918d-436e-b7a8-f9e26ca5024e" }, { "code": "Consentement_07", "description": "Recueillir le consentement des parents pour les mineurs de moins de 13 ans.", "uuid": "cf2a0e63-2440-4339-b080-318530142a38" }, { "code": "Consentement_08", "description": "Obtenir le consentement \u00e9clair\u00e9 et expr\u00e8s des personnes concern\u00e9es pr\u00e9alablement \u00e0 la mise en oeuvre du traitement, sauf dans le cas o\u00f9 le traitement repose sur une autre base l\u00e9gale ou que la loi pr\u00e9voit qu'il est interdit de collecter ou de traiter ces donn\u00e9es.", "uuid": "ce24a3e2-a85c-4715-9754-062e27da56ae" }, { "code": "Consentement_09", "description": "[collecte de donn\u00e9es via un site Internet] Pr\u00e9voir un formulaire avec des cases \u00e0 cocher et qui ne sont pas coch\u00e9es par d\u00e9faut (dit \u00ab opt-in \u00bb).", "uuid": "cdf6455d-9bda-431d-bd90-0473cf53bead" }, { "code": "Consentement_10", "description": "[collecte de donn\u00e9es via des cookies] Dans le cas o\u00f9 le cookie n'est pas strictement n\u00e9cessaire \u00e0 la fourniture du service express\u00e9ment demand\u00e9 par l'utilisateur, recueillir le consentement de l'internaute (ex : via une banni\u00e8re en haut d'une page web), une zone de demande de consentement en surimpression sur la page, des cases \u00e0 cocher lors de l'inscription \u00e0 un service en ligne, etc.) apr\u00e8s information de celui-ci et avant le d\u00e9p\u00f4t du cookie.", "uuid": "46cd679f-1d55-49cd-afc3-220518f128b8" }, { "code": "Consentement_11", "description": "[collecte de donn\u00e9es via une application mobile] Recueillir le consentement de l'utilisateur au premier d\u00e9marrage de l'objet ou de l'application mobile.", "uuid": "75482a90-c07c-40da-988b-22614e5a8394" }, { "code": "Consentement_12", "description": "[collecte de donn\u00e9es via une application mobile] Proposer un consentement segment\u00e9 par cat\u00e9gorie de donn\u00e9es ou types de traitement, en distinguant notamment le partage de donn\u00e9es avec d'autres utilisateurs ou avec des soci\u00e9t\u00e9s tierces.", "uuid": "076d2004-99f5-4987-8deb-bfd17e6c1125" }, { "code": "Consentement_13", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de refuser qu'une application puisse le g\u00e9olocaliser de mani\u00e8re syst\u00e9matique.", "uuid": "43e88dac-4872-43d0-8866-24ab14ef68bb" }, { "code": "Consentement_14", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de s\u00e9lectionner quelle application peut utiliser la g\u00e9olocalisation.", "uuid": "3db56638-0ac3-45f4-b423-beb7c651b1ba" }, { "code": "Consentement_15", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de choisir quelles personnes peuvent acc\u00e9der \u00e0 l'information de g\u00e9olocalisation le concernant et avec quelle pr\u00e9cision.", "uuid": "13923ace-5491-414e-8397-bd41fd92ebb1" }, { "code": "Consentement_16", "description": "[publicit\u00e9 cibl\u00e9e] Mettre \u00e0 disposition des utilisateurs des moyens simples et non payants pour accepter ou refuser la diffusion \u00e0 leur \u00e9gard de contenus publicitaires adapt\u00e9s \u00e0 leur comportement de navigation, et choisir les centres d'int\u00e9r\u00eat \u00e0 propos desquels ils souhaiteraient voir s'afficher des offres publicitaires adapt\u00e9es \u00e0 leurs souhaits.", "uuid": "18ea7c10-06db-4457-b137-647cebe240b5" }, { "code": "Consentement_17", "description": "[recherches sur des pr\u00e9l\u00e8vements biologiques identifiants] Si les pr\u00e9l\u00e8vements sont conserv\u00e9s pour un traitement ult\u00e9rieur diff\u00e9rent du traitement initial, s'assurer \u00e9galement du consentement \u00e9clair\u00e9 et expr\u00e8s de la personne concern\u00e9e pour cet autre traitement.", "uuid": "cd22d65f-2bb3-43df-98b2-929903a6628d" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_01", "description": "Identifier les donn\u00e9es dont l'int\u00e9grit\u00e9 doit \u00eatre contr\u00f4l\u00e9e selon les risques identifi\u00e9s.", "uuid": "3cec2c97-10e1-4469-b168-df05844cb77b" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_02", "description": "Choisir un moyen de contr\u00f4ler l'int\u00e9grit\u00e9 selon le contexte, les risques appr\u00e9ci\u00e9s et la robustesse attendue.", "uuid": "40e44f1d-650a-4fee-a79e-3088d695f836" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_03", "description": "D\u00e9finir le moment auquel la fonction est appliqu\u00e9e et celui o\u00f9 le contr\u00f4le d'int\u00e9grit\u00e9 doit \u00eatre effectu\u00e9 selon le d\u00e9roulement du processus m\u00e9tier.", "uuid": "78f01fab-a9d9-44b6-8d86-c37c9be66ca4" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_04", "description": "Lorsque les donn\u00e9es sont envoy\u00e9es dans une base de donn\u00e9es, il est n\u00e9cessaire de mettre en place des mesures d'analyse permettant de pr\u00e9venir les attaques par injection SQL ou de scripts.", "uuid": "9d0be52f-a03a-4807-94ff-8b930954c112" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_05", "description": "Utiliser un m\u00e9canisme de hachage reconnu par les organisations comp\u00e9tentes et qui dispose d'une preuve de s\u00e9curit\u00e9.", "uuid": "98f3804b-00c7-4211-9474-680558ead2a0" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_06", "description": "Recourir \u00e0 des solutions de signature \u00e9lectronique bas\u00e9es sur des algorithmes publics r\u00e9put\u00e9s forts.", "uuid": "623b84d7-b0cd-4716-9c17-5cb027b3e5d8" }, { "code": "Documents papier_01", "description": "Porter une mention visible et explicite sur chaque page des documents contenant des donn\u00e9es sensibles.", "uuid": "1512c36f-aecc-4fa6-979a-a69e31932228" }, { "code": "Documents papier_02", "description": "Porter une mention visible et explicite dans les applications m\u00e9tiers permettant d'acc\u00e9der \u00e0 des donn\u00e9es et permettant de les imprimer.", "uuid": "554dedff-298a-48e9-bf63-0b04f40a6515" }, { "code": "Documents papier_03", "description": "Choisir des supports papier et des proc\u00e9d\u00e9s d'impression appropri\u00e9s aux conditions de conservation (selon la dur\u00e9e de conservation, l'humidit\u00e9 ambiante, etc.).", "uuid": "2186b63f-74b8-48d5-b019-aa553747da34" }, { "code": "Documents papier_04", "description": "R\u00e9cup\u00e9rer les documents imprim\u00e9s contenant des donn\u00e9es imm\u00e9diatement apr\u00e8s leur impression ou effectuer, lorsque c'est possible, une impression s\u00e9curis\u00e9.", "uuid": "6a064432-95d1-4fc9-b6c2-c351c538c0a8" }, { "code": "Documents papier_05", "description": "Limiter la diffusion des documents papier contenant des donn\u00e9es qu'aux personnes ayant le besoin d'en disposer dans le cadre de leur activit\u00e9.", "uuid": "49927122-8e47-45ee-a8e3-8f0c3601e5b1" }, { "code": "Documents papier_06", "description": "Stocker les documents papier contenant des donn\u00e9es dans un meuble s\u00e9curis\u00e9.", "uuid": "5ac9f935-a1d4-47f6-968c-d4fcbd783608" }, { "code": "Documents papier_07", "description": "D\u00e9truire les documents papier contenant des donn\u00e9es et qui ne sont plus utiles \u00e0 l'aide d'un broyeur appropri\u00e9.", "uuid": "c343cc7c-620c-4308-b71f-8d59c7bc71f4" }, { "code": "Documents papier_08", "description": "N'envoyer que les documents papier contenant des donn\u00e9es n\u00e9cessaires au traitement.", "uuid": "948ebbc4-cd89-44e6-8592-5bf5809255b8" }, { "code": "Documents papier_09", "description": "Garder une trace pr\u00e9cise de la transmission des documents papier contenant des donn\u00e9es.", "uuid": "ca01e8c9-4113-444b-9493-5a62afb087eb" }, { "code": "Documents papier_10", "description": "Choisir un canal de transmission adapt\u00e9 aux risques et \u00e0 la fr\u00e9quence de transmission.", "uuid": "b7c9c6fb-abbb-49f3-b5a8-f12fab7bacae" }, { "code": "Documents papier_11", "description": "Am\u00e9liorer la confiance envers le transporteur de documents papier contenant des donn\u00e9es.", "uuid": "511f7037-7fbe-41e5-80b3-2acb6a34cb3b" }, { "code": "Documents papier_12", "description": "Prot\u00e9ger les documents papier contenant des donn\u00e9es.", "uuid": "da589b18-e850-4576-a779-d27024dd91f0" }, { "code": "Droit \u00e0 la limitation et d'opposition_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit d'opposition. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches \u00e0 effectuer ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais.", "uuid": "7bd7ed97-ee93-422a-a1f2-4703f5a7ea7c" }, { "code": "Droit \u00e0 la limitation et d'opposition_02", "description": "S'assurer que le droit d'opposition pourra toujours s'exercer et que les donn\u00e9es collect\u00e9es et trait\u00e9es permettent effectivement l'exercice du droit d'opposition.", "uuid": "ed0341d5-b5e0-4989-9084-07bfa7668941" }, { "code": "Droit \u00e0 la limitation et d'opposition_03", "description": "S'assurer que \u00ab l'int\u00e9ress\u00e9 est mis en mesure d'exprimer son choix avant la validation d\u00e9finitive de ses r\u00e9ponses \u00bb.", "uuid": "ed324770-7b66-4a5c-95cd-b2cc34f85cdb" }, { "code": "Droit \u00e0 la limitation et d'opposition_04", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites sur place permettent de s'assurer de l'identit\u00e9 des demandeurs et des personnes qu'ils peuvent mandater.", "uuid": "9e2762fd-b530-46b1-a438-b2a40c7d4f3d" }, { "code": "Droit \u00e0 la limitation et d'opposition_05", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites par voie postale sont sign\u00e9es et accompagn\u00e9es de la photocopie d'un titre d'identit\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9e sauf en cas de besoin de conserver une preuve) et qu'elles pr\u00e9cisent l'adresse \u00e0 laquelle doit parvenir la r\u00e9ponse.", "uuid": "da19be7b-85b1-4ace-85c1-95a5cfddcf01" }, { "code": "Droit \u00e0 la limitation et d'opposition_06", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites par voie \u00e9lectronique (en utilisant un canal chiffr\u00e9 si la transmission se fait via Internet) sont accompagn\u00e9es d'un titre d'identit\u00e9 num\u00e9ris\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9 sauf en cas de besoin de conservation d'une preuve, et ce, en noir et blanc, en faible d\u00e9finition et sous la forme d'un fichier chiffr\u00e9).", "uuid": "80bac0dc-0f02-411f-885b-1d9be6939426" }, { "code": "Droit \u00e0 la limitation et d'opposition_07", "description": "S'assurer que le motif l\u00e9gitime des personnes exer\u00e7ant leur droit d'opposition est fourni et appr\u00e9ci\u00e9 (sauf dans le cas de la prospection et des traitements ayant pour fin la recherche dans le domaine de la sant\u00e9, pour lesquels la personne dispose d'un droit d'opposition discr\u00e9tionnaire).", "uuid": "b581b87b-6219-4c82-8a2f-b1e98b7eea66" }, { "code": "Droit \u00e0 la limitation et d'opposition_08", "description": "S'assurer que tous les destinataires du traitement seront inform\u00e9s des oppositions exerc\u00e9es par des personnes concern\u00e9es.", "uuid": "866d2956-dd3b-46ee-b2bc-a41d572179d2" }, { "code": "Droit \u00e0 la limitation et d'opposition_09", "description": "[traitement par t\u00e9l\u00e9phone] Pr\u00e9voir un m\u00e9canisme permettant aux personnes concern\u00e9es de signifier leur opposition \u00e0 l'aide du t\u00e9l\u00e9phone.", "uuid": "8e98bc8a-ce48-415a-9568-3428a13b3616" }, { "code": "Droit \u00e0 la limitation et d'opposition_10", "description": "[traitement par formulaire \u00e9lectronique] Cr\u00e9er un formulaire, facilement accessible, avec des cases \u00e0 d\u00e9cocher (dit \u00ab opt-out \u00bb) ou pr\u00e9voir la possibilit\u00e9 de se d\u00e9sinscrire d'un service (suppression de compte).", "uuid": "2d59e2ad-27de-4939-896e-30beb57ad2e3" }, { "code": "Droit \u00e0 la limitation et d'opposition_11", "description": "[traitement par courrier \u00e9lectronique] S'assurer que l'exp\u00e9diteur des messages appara\u00eet tr\u00e8s clairement.", "uuid": "065ce986-8708-4c0c-9daf-5714ceec2e49" }, { "code": "Droit \u00e0 la limitation et d'opposition_12", "description": "[traitement par courrier \u00e9lectronique] S'assurer que le corps des messages est en rapport avec le sujet des messages.", "uuid": "551dec70-2bb3-4113-846c-690e82881a60" }, { "code": "Droit \u00e0 la limitation et d'opposition_13", "description": "[traitement par courrier \u00e9lectronique] Pr\u00e9voir une opposition en r\u00e9pondant au message ou en cliquant sur un lien permettant de s'opposer. La personne ne doit pas avoir besoin de s'authentifier pour \u00eatre d\u00e9sinscrite.", "uuid": "e13b23d5-65bc-4ebe-aa41-d98b6efaca5d" }, { "code": "Droit \u00e0 la limitation et d'opposition_14", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Proposer des param\u00e8tres \u00ab Vie priv\u00e9e \u00bb dans les applications mobiles.", "uuid": "228ef7b0-3a31-484e-9840-c56e1e2903ec" }, { "code": "Droit \u00e0 la limitation et d'opposition_15", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Permettre \u00e0 l'utilisateur de l'application mobile de s'opposer \u00e0 la collecte de donn\u00e9es particuli\u00e8res.", "uuid": "e8554843-c50b-496f-bbf2-b6de7a9c9efc" }, { "code": "Droit \u00e0 la limitation et d'opposition_16", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Prendre en compte les utilisateurs mineurs.", "uuid": "e7b9a183-4b66-46e1-b308-4b4236e65845" }, { "code": "Droit \u00e0 la limitation et d'opposition_17", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Arr\u00eater effectivement toute collecte de donn\u00e9es si l'utilisateur retire son consentement.", "uuid": "8813246d-90df-4a98-a2a5-abbfae9396c6" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit d'acc\u00e8s. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois (un mois dans le cadre du RGPD) pour des donn\u00e9es, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais exc\u00e9dant le co\u00fbt de la reproduction.", "uuid": "2cb24716-0d53-4c63-858b-cf6324205306" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_02", "description": "S'assurer que le droit d'acc\u00e8s pourra toujours s'exercer.", "uuid": "178520c6-b3ac-4d08-904c-b1c78b244c32" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_03", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites sur place permettent de s'assurer de l'identit\u00e9 des demandeurs et des personnes qu'ils peuvent mandater.", "uuid": "95f5461d-4f4c-4371-b20f-f2f70f26f8f9" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_04", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites par voie postale sont sign\u00e9es et accompagn\u00e9es de la photocopie d'un titre d'identit\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9e sauf en cas de besoin de conserver une preuve) et qu'elles pr\u00e9cisent l'adresse \u00e0 laquelle doit parvenir la r\u00e9ponse.", "uuid": "a453a528-9893-461c-ade1-e338f24ba34b" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_05", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites par voie \u00e9lectronique (en utilisant un canal chiffr\u00e9 si la transmission se fait via Internet) sont accompagn\u00e9es d'un titre d'identit\u00e9 num\u00e9ris\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9 sauf en cas de besoin de conservation d'une preuve, et ce, en noir et blanc, en faible d\u00e9finition et sous la forme d'un fichier chiffr\u00e9).", "uuid": "f4841bb7-12d6-445c-affb-4414a91c1f73" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_06", "description": "S'assurer de la possibilit\u00e9 de fournir toutes les informations qui peuvent \u00eatre demand\u00e9es par les personnes concern\u00e9es, tout en prot\u00e9geant les donn\u00e9es des tiers.", "uuid": "20826216-5939-47a0-8363-b11c050be8e0" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_07", "description": "[dossiers m\u00e9dicaux] Communiquer les informations au plus tard dans les huit jours suivant la demande et dans les deux mois si les informations remontent \u00e0 plus de cinq ans (\u00e0 compter de la date \u00e0 laquelle l'information m\u00e9dicale a \u00e9t\u00e9 constitu\u00e9e).", "uuid": "b870e46f-3bb8-42bc-ac50-7bf66371d346" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_08", "description": "[dossiers m\u00e9dicaux] Permettre l'exercice du droit d'acc\u00e8s par les titulaires de l'autorit\u00e9 parentale, pour les mineurs, ou le repr\u00e9sentant l\u00e9gal, pour les personnes faisant l'objet d'une mesure de tutelle.", "uuid": "24e51c4d-4249-4473-9e0f-1093b49360d0" }, { "code": "Droit de rectification et d'effacement_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit de rectification. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches \u00e0 effectuer ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais.", "uuid": "9ee6c61b-4ef7-4e88-81ed-ae1bd08e4452" }, { "code": "Droit de rectification et d'effacement_02", "description": "S'assurer que le droit de rectification pourra toujours s'exercer.", "uuid": "f8495542-f8f0-4067-ac16-a74d560ebfef" }, { "code": "Droit de rectification et d'effacement_03", "description": "S'assurer que le droit d'effacement pourra toujours s'exercer.", "uuid": "4e1e8d6e-6db0-4f3b-8243-66c3368e6ed1" }, { "code": "Droit de rectification et d'effacement_04", "description": "S'assurer que l'identit\u00e9 des demandeurs va \u00eatre v\u00e9rifi\u00e9e.", "uuid": "ebd8e891-cab9-45bd-9ba0-d52fc5a5ba97" }, { "code": "Droit de rectification et d'effacement_05", "description": "S'assurer que la v\u00e9racit\u00e9 des rectifications demand\u00e9es sera v\u00e9rifi\u00e9e.", "uuid": "bf9dfd20-0e6a-423e-8f34-8fc14849cae4" }, { "code": "Droit de rectification et d'effacement_06", "description": "S'assurer de l'effacement effectif des donn\u00e9es \u00e0 supprimer.", "uuid": "a2d7b18a-0192-48ca-baee-c2c2ad992e13" }, { "code": "Droit de rectification et d'effacement_07", "description": "S'assurer qu'une confirmation sera fournie aux demandeurs.", "uuid": "a641888a-64ba-41d6-81a1-5cad2f59fba6" }, { "code": "Droit de rectification et d'effacement_08", "description": "S'assurer que les destinataires \u00e0 qui des donn\u00e9es auraient \u00e9t\u00e9 transmises seront inform\u00e9s des rectifications faites.", "uuid": "7e5943e7-1779-4b96-adca-28408d3a5dc2" }, { "code": "Droit de rectification et d'effacement_09", "description": "Suite \u00e0 une demande d'effacement, pr\u00e9ciser \u00e0 l'utilisateur si des donn\u00e9es personnelles seront conserv\u00e9es malgr\u00e9 tout (contraintes techniques, obligations l\u00e9gales, etc.).", "uuid": "ee24573b-5e0a-4afc-9049-4aeb14fac625" }, { "code": "Droit de rectification et d'effacement_10", "description": "Mettre en oeuvre le droit \u00e0 l'oubli pour les mineurs.", "uuid": "05313636-e285-4da0-ad31-7d581a0cd21c" }, { "code": "Droit de rectification et d'effacement_11", "description": "[publicit\u00e9 cibl\u00e9e en ligne] Pr\u00e9voir un acc\u00e8s par la personne aux centres d'int\u00e9r\u00eat \u00e9tablis pour son profil et la possibilit\u00e9 de les modifier. L'authentification de la personne peut se faire sur la base des informations utilis\u00e9es pour acc\u00e9der \u00e0 son compte ou sur la base du cookie (ou \u00e9quivalent) pr\u00e9sent sur son poste.", "uuid": "b3e8c9d9-f85e-4a82-b6af-a03acee7ff49" }, { "code": "Dur\u00e9es de conservation_01", "description": "D\u00e9finir, pour chaque cat\u00e9gorie de donn\u00e9es, des dur\u00e9es de conservation limit\u00e9es dans le temps et en ad\u00e9quation avec la finalit\u00e9 du traitement et/ou des contraintes l\u00e9gales.", "uuid": "21b3119e-23cd-4616-ac86-ec3bfd6e1e0b" }, { "code": "Dur\u00e9es de conservation_02", "description": "V\u00e9rifier que le traitement permet de d\u00e9tecter la fin de la dur\u00e9e de conservation (mettre en place un m\u00e9canisme automatique bas\u00e9 sur la date de cr\u00e9ation des donn\u00e9es ou de leur dernier usage).", "uuid": "2ea0ebdd-01da-48a5-bdba-f13fce7426ea" }, { "code": "Dur\u00e9es de conservation_03", "description": "V\u00e9rifier que le traitement permet de supprimer les donn\u00e9es en fin de dur\u00e9e de conservation et que le moyen choisi pour les supprimer est appropri\u00e9 aux risques qui p\u00e8sent sur la vie priv\u00e9e des personnes concern\u00e9es.", "uuid": "c1c6c1cb-65fd-4415-9a03-2e133cc730f4" }, { "code": "Dur\u00e9es de conservation_04", "description": "Une fois la dur\u00e9e de conservation atteinte, sous r\u00e9serve de l'archivage interm\u00e9diaire pour les donn\u00e9es qui le n\u00e9cessitent, supprimer les donn\u00e9es sans d\u00e9lai.", "uuid": "e43d69d6-3c04-411e-adc7-e5b4f9067694" }, { "code": "Environnemental_01", "description": "Placer les produits dangereux (inflammables, combustibles, corrosifs, explosifs, a\u00e9rosols, humides, etc.) dans des lieux de stockage appropri\u00e9s et \u00e9loign\u00e9s de ceux o\u00f9 sont trait\u00e9es des donn\u00e9es.", "uuid": "3c0eeef6-e291-4877-8f5d-6059880514a9" }, { "code": "Environnemental_02", "description": "\u00c9viter les zones g\u00e9ographiques dangereuses (zones inondables, proximit\u00e9 d'a\u00e9roports, zones d'industries chimiques, zones sismiques, zones volcaniques, etc.).", "uuid": "fac6dd31-c831-4665-b3e7-8ead3e3b82a5" }, { "code": "Environnemental_03", "description": "Ne pas stocker les donn\u00e9es dans un \u00e9tat \u00e9tranger sauf s'il existe des garanties permettant d'assurer un niveau de protection des donn\u00e9es suffisant.", "uuid": "e64271a6-ab78-442c-851d-cfddbabd6f7c" }, { "code": "Exploitation_01", "description": "Documenter les proc\u00e9dures d'exploitation, les tenir \u00e0 jour et les communiquer \u00e0 tous les utilisateurs concern\u00e9s (toute action sur le syst\u00e8me, qu'il s'agisse d'op\u00e9rations d'administration ou de la simple utilisation d'une application, doit \u00eatre expliqu\u00e9e dans des documents auxquels les utilisateurs peuvent se r\u00e9f\u00e9rer).", "uuid": "05dd9f8d-9c84-456c-9b93-17002e38cb67" }, { "code": "Exploitation_02", "description": "Tenir \u00e0 jour un inventaire des logiciels et mat\u00e9riels utilis\u00e9s en exploitation.", "uuid": "dc3c264f-b898-41ea-949e-3aff913e45a7" }, { "code": "Exploitation_03", "description": "R\u00e9aliser une veille sur vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les logiciels (y compris les firmwares) utilis\u00e9s en exploitation, et les corriger d\u00e8s que possible.", "uuid": "a65cce3e-6ca4-460c-975b-878ea60f1663" }, { "code": "Exploitation_04", "description": "Formaliser les proc\u00e9dures de mises \u00e0 jour mat\u00e9rielles et logicielles.", "uuid": "690cc289-f2f6-4920-8056-73c61ebb7b26" }, { "code": "Exploitation_05", "description": "Interdire l'usage des serveurs de production (serveurs de base de donn\u00e9es, serveur web, serveur de messagerie, etc.) pour d'autres fins que celles pr\u00e9vues initialement.", "uuid": "3202bc26-de65-40cf-a46c-286ee8dfac1b" }, { "code": "Exploitation_06", "description": "Utiliser des unit\u00e9s de stockage de donn\u00e9es utilisant des m\u00e9canismes de redondance mat\u00e9rielle (tel que le RAID), ou bien des m\u00e9canismes de duplication des donn\u00e9es entre plusieurs serveurs et/ou sites.", "uuid": "86b75046-44bb-485c-aba2-1a7ee41c02c7" }, { "code": "Exploitation_07", "description": "V\u00e9rifier que le dimensionnement des capacit\u00e9s de stockage et de calcul est suffisant pour assurer le fonctionnement correct des traitements, m\u00eame en cas de pic d'activit\u00e9.", "uuid": "9f0ee3ea-d5e8-43db-a10d-71de859a9720" }, { "code": "Exploitation_08", "description": "V\u00e9rifier que les conditions physiques d'h\u00e9bergement (temp\u00e9rature, humidit\u00e9, fourniture d'\u00e9nergie, etc.) sont appropri\u00e9es \u00e0 l'usage pr\u00e9vu des mat\u00e9riels, et incluent des m\u00e9canismes de secours (onduleur et/ou alimentation de secours et/ou groupe \u00e9lectrog\u00e8ne).", "uuid": "860fcb9f-407b-4cdb-8bc8-e1b49f2ee7af" }, { "code": "Exploitation_09", "description": "Limiter l'acc\u00e8s physique aux mat\u00e9riels sensibles et/ou qui ont une grande valeur marchande.", "uuid": "4c7a25c3-9402-4547-83d2-7711f1bb47a9" }, { "code": "Exploitation_10", "description": "Limiter les possibilit\u00e9s de modification des mat\u00e9riels.", "uuid": "bf12c3b9-987b-4fe1-a2e0-3fdae3a93cb4" }, { "code": "Exploitation_11", "description": "Pr\u00e9voir un Plan de Reprise d'Activit\u00e9 (PRA) ou un Plan de Continuit\u00e9 d'Activit\u00e9 (PCA), en fonction des objectifs de disponibilit\u00e9 des traitements mis en oeuvre.", "uuid": "b60140df-0bd7-428e-a348-f673449c258b" }, { "code": "Exploitation_12", "description": "Mettre en place une proc\u00e9dure de gestion des incidents de s\u00e9curit\u00e9 permettant de les d\u00e9tecter, les enregistrer, les qualifier et les traiter.", "uuid": "13b05332-8b7f-40fb-bbea-164bc1e2b3f6" }, { "code": "Finalit\u00e9_01", "description": "D\u00e9tailler les finalit\u00e9s de traitement des donn\u00e9es et justifier leur l\u00e9gitimit\u00e9.", "uuid": "2c9a3e94-058c-459d-90d7-a79d4f0f9db2" }, { "code": "Finalit\u00e9_02", "description": "Expliciter les finalit\u00e9s de partage avec des tiers ainsi que les finalit\u00e9s de traitement de donn\u00e9es pour l'am\u00e9lioration du service.", "uuid": "60dfb6f8-6482-4b93-ad42-db9b6d7311aa" }, { "code": "Finalit\u00e9_03", "description": "Expliciter les modalit\u00e9s particuli\u00e8res du traitement, en pr\u00e9cisant notamment les croisements de donn\u00e9es s'il y a lieu.", "uuid": "ada21354-1cd6-4738-831d-aa3168f7a2e3" }, { "code": "Fondement_01", "description": "D\u00e9terminer et justifier le crit\u00e8re de lic\u00e9it\u00e9 qui s'applique au traitement de donn\u00e9es.", "uuid": "11c0774f-789a-4b87-a668-7723fcb5e02e" }, { "code": "Formalit\u00e9s pr\u00e9alables_01", "description": "V\u00e9rifier que le traitement de donn\u00e9es est effectivement conforme \u00e0 la finalit\u00e9 d\u00e9clar\u00e9e.", "uuid": "a04441de-c785-4997-868d-d3df75d6a4df" }, { "code": "Formalit\u00e9s pr\u00e9alables_02", "description": "R\u00e9aliser une \u00e9tude d'impact sur la vie priv\u00e9e (EIVP ou PIA) et le faire valider.", "uuid": "f4a0cca8-e784-44d5-b695-3e9676724678" }, { "code": "Formalit\u00e9s pr\u00e9alables_03", "description": "Consulter l'autorit\u00e9 de contr\u00f4le si les risques r\u00e9siduels, \u00e0 l'issue d' une \u00e9tude d'impact sur la vie priv\u00e9e, sont importants, selon l'article 36 du r\u00e8glement g\u00e9n\u00e9ral sur la protection des donn\u00e9es (RGPD).", "uuid": "662a2926-8deb-4ebf-835e-7d0c7bc7b826" }, { "code": "Formalit\u00e9s pr\u00e9alables_04", "description": "R\u00e9aliser les autres formalit\u00e9s sectorielles et contractuelles applicables au traitement (par exemple, formalit\u00e9s li\u00e9es \u00e0 d'autres codes et r\u00e8glements, contrat avec une source externe de donn\u00e9es, etc.).", "uuid": "0c96d60f-1d8e-4a67-92a9-9d24997d34a8" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_01", "description": "D\u00e9finir les r\u00f4les et responsabilit\u00e9s des parties prenantes, ainsi que les proc\u00e9dures de remont\u00e9es d'informations et de r\u00e9action, en cas de violation de donn\u00e9es.", "uuid": "900e1886-88c0-4a84-9a94-0d2dec073482" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_02", "description": "\u00c9tablir un annuaire des personnes en charge de g\u00e9rer les violations de donn\u00e9es.", "uuid": "9f095104-f66d-42ca-906a-2f104c937265" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_03", "description": "\u00c9laborer un plan de r\u00e9action en cas de violation de donn\u00e9es pour chaque risque \u00e9lev\u00e9, le tenir \u00e0 jour et le tester p\u00e9riodiquement.", "uuid": "4feb5fb9-0316-4653-99a1-b41d47825205" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_04", "description": "Permettre de qualifier les violations de donn\u00e9es selon leur impact sur la vie priv\u00e9e des personnes concern\u00e9es.", "uuid": "0c84b441-a79b-4747-a9e1-358cc21ffb2f" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_05", "description": "Traiter les \u00e9v\u00e8nements selon leur qualification (\u00e9v\u00e8nement, incident, sinistre, crise, etc.).", "uuid": "6f9d9a9a-600e-40fb-862f-4e6d3f6e7f45" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_06", "description": "Tenir \u00e0 jour une documentation des violations de donn\u00e9es.", "uuid": "113e65f1-51b1-481d-89c4-0d2167db3d35" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_07", "description": "\u00c9tudier la possibilit\u00e9 d'am\u00e9liorer les mesures de s\u00e9curit\u00e9 en fonction des violations de donn\u00e9es qui ont eu lieu.", "uuid": "b01b9ad8-c2ef-42f4-b4ac-be1bc06203d4" }, { "code": "Gestion des personnels_01", "description": "V\u00e9rifier que les personnes ayant acc\u00e8s aux donn\u00e9es et au traitement sont aptes \u00e0 exercer leur fonction.", "uuid": "37bb5c77-1212-462b-9c7d-f6e84290c2ea" }, { "code": "Gestion des personnels_02", "description": "S'assurer que les conditions de travail des personnes ayant acc\u00e8s aux donn\u00e9es et au traitement sont satisfaisantes.", "uuid": "ab831b8f-d2a2-4c16-99d6-3510c1c6923b" }, { "code": "Gestion des personnels_03", "description": "Sensibiliser les personnes ayant acc\u00e8s aux donn\u00e9es et au traitement aux risques li\u00e9s \u00e0 l'exploitation de leurs vuln\u00e9rabilit\u00e9s.", "uuid": "1b67a440-471e-450e-a90d-799670a16333" }, { "code": "Gestion des projets_01", "description": "Utiliser une d\u00e9marche de gestion des risques d\u00e8s l'\u00e9laboration d'un service ou la conception d'une application.", "uuid": "656dbbb9-a017-4a8c-b92c-2755f8bb303b" }, { "code": "Gestion des projets_02", "description": "Privil\u00e9gier le recours \u00e0 des labels de confiance dans les domaines de la SSI et la protection des donn\u00e9es personnelles (proc\u00e9dures, produits, syst\u00e8mes de management, organismes, personnes, etc.).", "uuid": "9ea3fc0a-f56b-4e33-a78a-2be467a6ea29" }, { "code": "Gestion des projets_03", "description": "Privil\u00e9gier le recours \u00e0 des r\u00e9f\u00e9rentiels \u00e9prouv\u00e9s et reconnus.", "uuid": "14d0e0b8-2313-4401-9111-60e3301cacf2" }, { "code": "Gestion des projets_04", "description": "Effectuer les formalit\u00e9s aupr\u00e8s de l'autorit\u00e9 de contr\u00f4le avant le lancement d'un nouveau traitement.", "uuid": "43f8343d-5c13-41fc-aa1e-047ede81f29d" }, { "code": "Gestion des projets_05", "description": "[acquisitions de logiciels] V\u00e9rifier que les d\u00e9veloppeurs et les mainteneurs disposent des ressources suffisantes pour ma\u00eetriser leurs actions.", "uuid": "80759e48-4710-45f8-b416-afe17878b7a2" }, { "code": "Gestion des projets_06", "description": "[acquisitions de logiciels] Privil\u00e9gier les applications interop\u00e9rables et ergonomiques.", "uuid": "934e5306-bd2e-4f8b-bdb4-33e26bd9ef67" }, { "code": "Gestion des projets_07", "description": "[acquisitions de logiciels] Effectuer les d\u00e9veloppements informatiques dans un environnement informatique distinct de celui de la production.", "uuid": "e6502e29-d199-40d9-8a51-b343fca3b0cb" }, { "code": "Gestion des projets_08", "description": "[acquisitions de logiciels] Prot\u00e9ger la disponibilit\u00e9, l'int\u00e9grit\u00e9 et si besoin la confidentialit\u00e9 des codes sources.", "uuid": "1a4fc4a7-5c98-4081-8c8f-3488ff593960" }, { "code": "Gestion des projets_09", "description": "[acquisitions de logiciels] Imposer des formats de saisie et d'enregistrement des donn\u00e9es qui minimisent les donn\u00e9es collect\u00e9es.", "uuid": "4e40b7a9-b487-47e0-acf5-f45f71f38f44" }, { "code": "Gestion des projets_10", "description": "[acquisitions de logiciels] S'assurer que les formats de donn\u00e9es sont compatibles avec la mise en oeuvre d'une dur\u00e9e de conservation.", "uuid": "a8923625-8999-44a0-a3b7-9bcead357b55" }, { "code": "Gestion des projets_11", "description": "[acquisitions de logiciels] Int\u00e9grer le contr\u00f4le d'acc\u00e8s aux donn\u00e9es par des cat\u00e9gories d'utilisateurs au moment du d\u00e9veloppement.", "uuid": "5eb06b3b-9b41-4090-8ce1-b3874699f862" }, { "code": "Gestion des projets_12", "description": "[acquisitions de logiciels] \u00c9viter le recours \u00e0 des zones de texte libre, et si de telles zones sont requises, faire appara\u00eetre soit en filigrane, soit comme texte pr\u00e9rempli s'effa\u00e7ant sit\u00f4t que l'utilisateur d\u00e9cide d'\u00e9crire dans la zone, les mentions suivantes : \u00ab Les personnes disposent d'un droit d'acc\u00e8s aux informations contenues dans cette zone de texte. Les informations que vous y inscrivez doivent \u00eatre PERTINENTES au regard du contexte. Elles ne doivent pas comporter d'appr\u00e9ciation subjective ni faire appara\u00eetre, \"directement ou indirectement les origines raciales ou ethniques, les opinions politiques, philosophiques ou religieuses ou l'appartenance syndicale des personnes, ou qui sont relatives \u00e0 la sant\u00e9 ou \u00e0 la vie sexuelles de celles-ci\" \u00bb.", "uuid": "a03ca1c2-c087-44b5-81e4-751c296ff051" }, { "code": "Gestion des projets_13", "description": "[acquisitions de logiciels] Interdire l'utilisation de donn\u00e9es r\u00e9elles avant la mise en op\u00e9ration, et les anonymiser si n\u00e9cessaire.", "uuid": "922ab9c2-d9d1-486e-bc68-14636b70544c" }, { "code": "Gestion des projets_14", "description": "[acquisitions de logiciels] V\u00e9rifier que les logiciels fonctionnent correctement et conform\u00e9ment lors de la recette.", "uuid": "5dd3704d-5f27-43dd-945c-94a42b69bf2a" }, { "code": "Gestion des risques_01", "description": "Recenser les traitements de donn\u00e9es \u00e0 caract\u00e8re personnel, automatis\u00e9s ou non, les donn\u00e9es trait\u00e9es (ex : fichiers client, contrats) et les supports sur lesquels ils reposent.", "uuid": "31b39fb1-84e9-407c-ade5-c59aac597e8a" }, { "code": "Gestion des risques_02", "description": "\u00c9valuer la mani\u00e8re dont les principes fondamentaux (information, consentement, droit d'acc\u00e8s...) sont respect\u00e9s.", "uuid": "a6e56295-2436-4a4c-823d-eaf42b481a36" }, { "code": "Gestion des risques_03", "description": "Appr\u00e9cier les risques de chaque traitement.", "uuid": "f73a7ecb-79f4-4319-8041-7c60cd642cce" }, { "code": "Gestion des risques_04", "description": "Mettre en oeuvre et v\u00e9rifier les mesures pr\u00e9vues. Si les mesures existantes et pr\u00e9vues sont jug\u00e9es comme appropri\u00e9es afin de garantir un niveau de s\u00e9curit\u00e9 adapt\u00e9 aux risques, il convient de s'assurer qu'elles soient appliqu\u00e9es et contr\u00f4l\u00e9es.", "uuid": "ba370be8-68f2-41f3-b39c-a2d4fa56ed3c" }, { "code": "Gestion des risques_05", "description": "Faire r\u00e9aliser des audits de s\u00e9curit\u00e9 p\u00e9riodiques, si possible annuels. Chaque audit devrait donner lieu \u00e0 un plan d'action dont la mise en oeuvre devrait \u00eatre suivie au plus haut niveau de l'organisme.", "uuid": "01d93bc9-1176-41f4-b8d2-0fba0e6721fc" }, { "code": "Gestion des risques_06", "description": "Ajuster la cartographie \u00e0 chaque \u00e9volution majeure et de mani\u00e8re p\u00e9riodique.", "uuid": "f4ed6a9b-3efa-464c-a7e5-ac416537614c" }, { "code": "Information des personnes concern\u00e9es_01", "description": "D\u00e9terminer et justifier les moyens pratiques qui vont \u00eatre mis en oeuvre pour informer les personnes concern\u00e9es, ou justifier de l'impossibilit\u00e9 de leur mise en oeuvre.", "uuid": "56e9a1bb-3ed4-4b74-92a3-63da11d9d12e" }, { "code": "Information des personnes concern\u00e9es_02", "description": "S'assurer que l'information sera r\u00e9alis\u00e9e de mani\u00e8re compl\u00e8te, claire et adapt\u00e9e au public vis\u00e9, en fonction de la nature des donn\u00e9es et des moyens pratiques choisis.", "uuid": "78255ed3-a07e-4082-84b8-255c3e7218a3" }, { "code": "Information des personnes concern\u00e9es_03", "description": "S'assurer que l'information sera r\u00e9alis\u00e9e au plus tard au moment o\u00f9 seront collect\u00e9es les donn\u00e9es.", "uuid": "4cf842f7-8d29-46eb-9f69-58b9f451cb4c" }, { "code": "Information des personnes concern\u00e9es_04", "description": "S'assurer que la collecte ne puisse pas \u00eatre effectu\u00e9e sans information.", "uuid": "81719522-7886-4bbb-9a64-7f180f33e3f6" }, { "code": "Information des personnes concern\u00e9es_05", "description": "Si possible, pr\u00e9voir un moyen de prouver que l'information a \u00e9t\u00e9 faite.", "uuid": "c306c451-ef33-4501-99e6-0e1d1ebc5c56" }, { "code": "Information des personnes concern\u00e9es_06", "description": "[salari\u00e9s d'un organisme] Obtenir l'avis pr\u00e9alable des institutions repr\u00e9sentatives du personnel dans les cas pr\u00e9vus par le Code du travail.", "uuid": "f074b4ef-e83d-46b8-af79-404ed8f686e7" }, { "code": "Information des personnes concern\u00e9es_07", "description": "[salari\u00e9s d'un organisme] Utiliser le moyen le plus appropri\u00e9 \u00e0 la culture de l'organisme.", "uuid": "104f9747-e8f2-4c66-bbed-a213c285a37d" }, { "code": "Information des personnes concern\u00e9es_08", "description": "[collecte de donn\u00e9es via un site Internet] Faire figurer une information \u00e0 destination des internautes directement ou facilement accessible.", "uuid": "3c5f2ea5-e242-4118-8ac9-7a07f4dc8694" }, { "code": "Information des personnes concern\u00e9es_09", "description": "[collecte de donn\u00e9es via une application mobile] Faire figurer une information \u00e0 destination des utilisateurs directement ou facilement accessible.", "uuid": "21af75d8-d761-4a91-8952-c9134dc0cb31" }, { "code": "Information des personnes concern\u00e9es_10", "description": "[collecte de donn\u00e9es via une application mobile] Informer l'utilisateur si l'application est susceptible d'acc\u00e9der \u00e0 des identifiants de l'appareil, en pr\u00e9cisant s'ils sont communiqu\u00e9s \u00e0 des tiers.", "uuid": "4a24c05f-1761-4b37-a636-3774d5e228b2" }, { "code": "Information des personnes concern\u00e9es_11", "description": "[collecte de donn\u00e9es via une application mobile] Informer l'utilisateur si l'application est susceptible de fonctionner en arri\u00e8re-plan.", "uuid": "52c55030-ddac-4ded-b9ae-b17f1bcb463e" }, { "code": "Information des personnes concern\u00e9es_12", "description": "[collecte de donn\u00e9es via une application mobile] Pr\u00e9senter \u00e0 l'utilisateur les protections d'acc\u00e8s \u00e0 l'appareil.", "uuid": "df20a7a8-8c25-45e4-80e6-b704fcc3606f" }, { "code": "Information des personnes concern\u00e9es_13", "description": "[collecte de donn\u00e9es par t\u00e9l\u00e9phone] D\u00e9livrer un message automatique avant que la conversation soit engag\u00e9e, pr\u00e9cisant notamment les droits des personnes, et le cas \u00e9ch\u00e9ant, les finalit\u00e9s de l'enregistrement de la conversation (formation, enqu\u00eate sur la qualit\u00e9 du service rendu, etc.), en leur offrant la possibilit\u00e9 de s'opposer \u00e0 l'enregistrement (pour motif l\u00e9gitime).", "uuid": "ff0e48bd-b80a-4de5-8c43-224157753353" }, { "code": "Information des personnes concern\u00e9es_14", "description": "[collecte de donn\u00e9es par t\u00e9l\u00e9phone] Mettre en place des moyens permettant l'authentification de l'appelant (ex : par une information connue seulement de l'organisme et de la personne concern\u00e9e).", "uuid": "ddfd140c-b23e-4cc8-829e-f06867a5a8ec" }, { "code": "Information des personnes concern\u00e9es_15", "description": "[collecte de donn\u00e9es via un formulaire] Placer la mention appropri\u00e9e sur le formulaire avec une typographie identique au reste du document.", "uuid": "06726271-3ddf-4af6-a5ac-327e477d8e36" }, { "code": "Information des personnes concern\u00e9es_16", "description": "[publicit\u00e9 cibl\u00e9e] Rendre accessible l'information des internautes de mani\u00e8re \u00e0 ce qu'elle soit parfaitement visible et lisible.", "uuid": "1eb94b5b-fc79-4327-ac91-bb6919d89020" }, { "code": "Information des personnes concern\u00e9es_17", "description": "[publicit\u00e9 cibl\u00e9e] Informer les internautes sur les diff\u00e9rentes formes de publicit\u00e9 cibl\u00e9e auxquelles ils sont susceptibles d'\u00eatre expos\u00e9s via le service qu'ils consultent et les divers proc\u00e9d\u00e9s utilis\u00e9s, les cat\u00e9gories d'informations trait\u00e9es aux fins d'adapter le contenu publicitaire et, en tant que de besoin, les informations non recueillies, leurs possibilit\u00e9s pour consentir \u00e0 l'affichage de publicit\u00e9s comportementales ou personnalis\u00e9es. L'information et le recueil du consentement doivent \u00eatre effectu\u00e9s avant tout stockage d'information ou obtention de l'acc\u00e8s \u00e0 des informations d\u00e9j\u00e0 stock\u00e9es dans l'\u00e9quipement terminal.", "uuid": "d294b307-f06c-45ac-9717-46c0a22c8c85" }, { "code": "Information des personnes concern\u00e9es_18", "description": "[mise \u00e0 jour d'un traitement existant] Informer plus particuli\u00e8rement sur les nouveaut\u00e9s du traitement (nouvelles finalit\u00e9s, nouveaux destinataires).", "uuid": "601f4aa9-9726-446d-9524-780ffaa31935" }, { "code": "Logiciels malveillants_01", "description": "Installer un antivirus sur les serveurs et postes de travail et le configurer.", "uuid": "df4f723b-d159-445d-aa91-d1898edfc86e" }, { "code": "Logiciels malveillants_02", "description": "Tenir les logiciels antivirus \u00e0 jour.", "uuid": "952e2fdb-a649-49bb-8d96-328045daddd0" }, { "code": "Logiciels malveillants_03", "description": "Mettre en oeuvre des mesures de filtrage permettant de filtrer les flux entrants/sortants du r\u00e9seau (firewall, proxy, etc.).", "uuid": "fb5a202a-3234-4d74-a811-31527881ab43" }, { "code": "Logiciels malveillants_04", "description": "Faire remonter les \u00e9v\u00e8nements de s\u00e9curit\u00e9 de l'antivirus sur un serveur centralis\u00e9 pour analyse statistique et gestion des probl\u00e8mes \u00e0 post\u00e9riori (dans le but de d\u00e9tecter un serveur infect\u00e9, un virus d\u00e9tect\u00e9 et non \u00e9radiqu\u00e9 par l'antivirus, etc.).", "uuid": "8cf43928-2c23-4794-89dd-364eb704c8f1" }, { "code": "Logiciels malveillants_05", "description": "Installer un programme de lutte contre les logiciels espions (anti-spyware) sur les postes de travail, le configurer et le tenir \u00e0 jour.", "uuid": "7ab822fa-8a63-45a0-952d-5e8fa4dbcfe9" }, { "code": "Maintenance_01", "description": "Encadrer par un contrat de sous-traitance la r\u00e9alisation des op\u00e9rations de maintenance lorsqu'elles sont effectu\u00e9es par des prestataires.", "uuid": "8600d1ea-a92d-40c2-9384-85c140c3dc3a" }, { "code": "Maintenance_02", "description": "Enregistrer toutes les op\u00e9rations de maintenance dans une main courante.", "uuid": "96a6e72d-02b7-4a7f-a8e8-9426dd5f75e3" }, { "code": "Maintenance_03", "description": "Encadrer les op\u00e9rations de t\u00e9l\u00e9maintenance.", "uuid": "3ed3d127-4a05-48d9-b000-e113d0857393" }, { "code": "Maintenance_04", "description": "Chiffrer ou effacer les donn\u00e9es pr\u00e9sentes sur les mat\u00e9riels (poste de travail fixe ou nomade, serveurs, etc.) envoy\u00e9s en maintenance externe. En cas d'impossibilit\u00e9 d\u00e9poser les supports de stockage de l'\u00e9quipement avant l'envoi en maintenance ou g\u00e9rer la maintenance en interne.", "uuid": "0afcfa8a-cb1d-4465-ba6f-301e549631d0" }, { "code": "Maintenance_05", "description": "[postes de travail] Lors des op\u00e9rations de maintenance n\u00e9cessitant une prise en main \u00e0 distance sur un poste de travail, ne r\u00e9aliser l'op\u00e9ration qu'apr\u00e8s avoir obtenu l'accord de l'utilisateur, et lui indiquer \u00e0 l'\u00e9cran si la prise en main est effective.", "uuid": "50e15e94-a4d6-4f70-9087-9e8451be42f2" }, { "code": "Maintenance_06", "description": "[postes de travail] Lorsqu'une op\u00e9ration de maintenance n\u00e9cessite une intervention physique sur un poste de travail contenant des donn\u00e9es sensibles, supprimer les donn\u00e9es pendant la maintenance.", "uuid": "ff149a3e-8f3e-43ae-821c-2b6a3a6b4b26" }, { "code": "Maintenance_07", "description": "[t\u00e9l\u00e9phone mobile] Configurer les t\u00e9l\u00e9phones avant de les remettre aux utilisateurs.", "uuid": "a7bb0169-11b2-4aee-a3f8-78b955431351" }, { "code": "Maintenance_08", "description": "[t\u00e9l\u00e9phone mobile] Informer les utilisateurs, par exemple sous la forme d'une note accompagnant la livraison, sur l'usage du t\u00e9l\u00e9phone, des applications (ex : business mail, Exchange) et des services fournis, ainsi que sur les r\u00e8gles de s\u00e9curit\u00e9 \u00e0 respecter.", "uuid": "c79a6fe4-3f57-43b3-918b-b1adee8c0d1c" }, { "code": "Maintenance_09", "description": "[supports de stockage] Effacer de fa\u00e7on s\u00e9curis\u00e9e ou bien d\u00e9truire physiquement les supports de stockage mis au rebut.", "uuid": "3c49be1d-afcd-40f5-8184-3968026d95be" }, { "code": "Maintenance_10", "description": "[supports de stockage] Lors des op\u00e9rations de maintenance n\u00e9cessitant une prise en main \u00e0 distance sur un poste de travail, ne r\u00e9aliser l'op\u00e9ration qu'apr\u00e8s avoir obtenu l'accord de l'utilisateur.", "uuid": "ad17dd47-cb36-4cdf-9628-2969a2e4a2e0" }, { "code": "Maintenance_11", "description": "[imprimantes et copieurs multifonctions] Dans le cas d'une maintenance par un tiers, pr\u00e9voir les mesures destin\u00e9es \u00e0 emp\u00eacher l'acc\u00e8s aux donn\u00e9es.", "uuid": "84da6fc4-ff9e-471b-b7c7-cc813bb861c0" }, { "code": "Maintenance_12", "description": "[imprimantes et copieurs multifonctions] Dans le cas d'une t\u00e9l\u00e9maintenance par un tiers \u00e0 une imprimante ou copieur multifonction h\u00e9berg\u00e9 localement, prendre des mesures sp\u00e9cifiques pour prot\u00e9ger chaque acc\u00e8s.", "uuid": "425074c4-142d-40f4-a094-37940e4fd731" }, { "code": "Maintenance_13", "description": "[imprimantes et copieurs multifonctions] Emp\u00eacher l'acc\u00e8s \u00e0 des donn\u00e9es stock\u00e9es sur des imprimantes ou copieurs multifonctions mis au rebut.", "uuid": "09c09d1b-8191-472e-98e6-435847ddffb6" }, { "code": "Mat\u00e9riels_01", "description": "Tenir \u00e0 jour un inventaire des ressources informatiques utilis\u00e9es.", "uuid": "c2ec9503-2c3d-4d23-8641-a6af1fae8cbd" }, { "code": "Mat\u00e9riels_02", "description": "Cloisonner les ressources de l'organisme en cas de partage de locaux.", "uuid": "666ef708-8443-4f39-b91d-942e4c320c13" }, { "code": "Mat\u00e9riels_03", "description": "Emp\u00eacher l'acc\u00e8s \u00e0 des donn\u00e9es stock\u00e9es sur des ressources informatiques mises au rebut.", "uuid": "f284858f-d562-4cfc-80a0-4f2bbecfc4fb" }, { "code": "Mat\u00e9riels_04", "description": "Pr\u00e9voir une redondance mat\u00e9rielle des unit\u00e9s de stockage par une technologie RAID ou \u00e9quivalente.", "uuid": "6332515b-9304-4904-8780-1b95e27d9235" }, { "code": "Mat\u00e9riels_05", "description": "V\u00e9rifier que le dimensionnement des capacit\u00e9s de stockage et de traitement, ainsi que les conditions d'utilisation, sont appropri\u00e9s \u00e0 l'usage pr\u00e9vu des mat\u00e9riels, notamment en termes de place, d'humidit\u00e9 et de temp\u00e9rature.", "uuid": "69f6611f-cab5-4478-bc92-1216bc9eb1f4" }, { "code": "Mat\u00e9riels_06", "description": "V\u00e9rifier que l'alimentation des mat\u00e9riels les plus critiques est prot\u00e9g\u00e9e contre les variations de tension et qu'elle est secourue, ou qu'elle permet au moins de les arr\u00eater normalement.", "uuid": "4d31b35d-b318-4d1a-bdc0-343cf6c08ffd" }, { "code": "Mat\u00e9riels_07", "description": "Limiter l'acc\u00e8s aux mat\u00e9riels sensibles et/ou qui ont une grande valeur marchande.", "uuid": "e5d8e91b-5729-477a-8343-0cc2b87dccc0" }, { "code": "Mat\u00e9riels_08", "description": "Limiter les possibilit\u00e9s de modification des mat\u00e9riels.", "uuid": "9522e881-b20f-4a0e-880f-1184af84d900" }, { "code": "Mat\u00e9riels_09", "description": "[postes de travail] R\u00e9cup\u00e9rer les donn\u00e9es, \u00e0 l'exception des donn\u00e9es signal\u00e9es comme \u00e9tant priv\u00e9es ou personnelles, pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne.", "uuid": "91d00285-5ac9-4bd2-9324-59c5c83dbfcc" }, { "code": "Mat\u00e9riels_10", "description": "[postes nomades] Limiter le stockage de donn\u00e9es sur les postes nomades au strict n\u00e9cessaire, et \u00e9ventuellement l'interdire lors des d\u00e9placements \u00e0 l'\u00e9tranger.", "uuid": "025b80de-389e-409c-9a0a-bdc77a422839" }, { "code": "Mat\u00e9riels_11", "description": "[postes nomades] Verrouiller l'appareil au bout de quelques minutes d'inactivit\u00e9.", "uuid": "8255e58d-d2e6-4fbc-929d-ee601cd26204" }, { "code": "Mat\u00e9riels_12", "description": "[supports amovibles] Limiter l'usage des supports amovibles \u00e0 ceux fournis par le service en charge de l'informatique.", "uuid": "40973d0f-8960-427b-8495-7efe7d6fd15c" }, { "code": "Mat\u00e9riels_13", "description": "[supports amovibles] Interdire l'utilisation de cl\u00e9s USB \u00e0 connexion sans fil (ex : Bluetooth).", "uuid": "7e5d3505-fb1a-44b0-a6f8-9ed07570c236" }, { "code": "Mat\u00e9riels_14", "description": "[supports amovibles] Interdire la connexion de cl\u00e9s USB sur des mat\u00e9riels non s\u00e9curis\u00e9s (antivirus, pare-feu, etc.).", "uuid": "ff1d4a51-8e8b-4639-9ee6-cd34d65e49e9" }, { "code": "Mat\u00e9riels_15", "description": "[supports amovibles] Limiter l'utilisation des cl\u00e9s USB aux activit\u00e9s professionnelles.", "uuid": "bc0a1306-882e-44d0-95a1-7f41dba8658f" }, { "code": "Mat\u00e9riels_16", "description": "[supports amovibles] D\u00e9sactiver la fonctionnalit\u00e9 d'ex\u00e9cution automatique sur tous les postes (strat\u00e9gie de groupe).", "uuid": "a3f970b2-9752-4763-a82d-02c22da11eb8" }, { "code": "Mat\u00e9riels_17", "description": "[supports amovibles] Chiffrer les donn\u00e9es stock\u00e9es sur un support amovible.", "uuid": "3c899fb0-9384-4b0c-a91c-1db80535fdd7" }, { "code": "Mat\u00e9riels_18", "description": "[supports amovibles] Restituer les supports amovibles d\u00e9fectueux ou plus utiles au service en charge de l'informatique.", "uuid": "5c6f4802-3911-47ab-9d8b-fd482efb54d0" }, { "code": "Mat\u00e9riels_19", "description": "[supports amovibles] D\u00e9truire de mani\u00e8re s\u00e9curis\u00e9e les supports de donn\u00e9es qui sont inutiles.", "uuid": "b8dba354-dec6-4364-9e35-265190329f1c" }, { "code": "Mat\u00e9riels_20", "description": "[imprimantes et copieurs multifonctions] Changer les mots de passe \"constructeur\" par d\u00e9faut.", "uuid": "cefdb279-897d-4ed8-976c-9ba08750c457" }, { "code": "Mat\u00e9riels_21", "description": "[imprimantes et copieurs multifonctions] D\u00e9sactiver les interfaces r\u00e9seau inutiles.", "uuid": "1af86688-591f-46bd-b08c-0198e36b3046" }, { "code": "Mat\u00e9riels_22", "description": "[imprimantes et copieurs multifonctions] D\u00e9sactiver ou supprimer les services inutiles.", "uuid": "bfa1d4aa-bdc9-4036-86c7-b876e25127b1" }, { "code": "Mat\u00e9riels_23", "description": "[imprimantes et copieurs multifonctions] Chiffrer les donn\u00e9es sur le disque dur lorsque cette fonction est disponible.", "uuid": "f4f8e468-bac0-40cd-9ed8-0ed5c976c523" }, { "code": "Mat\u00e9riels_24", "description": "[imprimantes et copieurs multifonctions] Limiter l'envoi de documents num\u00e9ris\u00e9s aux adresses de messagerie internes et dans certains cas limiter l'envoi de documents num\u00e9ris\u00e9s \u00e0 une seule adresse de messagerie.", "uuid": "cbbadaca-2185-4c69-ab27-02d97d034043" }, { "code": "Minimisation des donn\u00e9es_01", "description": "Justifier de la collecte de chaque donn\u00e9e.", "uuid": "edae0fbc-e415-4b7d-8208-b79130cfdf3b" }, { "code": "Minimisation des donn\u00e9es_02", "description": "Bien faire la distinction entre les donn\u00e9es anonymes et pseudonymes.", "uuid": "f1c5c683-7025-4ba8-a3b0-4b9c7a4faf8e" }, { "code": "Minimisation des donn\u00e9es_03", "description": "\u00c9viter les champs de saisie en texte libre (ex : zones \u00ab commentaires \u00bb), en raison du risque que les utilisateurs y consignent des informations ne respectant pas les principes de minimisation. On pr\u00e9f\u00e8rera donc des champs de saisie \u00e0 base de listes d\u00e9roulantes. Si on ne peut \u00e9viter la saisie de texte libre, une sensibilisation des utilisateurs devra \u00eatre faite quant \u00e0 l'usage de ces champs, vis-\u00e0-vis des conditions g\u00e9n\u00e9rales du service et vis-\u00e0-vis de la loi (pas de propos injurieux, pas de donn\u00e9es sensibles non d\u00e9clar\u00e9es, etc.).", "uuid": "b8072981-619d-46e0-8f9b-ad7e84549a6a" }, { "code": "Minimisation des donn\u00e9es_04", "description": "V\u00e9rifier que les donn\u00e9es sont ad\u00e9quates, pertinentes et non excessives au regard de la finalit\u00e9 poursuivie, et ne pas les collecter dans le cas contraire.", "uuid": "2a529e83-d2ca-4147-82cf-f44f213ad29f" }, { "code": "Minimisation des donn\u00e9es_05", "description": "V\u00e9rifier que les donn\u00e9es ne font pas appara\u00eetre, directement ou indirectement, les origines raciales ou ethniques, les opinions politiques, philosophiques ou religieuses ou l'appartenance syndicale, ainsi que les donn\u00e9es relatives \u00e0 la sant\u00e9 ou \u00e0 la vie sexuelle, et ne pas les collecter dans le cas contraire \u00e0 moins d'\u00eatre dans des circonstances d'exception (consentement, int\u00e9r\u00eat public conform\u00e9ment \u00e0 l'article 9 du RGPD).", "uuid": "8478c80b-1729-40d0-a4a7-315af3003c52" }, { "code": "Minimisation des donn\u00e9es_06", "description": "V\u00e9rifier que les donn\u00e9es ne sont pas relatives \u00e0 des infractions, condamnations ou mesures de s\u00fbret\u00e9, et ne pas les collecter dans le cas contraire, \u00e0 moins d'\u00eatre dans des circonstances d'exception (juridictions, auxiliaires de justice conform\u00e9ment \u00e0 l'article 10 du RGPD).", "uuid": "be361b63-c23d-436e-bcca-b3e57b87fcd0" }, { "code": "Minimisation des donn\u00e9es_07", "description": "Emp\u00eacher de collecter davantage de donn\u00e9es.", "uuid": "75fd0afd-a5f6-49f2-bc0f-808d75e98c27" }, { "code": "Minimisation des donn\u00e9es_08", "description": "Filtrer et retirer les donn\u00e9es inutiles.", "uuid": "7f58309d-502e-43ba-a154-17b97fbe53f0" }, { "code": "Minimisation des donn\u00e9es_09", "description": "R\u00e9duire la sensibilit\u00e9 par transformation.", "uuid": "706b68ba-4615-4b9d-bfef-e455d2027b57" }, { "code": "Minimisation des donn\u00e9es_10", "description": "R\u00e9duire le caract\u00e8re identifiant des donn\u00e9es.", "uuid": "6e61bab7-4731-4a76-ad49-87021019a20b" }, { "code": "Minimisation des donn\u00e9es_11", "description": "R\u00e9duire l'accumulation de donn\u00e9es.", "uuid": "ee0f9383-d0e4-42db-88fa-108d8f457139" }, { "code": "Minimisation des donn\u00e9es_12", "description": "Restreindre l'acc\u00e8s aux donn\u00e9es.", "uuid": "76edaf87-77ad-4739-98bd-4dc95f2d22d1" }, { "code": "Minimisation des donn\u00e9es_13", "description": "Limiter l'envoi des documents \u00e9lectroniques contenant des donn\u00e9es aux personnes ayant le besoin d'en disposer dans le cadre de leur activit\u00e9.", "uuid": "64eafbb1-6b71-42b1-aeab-73bf2889f2d7" }, { "code": "Minimisation des donn\u00e9es_14", "description": "Effacer de mani\u00e8re s\u00e9curis\u00e9e les donn\u00e9es qui ne sont plus utiles ou qu'une personne demande de supprimer, sur le syst\u00e8me en op\u00e9ration et sur les sauvegardes le cas \u00e9ch\u00e9ant.", "uuid": "5d5c5f28-e2b3-4cd2-a608-e5e28b46673b" }, { "code": "Organisation_01", "description": "Faire d\u00e9signer par le responsable des traitements une personne en charge de l'assister dans la mise en application du r\u00e8glement g\u00e9n\u00e9ral sur la protection des donn\u00e9es (RGPD) et lui accorder les moyens n\u00e9cessaires \u00e0 l'exercice de sa mission.", "uuid": "2801471c-383e-48dd-9d9a-ace88fb25b1b" }, { "code": "Organisation_02", "description": "D\u00e9finir les r\u00f4les, responsabilit\u00e9s et interactions entre toutes les parties prenantes dans le domaine de la protection des donn\u00e9es personnelles.", "uuid": "285712b1-b3a5-4d2a-95ef-762bec7c84c0" }, { "code": "Organisation_03", "description": "Cr\u00e9er un comit\u00e9 de suivi, compos\u00e9 du responsable des traitements, de la personne en charge de l'assister dans la mise en application du RGPD et des parties int\u00e9ress\u00e9es, et se r\u00e9unissant de mani\u00e8re r\u00e9guli\u00e8re (au moins une fois par an) pour fixer des objectifs et faire un point sur l'ensemble des traitements de l'organisme.", "uuid": "8bbdcb67-c783-4d15-9a20-dbc3a2f87aa6" }, { "code": "Politique_01", "description": "Formaliser les \u00e9l\u00e9ments importants relatifs au domaine de la vie priv\u00e9e au sein d'une base documentaire qui constitue la politique de protection des donn\u00e9es personnelles, dans une forme adapt\u00e9e aux diff\u00e9rents contenus (risques, grands principes \u00e0 respecter, objectifs \u00e0 atteindre, r\u00e8gles \u00e0 appliquer, etc.) et aux diff\u00e9rentes cibles de communication (usagers, service en charge de l'informatique, d\u00e9cideurs, etc.).", "uuid": "56085501-a07b-43c7-aafc-f0251b13c4c5" }, { "code": "Politique_02", "description": "Faire conna\u00eetre la politique de protection des donn\u00e9es personnelles aux personnes qui doivent l'appliquer.", "uuid": "8a988847-bebf-460b-bf9d-5b8f3693af89" }, { "code": "Politique_03", "description": "Permettre aux personnes qui doivent appliquer la politique de protection des donn\u00e9es personnelles de demander formellement une d\u00e9rogation en cas de difficult\u00e9 de mise en oeuvre , \u00e9tudier chaque demande de d\u00e9rogation en termes d'impact sur les risques, et le cas \u00e9ch\u00e9ant, faire valider les d\u00e9rogations acceptables par le responsable de traitement et faire \u00e9voluer la politique en cons\u00e9quence.", "uuid": "94ceebf9-e136-44dd-b537-b4ae81a51b81" }, { "code": "Politique_04", "description": "\u00c9tablir un plan d'action pluriannuel et suivre la mise en oeuvre la politique de protection des donn\u00e9es personnelles.", "uuid": "1fa223a3-2596-4e4d-8599-afd399f1a162" }, { "code": "Politique_05", "description": "Pr\u00e9voir les d\u00e9rogations aux r\u00e8gles de la politique de protection des donn\u00e9es personnelles.", "uuid": "119d2bda-cd01-4e82-bf1d-bb78ce8aff82" }, { "code": "Politique_06", "description": "Pr\u00e9voir de prendre en compte les difficult\u00e9s rencontr\u00e9es dans l'application de la politique de protection des donn\u00e9es personnelles.", "uuid": "26076a3f-0cbb-4268-a6f0-6bbc3f64c5d6" }, { "code": "Politique_07", "description": "V\u00e9rifier la conformit\u00e9 aux r\u00e8gles de la politique de protection des donn\u00e9es personnelles et la mise en oeuvre du plan d'action de mani\u00e8re r\u00e9guli\u00e8re.", "uuid": "e5e11b5a-ceb6-4546-892c-79e78dfd5a58" }, { "code": "Politique_08", "description": "R\u00e9viser la politique de protection des donn\u00e9es personnelles de mani\u00e8re r\u00e9guli\u00e8re.", "uuid": "f996d911-1c68-43fe-95f3-b48a59fa320b" }, { "code": "Postes de travail_01", "description": "Assurer la mise \u00e0 disposition et le maintien en conditions op\u00e9rationnelles et de s\u00e9curit\u00e9 des postes de travail des utilisateurs par le service en charge de l'informatique.", "uuid": "2909e89a-fb31-465b-9b4d-5b986bc60aec" }, { "code": "Postes de travail_02", "description": "Prot\u00e9ger les postes peu volumineux, donc susceptibles d'\u00eatre facilement emport\u00e9s, et notamment les ordinateurs portables, \u00e0 l'aide d'un c\u00e2ble physique de s\u00e9curit\u00e9, d\u00e8s que l'utilisateur ne se trouve pas \u00e0 proximit\u00e9 et que le local n'est pas s\u00e9curis\u00e9 physiquement.", "uuid": "adafec69-16e7-4255-bc00-bb763979be75" }, { "code": "Postes de travail_03", "description": "R\u00e9cup\u00e9rer les donn\u00e9es, \u00e0 l'exception des donn\u00e9es signal\u00e9es comme priv\u00e9es ou personnelles, pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne.", "uuid": "151e0fde-8c9a-4dcf-a82f-e5731c99b09c" }, { "code": "Postes de travail_04", "description": "Effacer les donn\u00e9es pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne ou pour les postes partag\u00e9s.", "uuid": "f15f0c88-08ac-46ec-a515-7efdda82f227" }, { "code": "Postes de travail_05", "description": "Supprimer les donn\u00e9es temporaires \u00e0 chaque reconnexion des postes partag\u00e9s.", "uuid": "258a18a7-39b2-4c38-aec5-94397c4270c4" }, { "code": "Postes de travail_06", "description": "En cas de compromission d'un poste, rechercher toute trace d'intrusion dans le syst\u00e8me afin de d\u00e9tecter si l'attaquant a compromis d'autres \u00e9l\u00e9ments.", "uuid": "e1f84a8a-12b5-46a2-a740-4859627256f9" }, { "code": "Postes de travail_07", "description": "Tenir les syst\u00e8mes et applications \u00e0 jour (versions, correctifs de s\u00e9curit\u00e9, etc.) ou, lorsque cela est impossible (ex : application uniquement disponible sur un syst\u00e8me qui n'est plus maintenu par l'\u00e9diteur), isoler la machine et porter une attention particuli\u00e8re aux journaux.", "uuid": "54947799-560e-4195-89d7-51e86787b27c" }, { "code": "Postes de travail_08", "description": "Documenter les configurations et les mettre \u00e0 jour \u00e0 chaque changement notable.", "uuid": "cb57f1bb-2fdb-468e-97fb-ef1da1bb7169" }, { "code": "Postes de travail_09", "description": "Limiter les possibilit\u00e9s de d\u00e9tournements d'usages.", "uuid": "6ed3b030-a0a1-4ce5-933a-03a56dd79b12" }, { "code": "Postes de travail_10", "description": "Prot\u00e9ger les acc\u00e8s logiques aux postes de travail.", "uuid": "3acfe072-0563-41a7-b418-6a48008d95fe" }, { "code": "Postes de travail_11", "description": "Activer les mesures de protection offertes par le syst\u00e8me et les applications.", "uuid": "5cc20ef6-edc5-4eac-927d-dcdb56fe83bb" }, { "code": "Postes de travail_12", "description": "Interdire le partage de r\u00e9pertoires ou de donn\u00e9es localement sur les postes de travail.", "uuid": "b2831da7-b6b1-4c14-b23d-a3caf7f543f3" }, { "code": "Postes de travail_13", "description": "Stocker les donn\u00e9es des utilisateurs sur un espace r\u00e9seau sauvegard\u00e9 et non sur les postes de travail.", "uuid": "18fe7f33-228b-4e46-b0e4-9fdc31f21c95" }, { "code": "Postes de travail_14", "description": "Dans le cas o\u00f9 des donn\u00e9es doivent \u00eatre stock\u00e9es en local sur un poste, fournir des moyens de synchronisation ou de sauvegarde aux utilisateurs et les informer sur leur utilisation.", "uuid": "c2bbf9e6-0396-46c6-9a69-e537033024bc" }, { "code": "Postes de travail_15", "description": "S\u00e9curiser la configuration du navigateur Internet.", "uuid": "ba8a5792-fde0-4479-b552-37496c5e1e3f" }, { "code": "Postes de travail_16", "description": "D\u00e9ployer le navigateur dont la configuration a \u00e9t\u00e9 s\u00e9curis\u00e9e sur tous postes de travail n\u00e9cessitant un acc\u00e8s \u00e0 Internet ou Intranet.", "uuid": "3252b36f-e80e-4bf1-bba0-3770970abcdf" }, { "code": "Postes de travail_17", "description": "Limiter le recours \u00e0 des modules d'extension (plugins), supprimer ceux qui ne sont pas utilis\u00e9s et tenir \u00e0 jour ceux qui sont install\u00e9s.", "uuid": "830cef3a-82bc-4bb2-8996-c9cc6970325f" }, { "code": "Postes de travail_18", "description": "Interdire l'ex\u00e9cution des applications t\u00e9l\u00e9charg\u00e9es ne provenant pas de sources s\u00fbres.", "uuid": "3f855614-4fe1-44a2-a181-39da61d62bb7" }, { "code": "Postes de travail_19", "description": "Rechercher les vuln\u00e9rabilit\u00e9s exploitables.", "uuid": "c9daaf50-fd5a-428b-bbf6-fa64c7bf4d63" }, { "code": "Postes de travail_20", "description": "Contr\u00f4ler l'int\u00e9grit\u00e9 du syst\u00e8me \u00e0 l'aide de contr\u00f4leurs d'int\u00e9grit\u00e9 (qui v\u00e9rifient l'int\u00e9grit\u00e9 de fichiers choisis).", "uuid": "4516765e-5d49-4e55-9963-bda208f3e04e" }, { "code": "Postes de travail_21", "description": "S'assurer que la taille maximale des journaux d'\u00e9v\u00e8nements est suffisante, et notamment que les \u00e9v\u00e8nements les plus anciens ne sont pas supprim\u00e9s automatiquement si la taille maximale est atteinte.", "uuid": "09960a7b-3352-4f9a-aeaf-6aa6661bff68" }, { "code": "Postes de travail_22", "description": "Journaliser les \u00e9v\u00e8nements relatifs aux applications, \u00e0 la s\u00e9curit\u00e9 et au syst\u00e8me.", "uuid": "1ddfa74b-1c92-482f-8421-24a0d144fb68" }, { "code": "Postes de travail_23", "description": "Exporter les journaux \u00e0 l'aide des fonctionnalit\u00e9s de gestion du domaine ou via un client syslog.", "uuid": "040dad6c-dfb5-429c-9404-86ad4d35dc0c" }, { "code": "Postes de travail_24", "description": "Analyser principalement les heures de connexions et d\u00e9connexions, le type de protocole utilis\u00e9 pour se connecter et le type d'utilisateur qui y a recours, l'adresse IP d'origine de la connexion, les \u00e9checs successifs de connexions, les arr\u00eats inopin\u00e9s d'applications ou de t\u00e2ches.", "uuid": "b6d0b02f-b02d-45ae-af0e-8dbcbf55a299" }, { "code": "Postes de travail_25", "description": "[postes nomades] Chiffrer les donn\u00e9es stock\u00e9es sur les postes nomades.", "uuid": "c8ec2ccd-aa47-446a-8f37-0dee07f847ff" }, { "code": "Postes de travail_26", "description": "[postes nomades] Limiter le stockage de donn\u00e9es sur les postes nomades au strict n\u00e9cessaire, et \u00e9ventuellement l'interdire lors de d\u00e9placement \u00e0 l'\u00e9tranger.", "uuid": "396fa6c3-fc9e-4775-acdb-0305b0c74b07" }, { "code": "Postes de travail_27", "description": "[postes nomades] Assurer la disponibilit\u00e9 des donn\u00e9es stock\u00e9es sur les postes nomades.", "uuid": "28f4ae7b-9118-4ec3-956c-4eab0d817e3a" }, { "code": "Postes de travail_28", "description": "[postes nomades] Purger les donn\u00e9es collect\u00e9es sur le poste nomade sit\u00f4t qu'elles ont \u00e9t\u00e9 introduites dans le syst\u00e8me d'information de l'organisme.", "uuid": "0921ec99-6747-49c3-917d-a22107d02bde" }, { "code": "Postes de travail_29", "description": "[postes nomades] Positionner un filtre de confidentialit\u00e9 sur les \u00e9crans des postes nomades d\u00e8s qu'ils sont utilis\u00e9s en dehors de l'organisme.", "uuid": "7669215a-04d4-41a3-b3e3-7546ec06c9f5" }, { "code": "Postes de travail_30", "description": "[t\u00e9l\u00e9phones mobiles] Configurer les t\u00e9l\u00e9phones mobiles avant d'\u00eatre livr\u00e9s aux utilisateurs.", "uuid": "e5744a1e-219e-4d1c-bc38-52a053a4cbb4" }, { "code": "Postes de travail_31", "description": "[t\u00e9l\u00e9phones mobiles] Informer les utilisateurs, par exemple sous la forme d'une note accompagnant la livraison, sur l'usage du t\u00e9l\u00e9phone, des applications (ex : business mail, Exchange, etc.) et des services fournis, ainsi que sur les r\u00e8gles de s\u00e9curit\u00e9 \u00e0 respecter.", "uuid": "44a79e4f-89cb-4d71-b12b-a10397e6e9ce" }, { "code": "Postes de travail_32", "description": "[serveur] Isoler le serveur du reste du r\u00e9seau dans une DMZ sp\u00e9cifique ou un VLAN, utiliser un anti-virus \u00e0 jour, un anti-spyware et un anti-spam, installer imm\u00e9diatement les mises \u00e0 jour de s\u00e9curit\u00e9 du syst\u00e8me d'exploitation, authentifier les appareils par certificat \u00e9lectronique (si possible).", "uuid": "b7f28967-ed0e-44f8-b473-fad807fc46ae" }, { "code": "Postes de travail_33", "description": "[t\u00e9l\u00e9phones mobiles] S\u00e9curiser la fin de vie de l'appareil.", "uuid": "b5545f2a-d6bb-4d82-924a-b1aea285ab71" }, { "code": "Qualit\u00e9 des donn\u00e9es_01", "description": "V\u00e9rifier r\u00e9guli\u00e8rement l'exactitude des donn\u00e9es personnelles de l'utilisateur.", "uuid": "560cfa0d-0266-44b6-ae2f-3f3190db2974" }, { "code": "Qualit\u00e9 des donn\u00e9es_02", "description": "Inviter l'utilisateur \u00e0 contr\u00f4ler et, si n\u00e9cessaire, mettre \u00e0 jour ses donn\u00e9es r\u00e9guli\u00e8rement.", "uuid": "fd6ff76b-5f45-496b-91f4-8fda6180dbab" }, { "code": "Qualit\u00e9 des donn\u00e9es_03", "description": "Assurer la tra\u00e7abilit\u00e9 de toute modification des donn\u00e9es.", "uuid": "4b2d9a54-fd04-44c7-8684-7f6ad571eb0c" }, { "code": "Relations avec les tiers_01", "description": "Identifier tous les tiers qui ont ou pourraient avoir un acc\u00e8s l\u00e9gitime aux donn\u00e9es.", "uuid": "5842586f-9d95-4856-806b-e7a0653aa4d8" }, { "code": "Relations avec les tiers_02", "description": "D\u00e9terminer leur r\u00f4le vis-\u00e0-vis du traitement (administrateur informatique, sous-traitant, destinataire, personnes charg\u00e9es de traiter les donn\u00e9es, tiers autoris\u00e9) en fonction des actions qu'ils vont r\u00e9aliser.", "uuid": "30bc4dd1-4f85-4d46-a3d7-07c22fa33994" }, { "code": "Relations avec les tiers_03", "description": "D\u00e9terminer les responsabilit\u00e9s respectives en fonction des risques li\u00e9s \u00e0 ces donn\u00e9es.", "uuid": "1d7881b1-1bb4-4c1a-b81e-1c9e145ffeba" }, { "code": "Relations avec les tiers_04", "description": "D\u00e9terminer la forme appropri\u00e9e pour fixer les droits et obligations selon la forme juridique des tiers et leur localisation g\u00e9ographique.", "uuid": "840fdc25-8160-47a4-84ef-1655446d90fa" }, { "code": "Relations avec les tiers_05", "description": "Formaliser les r\u00e8gles que les personnes doivent respecter durant tout le cycle de vie de la relation li\u00e9e au traitement ou aux donn\u00e9es, selon la cat\u00e9gorie de personnes et les actions qu'elles vont r\u00e9aliser.", "uuid": "95e59cec-f9f5-4bad-8dc0-d64c9fdec0bf" }, { "code": "Relations avec les tiers_06", "description": "[prestataires en interne] Appliquer aux prestataires les m\u00eames mesures que pour les salari\u00e9s de l'organisme : formation aux enjeux de la protection des donn\u00e9es personnelles, obligation de respecter les r\u00e8gles d'usage des ressources informatiques de l'organisme annex\u00e9es au r\u00e8glement int\u00e9rieur.", "uuid": "b3c20465-7306-4a61-8259-b2dffdd60e8c" }, { "code": "Relations avec les tiers_07", "description": "[prestataires en interne] Fournir aux prestataires un poste de travail interne \u00e0 l'organisme ou s'assurer que l'utilisation du poste de travail fourni par leur employeur est compatible avec les objectifs de s\u00e9curit\u00e9 de l'organisme.", "uuid": "b5994020-e8ca-47be-8989-3d9eebe2da75" }, { "code": "Relations avec les tiers_08", "description": "[prestataires en interne] S'assurer que les prestataires sont bien engag\u00e9s aupr\u00e8s de leur employeur par une clause de confidentialit\u00e9 applicable aux organismes clients de leur employeur.", "uuid": "edfde4eb-2ff2-42c9-b8c5-655da7bc8a7b" }, { "code": "Relations avec les tiers_09", "description": "[prestataires en interne] G\u00e9rer les habilitations des prestataires de fa\u00e7on sp\u00e9cifique en leur attribuant des habilitations limit\u00e9es dans le temps prenant fin automatiquement \u00e0 la date pr\u00e9visionnelle de la fin de leur mission.", "uuid": "293c76d6-319d-4dc7-b2a2-8581e19d8f6b" }, { "code": "Relations avec les tiers_10", "description": "[tiers destinataires] Encadrer contractuellement la transmission des donn\u00e9es aux tiers destinataires.", "uuid": "a45771d7-4498-450d-a0cf-ff8eddf4bee2" }, { "code": "Relations avec les tiers_11", "description": "[tiers destinataires] Imposer au tiers de publier une politique de protection des donn\u00e9es personnelles couvrant les traitements aliment\u00e9s par les donn\u00e9es transmises et pr\u00e9cisant les objectifs de s\u00e9curit\u00e9 issus de la politique de s\u00e9curit\u00e9 des syst\u00e8mes d'information.", "uuid": "bbf4f754-0da7-40cb-bae1-9adec9a0b23b" }, { "code": "Relations avec les tiers_12", "description": "[tiers destinataires] Si la transmission de donn\u00e9es est faite via Internet toujours, chiffrer les flux de donn\u00e9es.", "uuid": "5acc6bfc-cac5-45eb-842c-204ddacc1284" }, { "code": "Relations avec les tiers_13", "description": "[tiers destinataires] Syst\u00e9matiquement, informer le tiers lorsque des personnes exercent leur droit de rectification.", "uuid": "2bbae62c-5f4d-4459-b16b-c169276a5e6c" }, { "code": "Relations avec les tiers_14", "description": "[tiers autoris\u00e9s] Ne r\u00e9pondre qu'aux demandes transmises de fa\u00e7on formelle (courrier postal, fax) et r\u00e9pondre via le m\u00eame canal de communication. Ne pas prendre en compte les demandes adress\u00e9es par mail ni ne r\u00e9pondre par ce canal de communication.", "uuid": "658f383e-2a21-493f-9a4a-95252ada7850" }, { "code": "Relations avec les tiers_15", "description": "[tiers autoris\u00e9s] V\u00e9rifier la base l\u00e9gale de chaque demande de communication.", "uuid": "5e7263eb-cc9b-4ec4-92f5-4d1feed5430e" }, { "code": "Relations avec les tiers_16", "description": "[tiers autoris\u00e9s] Authentifier les \u00e9metteurs et ne r\u00e9pondre qu'\u00e0 eux.", "uuid": "34e66e2b-f9df-4680-a833-39b436fa2a61" }, { "code": "Relations avec les tiers_17", "description": "[tiers autoris\u00e9s] R\u00e9pondre de fa\u00e7on stricte \u00e0 la demande en ne fournissant que les donn\u00e9es mentionn\u00e9es dans la demande.", "uuid": "d7c17d95-b28c-4328-a1af-0336f7bcb960" }, { "code": "R\u00e9seaux_01", "description": "Maintenir \u00e0 jour une cartographie d\u00e9taill\u00e9e du r\u00e9seau.", "uuid": "b38a5776-9cce-4708-a383-d0735b4acb92" }, { "code": "R\u00e9seaux_02", "description": "Recenser tous les acc\u00e8s Internet, les int\u00e9grer dans la cartographie du r\u00e9seau et s'assurer que les mesures pr\u00e9vues sont bien appliqu\u00e9es \u00e0 chacun d'entre eux.", "uuid": "64d5965c-eace-4754-abe4-d17dc42f5e82" }, { "code": "R\u00e9seaux_03", "description": "Assurer la disponibilit\u00e9 des canaux informatiques.", "uuid": "5d24a637-56b0-4d6a-804f-cbe63961493d" }, { "code": "R\u00e9seaux_04", "description": "Segmenter le r\u00e9seau en sous-r\u00e9seaux logiques \u00e9tanches selon les services cens\u00e9s y \u00eatre d\u00e9ploy\u00e9s.", "uuid": "fc83e811-4d47-4d6b-b443-7ccc476a1b5c" }, { "code": "R\u00e9seaux_05", "description": "Interdire toute communication directe entre des postes internes et l'ext\u00e9rieur.", "uuid": "c81ee7e7-1598-4544-9870-ba47ed1c293f" }, { "code": "R\u00e9seaux_06", "description": "N'utiliser que les flux explicitement autoris\u00e9s (limiter les ports de communication strictement n\u00e9cessaires au bon fonctionnement des applications install\u00e9es) \u00e0 l'aide d'un pare-feu.", "uuid": "89b1ced3-1950-4629-8479-06777206146d" }, { "code": "R\u00e9seaux_07", "description": "Surveiller l'activit\u00e9 r\u00e9seau apr\u00e8s en avoir inform\u00e9 les personnes concern\u00e9es.", "uuid": "52fbddde-7b73-48e4-868d-3d57973d09de" }, { "code": "R\u00e9seaux_08", "description": "Pr\u00e9voir un plan de r\u00e9ponse en cas d'intrusion majeure contenant les mesures organisationnelles et techniques pour d\u00e9limiter et circonscrire la compromission.", "uuid": "f88ee60a-cf84-44ee-9f99-eca0c8dfade1" }, { "code": "R\u00e9seaux_09", "description": "Identifier les mat\u00e9riels de mani\u00e8re automatique comme moyen d'authentification des connexions \u00e0 partir de lieux et mat\u00e9riels sp\u00e9cifiques.", "uuid": "947cf84f-4f95-4ae8-a493-0b23a80de7f4" }, { "code": "R\u00e9seaux_10", "description": "S\u00e9curiser les flux d'administration et restreindre, voire interdire, l'acc\u00e8s physique et logique aux ports de diagnostic et de configuration \u00e0 distance.", "uuid": "a34a3b2b-2317-43f0-9061-eabdca6eaa2b" }, { "code": "R\u00e9seaux_11", "description": "Interdire le raccordement d'\u00e9quipements informatiques non ma\u00eetris\u00e9s.", "uuid": "64cc6741-9a90-4a52-afe4-dd1792c9a888" }, { "code": "R\u00e9seaux_12", "description": "Transmettre les secrets garantissant la confidentialit\u00e9 de donn\u00e9es (cl\u00e9 de d\u00e9chiffrement, mot de passe, etc.) dans une transmission distincte, si possible via un canal de nature diff\u00e9rente de celui ayant servi \u00e0 la transmission des donn\u00e9es.", "uuid": "f87086dc-dd46-465a-87ec-12ebfb3067bb" }, { "code": "R\u00e9seaux_13", "description": "[\u00e9quipements actifs] Utiliser le protocole SSH ou une connexion directe \u00e0 l'\u00e9quipement pour la connexion aux \u00e9quipements actifs du r\u00e9seau (pare-feu, routeurs, commutateurs) et proscrire l'utilisation du protocole Telnet sauf en cas de connexion directe.", "uuid": "7a73df5f-5d1b-46c7-9d20-d0d33884f6f5" }, { "code": "R\u00e9seaux_14", "description": "[t\u00e9l\u00e9maintenance] Limiter la prise de main \u00e0 distance d'une ressource informatique locale aux agents du service en charge de l'informatique, sur les ressources informatiques de leur p\u00e9rim\u00e8tre.", "uuid": "800ae6b2-04a7-4b39-a2ea-c08826d7dadf" }, { "code": "R\u00e9seaux_15", "description": "[t\u00e9l\u00e9maintenance] Identifier les utilisateurs de l'outil de prise de main \u00e0 distance de mani\u00e8re unique.", "uuid": "ecc30a00-d461-4b18-a80b-9e812b2e1999" }, { "code": "R\u00e9seaux_16", "description": "[t\u00e9l\u00e9maintenance] Authentifier les utilisateurs de l'outil de prise de main \u00e0 distance au moins par un mot de passe robuste et si possible par certificat \u00e9lectronique.", "uuid": "5d0c0510-e983-4c9b-839f-0e9e6abae3bb" }, { "code": "R\u00e9seaux_17", "description": "[t\u00e9l\u00e9maintenance] Journaliser les actions des utilisateurs de l'outil de prise en main \u00e0 distance.", "uuid": "d9e70d17-8200-40ac-8617-f8d286699206" }, { "code": "R\u00e9seaux_18", "description": "[t\u00e9l\u00e9maintenance] S\u00e9curiser le flux d'authentification s\u00e9curis\u00e9.", "uuid": "3d0ff9ec-8e07-4aeb-bdc0-70a0999799b3" }, { "code": "R\u00e9seaux_19", "description": "[t\u00e9l\u00e9maintenance] La prise de main \u00e0 distance doit \u00eatre soumise \u00e0 un accord pr\u00e9alable de l'utilisateur.", "uuid": "d6b20d02-e96c-4c72-8a57-9d819af7fa9c" }, { "code": "R\u00e9seaux_20", "description": "[t\u00e9l\u00e9maintenance] Interdire la modification du param\u00e9trage de s\u00e9curit\u00e9 de l'outil et la visualisation des mots de passe ou secrets utilis\u00e9s.", "uuid": "0d809dac-07f2-4a2c-ac44-8f8d89d39318" }, { "code": "R\u00e9seaux_21", "description": "[t\u00e9l\u00e9maintenance] Emp\u00eacher la r\u00e9cup\u00e9ration des secrets utilis\u00e9s pour \u00e9tablir la connexion \u00e0 partir d'un poste de travail.", "uuid": "a1b10cdf-f7c2-4c31-8487-0476ffeab70e" }, { "code": "R\u00e9seaux_22", "description": "[t\u00e9l\u00e9maintenance] Chiffrer l'ensemble des flux \u00e9chang\u00e9s.", "uuid": "170febf2-0cb4-43c0-9fc1-f071ee3af5ce" }, { "code": "R\u00e9seaux_23", "description": "[t\u00e9l\u00e9maintenance] L'utilisateur doit \u00eatre inform\u00e9 qu'une prise de main \u00e0 distance est en cours sur son poste de travail (par exemple \u00e0 l'aide d'une ic\u00f4ne).", "uuid": "6549e197-1a10-4145-a56c-727a1396514e" }, { "code": "R\u00e9seaux_24", "description": "[postes nomades] Mettre en place une solution d'authentification forte des utilisateurs acc\u00e9dant \u00e0 distance au syst\u00e8me d'information interne (quand cela est possible).", "uuid": "fd742eed-ef22-46df-844a-6a7ba475782a" }, { "code": "R\u00e9seaux_25", "description": "[postes nomades] Chiffrer les communications entre le poste nomade et le syst\u00e8me d'information interne.", "uuid": "78e54808-1768-45fb-bd6a-0efd5d16dc3d" }, { "code": "R\u00e9seaux_26", "description": "[postes nomades] Installer un pare-feu local pour s\u00e9curiser les \u00e9changes r\u00e9seau entrant et sortant sur le poste de travail en situation de nomadisme, qui doit \u00eatre activ\u00e9 d\u00e8s que le poste nomade sort de l'organisme.", "uuid": "befbf1d0-810d-42d7-92c3-8facadf09773" }, { "code": "R\u00e9seaux_27", "description": "[interfaces sans fil] Interdire les communications non s\u00e9curis\u00e9es.", "uuid": "dc95d51c-31c7-4fdb-82d2-113afa255783" }, { "code": "R\u00e9seaux_28", "description": "[interfaces sans fil] Interdire la connexion simultan\u00e9e \u00e0 un r\u00e9seau via une interface sans fil et par l'interface Ethernet.", "uuid": "d4f9a1de-088d-4be6-b609-04b0aabbb576" }, { "code": "R\u00e9seaux_29", "description": "[interfaces sans fil] D\u00e9sactiver les interfaces de connexion sans fil (Wifi, Bluetooth, infrarouge, 4G, etc.) d\u00e8s lors qu'elles ne sont pas utilis\u00e9es, de mani\u00e8re mat\u00e9rielle ou logicielle.", "uuid": "b613554b-0647-428f-be99-0f5075e5ff3f" }, { "code": "R\u00e9seaux_30", "description": "[interfaces sans fil] Ma\u00eetriser les r\u00e9seaux sans fil.", "uuid": "a00b62ce-cd2a-4e0e-8540-88c5ba4ef0f1" }, { "code": "R\u00e9seaux_31", "description": "[Wifi] Utiliser le protocole WPA ou WPA2 avec un mode de chiffrement AES/CCMP ou le mode \u00ab Enterprise \u00bb des protocoles WPA et WPA2 (utilisant un serveur Radius, ainsi que les sous-protocoles EAP-TLS ou PEAP).", "uuid": "57904ce6-566b-4fad-8292-713119cb8128" }, { "code": "R\u00e9seaux_32", "description": "[Wifi] Interdire les r\u00e9seaux ad hoc.", "uuid": "f4406404-5a76-48e0-beaf-8b18cbb9ca4f" }, { "code": "R\u00e9seaux_33", "description": "[Wifi] Utiliser et configurer un pare-feu au point d'entr\u00e9e/sortie du r\u00e9seau, afin de cloisonner les \u00e9quipements connect\u00e9s en fonction des besoins.", "uuid": "c7cb8369-bbdc-4005-8232-05af4496a6bb" }, { "code": "R\u00e9seaux_34", "description": "[Bluetooth] Imposer une authentification mutuelle avec l'appareil distant.", "uuid": "fa01bb34-6b29-40fa-83d6-9e22295080b0" }, { "code": "R\u00e9seaux_35", "description": "[Bluetooth] Limiter l'utilisation \u00e0 l'\u00e9change de fichiers avec des mat\u00e9riels ma\u00eetris\u00e9s par le service en charge de l'informatique.", "uuid": "7284cd89-16f2-4052-bd57-1d007618e79c" }, { "code": "R\u00e9seaux_36", "description": "[Bluetooth] Chiffrer les \u00e9changes.", "uuid": "3258b781-41ae-4d67-9252-880bffbfa106" }, { "code": "R\u00e9seaux_37", "description": "[infrarouge] R\u00e9aliser une authentification avant la connexion, l'\u00e9mission et la r\u00e9ception d'un fichier ou d'une commande.", "uuid": "78f1e57c-e085-49c8-ad22-e3d6c5aefb18" }, { "code": "R\u00e9seaux_38", "description": "[t\u00e9l\u00e9phonie mobile] Prot\u00e9ger la carte SIM par un code PIN demand\u00e9 \u00e0 chaque utilisation.", "uuid": "60f1b6fa-30bf-4f83-80f1-3ec466120a88" }, { "code": "R\u00e9seaux_39", "description": "[Internet] Utiliser le protocole TLS (HTTPS) pour assurer l'authentification des serveurs et la confidentialit\u00e9 des communications.", "uuid": "d95c1909-3eae-486b-a6ec-ab5d68a7ed74" }, { "code": "R\u00e9seaux_40", "description": "[transfert de fichiers] Utiliser le protocole SFTP ou \u00e9ventuellement le protocole SCP.", "uuid": "e43a6ac7-d957-49a1-852a-744c68c4db11" }, { "code": "R\u00e9seaux_41", "description": "[fax] Chiffrer les fichiers avant tout transfert dans le cas de risques \u00e9lev\u00e9s.", "uuid": "b521bc9c-4b3f-4400-b03f-6aadcf506164" }, { "code": "R\u00e9seaux_42", "description": "[fax] Positionner le fax dans un local physiquement contr\u00f4l\u00e9 et accessible uniquement au personnel habilit\u00e9.", "uuid": "fd283473-0995-4b6b-832f-2f3e79025cba" }, { "code": "R\u00e9seaux_43", "description": "[fax] Mettre en place un contr\u00f4le par code d'acc\u00e8s personnel pour l'impression des messages.", "uuid": "a24e9bac-a46d-4b22-af48-57aed0c9d86d" }, { "code": "R\u00e9seaux_44", "description": "[fax] Faire afficher l'identit\u00e9 du fax destinataire lors de l'\u00e9mission des messages, afin d'\u00eatre assur\u00e9 de l'identit\u00e9 du destinataire.", "uuid": "6d457057-5311-40dd-9b38-3e2fc5e360e1" }, { "code": "R\u00e9seaux_45", "description": "[fax] Doubler l'envoi par fax d'un envoi des documents originaux au destinataire.", "uuid": "b024fea4-cecf-4839-bd8c-d817a7d2a338" }, { "code": "R\u00e9seaux_46", "description": "[fax] Pr\u00e9enregistrer dans le carnet d'adresses des fax (si cette fonctionnalit\u00e9 existe) les destinataires potentiels.", "uuid": "b3f15a65-11d9-4c98-b5ee-0c1ef9cbb508" }, { "code": "R\u00e9seaux_47", "description": "[ADSL/Fibre] Recenser les points d'acc\u00e8s locaux \u00e0 Internet.", "uuid": "d2b2a148-c1e2-4998-a3cc-1feae580c188" }, { "code": "R\u00e9seaux_48", "description": "[ADSL/Fibre] Isoler physiquement les points d'acc\u00e8s locaux \u00e0 Internet du r\u00e9seau interne.", "uuid": "607b68a1-3304-441d-93a4-208a8cebfe84" }, { "code": "R\u00e9seaux_49", "description": "[points d'acc\u00e8s locaux] Ne les utiliser qu'en cas de besoins sp\u00e9cifiques et justifi\u00e9s (exemple : perte de disponibilit\u00e9 de l'acc\u00e8s au r\u00e9seau interurbain).", "uuid": "b8259109-ec84-429f-afb6-468188291be6" }, { "code": "R\u00e9seaux_50", "description": "[points d'acc\u00e8s locaux] Ne les activer que lors de leur utilisation.", "uuid": "e2a0bae7-28dc-4831-a244-a5bffc226cdf" }, { "code": "R\u00e9seaux_51", "description": "[points d'acc\u00e8s locaux] D\u00e9sactiver leur \u00e9ventuelle interface sans fil (\u00ab wifi \u00bb).", "uuid": "9d3287f7-d854-4c21-9054-23a98ca574f2" }, { "code": "R\u00e9seaux_52", "description": "[email] Chiffrer les pi\u00e8ces jointes contenant des donn\u00e9es.", "uuid": "0c56934f-baaa-48b5-8ad0-73de64fa063b" }, { "code": "R\u00e9seaux_53", "description": "[email] Sensibiliser les utilisateurs au fait qu'ils doivent \u00e9viter d'ouvrir des courriers \u00e9lectroniques d'origine inconnue et encore plus les pi\u00e8ces jointes \u00e0 risque (extensions .pif, .com, .bat, .exe, .vbs, .lnk, etc.) ou configurer le syst\u00e8me de telle sorte qu'il ne soit pas possible de les ouvrir.", "uuid": "7c85c408-1323-4985-8f9a-bef2aec522ab" }, { "code": "R\u00e9seaux_54", "description": "[email] Sensibiliser les utilisateurs au fait qu'il convient de ne pas relayer les canulars.", "uuid": "37f331a2-8f93-4a53-9323-43963bf9e26b" }, { "code": "R\u00e9seaux_55", "description": "[messagerie instantan\u00e9e] Interdire l'installation et l'utilisation de logiciels de messagerie instantan\u00e9e, et si cela est n\u00e9anmoins n\u00e9cessaire, sensibiliser les utilisateurs aux risques et bonnes pratiques \u00e0 adopter.", "uuid": "132abb6c-f387-4aac-b465-019b5f510c0c" }, { "code": "Sauvegardes_01", "description": "Effectuer une sauvegarde des donn\u00e9es, qu'elles soient sous forme papier ou \u00e9lectronique, de mani\u00e8re r\u00e9guli\u00e8re, selon les besoins de disponibilit\u00e9 et d'int\u00e9grit\u00e9 des m\u00e9tiers.", "uuid": "37fee388-8a21-4f4e-8419-a79218124f32" }, { "code": "Sauvegardes_02", "description": "Mettre en oeuvre des m\u00e9canismes de chiffrement du canal de transmission des donn\u00e9es dans le cas o\u00f9 la sauvegarde est automatis\u00e9e par le r\u00e9seau.", "uuid": "b2932c56-37ef-4e84-9119-53503a2df913" }, { "code": "Sauvegardes_03", "description": "Prot\u00e9ger les donn\u00e9es sauvegard\u00e9es au m\u00eame niveau de s\u00e9curit\u00e9 qu'en exploitation.", "uuid": "943f7bd3-2760-4c7b-99b7-404397d602fd" }, { "code": "Sauvegardes_04", "description": "Tester les sauvegardes de mani\u00e8re r\u00e9guli\u00e8re.", "uuid": "5c4e538a-e437-4a42-a1de-ff750f441313" }, { "code": "Sauvegardes_05", "description": "Tester l'int\u00e9grit\u00e9 des donn\u00e9es sauvegard\u00e9es si les besoins des m\u00e9tiers le n\u00e9cessitent.", "uuid": "32f1a608-726a-41f4-b20f-be030b4d6989" }, { "code": "Sauvegardes_06", "description": "Formaliser le niveau d'engagement du service en charge de l'informatique vis-\u00e0-vis du recouvrement des informations chiffr\u00e9es en cas de perte ou d'indisponibilit\u00e9 des secrets assurant le chiffrement (mots de passe, certificats) et contr\u00f4ler r\u00e9guli\u00e8rement les proc\u00e9dures en coh\u00e9rence avec l'engagement pris.", "uuid": "fb8d805a-1ceb-4c7b-ab28-f402fe453f18" }, { "code": "Sauvegardes_07", "description": "S'assurer que l'organisation, les personnels, syst\u00e8mes et locaux n\u00e9cessaires au traitement sont disponibles dans un d\u00e9lai correspondant aux besoins des m\u00e9tiers.", "uuid": "03f796b3-a464-4d28-b11f-2d8cff590458" }, { "code": "Sauvegardes_08", "description": "S'assurer de la localisation g\u00e9ographique des sauvegardes, notamment v\u00e9rifier dans quel(s) pays les donn\u00e9es seront stock\u00e9es.", "uuid": "e80d1526-b858-4469-bcd6-3ac308b7e8a4" }, { "code": "Sites web_01", "description": "Utiliser un certificat sign\u00e9 par une autorit\u00e9 racine de confiance \"qualifi\u00e9e\".", "uuid": "ba86f498-922c-4b46-bd2c-a6e75d90aaea" }, { "code": "Sites web_02", "description": "Le chiffrement des flux doit \u00eatre garanti par TLS, d\u00e8s lors, il est n\u00e9cessaire de configurer le serveur web afin que celui-ci n'accepte que ce type de protocole (exclure notamment le protocole SSL et rendre le chiffrement obligatoire lors de la n\u00e9gociation SSL).", "uuid": "54ada837-7393-4bb9-82fa-8dbabe5781e8" }, { "code": "Sites web_03", "description": "D\u00e9finissez un Content-Security-Policy n'incluant que les acteurs que vous autorisez \u00e0 d\u00e9poser des contenus sur votre site.", "uuid": "df02a7d4-64a0-4424-81c5-57c407c0ce1f" }, { "code": "Sites web_04", "description": "Effectuez des audits de s\u00e9curit\u00e9 sur le site.", "uuid": "839987f9-a3af-4857-8d15-97e7a7a4b3e7" }, { "code": "sources non humaines_01", "description": "Mettre en place des moyens de pr\u00e9vention, d\u00e9tection et protection contre l'incendie.", "uuid": "b7f1e10b-5c50-4a94-bb06-5d94df2f7006" }, { "code": "sources non humaines_02", "description": "Mettre en place des moyens de surveillance de la temp\u00e9rature.", "uuid": "2df0a1d8-498a-4f74-8ddd-e66ce95abe32" }, { "code": "sources non humaines_03", "description": "Mettre en place des moyens de surveillance et de secours de l'alimentation \u00e9lectrique.", "uuid": "85e4715f-cdf5-410d-9c85-4c2bf520caba" }, { "code": "sources non humaines_04", "description": "Mettre en place des moyens de pr\u00e9vention des d\u00e9g\u00e2ts des eaux.", "uuid": "1b030af3-71d2-4d38-a9c8-229cdb73e0da" }, { "code": "sources non humaines_05", "description": "S'assurer que les services essentiels (\u00e9lectricit\u00e9, eau, climatisation, etc.) sont correctement dimensionn\u00e9s pour les syst\u00e8mes pris en charge.", "uuid": "0d7b594a-9f70-4757-90cd-a8929212d28a" }, { "code": "sources non humaines_06", "description": "Pr\u00e9ciser dans les contrats de maintenance des \u00e9quipements de fonctionnement des services essentiels et de s\u00e9curit\u00e9 (extincteurs, climatisation, eau, d\u00e9tection de fum\u00e9e et de chaleur, d\u00e9tection d'ouverture et d'effraction, groupe \u00e9lectrog\u00e8ne, etc.) un d\u00e9lai d'intervention adapt\u00e9 en cas de d\u00e9faillance, et les contr\u00f4ler au moins une fois par an.", "uuid": "3d3db077-14c5-4dd9-9a35-a20a480f673d" }, { "code": "sources non humaines_07", "description": "En cas de fortes exigences de disponibilit\u00e9, connecter l'infrastructure de t\u00e9l\u00e9communications par au moins deux acc\u00e8s diff\u00e9rents et ind\u00e9pendants, et faire en sorte de pouvoir basculer de l'un \u00e0 l'autre tr\u00e8s rapidement. Si les besoins de disponibilit\u00e9 sont tr\u00e8s \u00e9lev\u00e9s, le recours \u00e0 un site de secours doit \u00eatre envisag\u00e9.", "uuid": "6fd63d6c-8e3f-4fed-8b46-3a121cad6716" }, { "code": "Sous-traitance_01", "description": "Un contrat de sous-traitance doit \u00eatre conclu avec chacun des sous-traitants, pr\u00e9cisant l'ensemble des \u00e9l\u00e9ments pr\u00e9vus \u00e0 l'art. 28 du RGPD.", "uuid": "8e8d9706-2f4e-4155-9b4e-2e518af726c8" }, { "code": "Sous-traitance_02", "description": "Encadrer la relation de sous-traitance via un contrat conclu intuitu person\u00e6.", "uuid": "dc824e4f-631c-44b7-853e-c50fcc4845de" }, { "code": "Sous-traitance_03", "description": "Exiger du sous-traitant la transmission de sa Politique de S\u00e9curit\u00e9 des Syst\u00e8mes d'Information (PSSI) ainsi que de toute les preuves de ses certifications en mati\u00e8re de s\u00e9curit\u00e9 de l'information et annexer ces documents au contrat.", "uuid": "c525a6b8-a186-4a5e-8ec8-ca86a37a8a83" }, { "code": "Sous-traitance_04", "description": "D\u00e9terminer et fixer contractuellement de fa\u00e7on tr\u00e8s pr\u00e9cise les op\u00e9rations que le sous-traitant sera amen\u00e9 \u00e0 effectuer sur les donn\u00e9es \u00e0 caract\u00e8re personnel.", "uuid": "55238cb5-d218-4ef3-a16a-fc8950e2cb58" }, { "code": "Sous-traitance_05", "description": "D\u00e9terminer contractuellement la r\u00e9partition des responsabilit\u00e9s vis-\u00e0-vis des processus l\u00e9gaux visant \u00e0 permettre l'exercice des droits des personnes.", "uuid": "e6b0068c-2d13-45d6-bdb1-f3c01492a0e5" }, { "code": "Sous-traitance_06", "description": "Interdire explicitement ou encadrer le recours \u00e0 des sous-traitants de rang 2.", "uuid": "2b741baa-6527-4d1e-af57-588d3222bfc0" }, { "code": "Sous-traitance_07", "description": "Pr\u00e9ciser dans le contrat que le respect des obligations de protection des donn\u00e9es personnelles est une obligation essentielle du contrat.", "uuid": "ad62edd5-a05f-47e7-bf7a-239d70c9c5fe" }, { "code": "Sous-traitance_08", "description": "[fournisseurs de services de cloud computing] Imposer au fournisseur une s\u00e9paration \u00e0 minima logique entre les donn\u00e9es de l'organisme et les donn\u00e9es de ses autres clients.", "uuid": "91c09f69-641d-4a67-b280-d88bc48cc025" }, { "code": "Sous-traitance_09", "description": "[fournisseurs de services de cloud computing] D\u00e9finir tr\u00e8s pr\u00e9cis\u00e9ment les lieux dans lesquels les donn\u00e9es sont susceptibles d'\u00eatre stock\u00e9es, et les pays depuis lesquels les donn\u00e9es stock\u00e9es dans le cloud sont susceptibles d'\u00eatre accessibles.", "uuid": "ec375f72-ec16-4e03-84c1-0fd1cbd2544c" }, { "code": "Supervision_01", "description": "Effectuer r\u00e9guli\u00e8rement des contr\u00f4les des traitements de donn\u00e9es afin de v\u00e9rifier leur conformit\u00e9 au RGPD ainsi que l'effectivit\u00e9 et l'ad\u00e9quation des mesures pr\u00e9vues.", "uuid": "fd130562-249c-4a67-a6ac-02ece98679cb" }, { "code": "Supervision_02", "description": "Fixer des objectifs dans le domaine de la vie priv\u00e9e et des indicateurs permettant de v\u00e9rifier l'atteinte de ces objectifs.", "uuid": "6d968cf0-962b-4f7c-b03d-c3abd72e5b4a" }, { "code": "Supervision_03", "description": "Faire un bilan de la protection des donn\u00e9es personnelles de mani\u00e8re r\u00e9guli\u00e8re.", "uuid": "f908a54b-facf-4b53-9709-b4f2ecc00450" }, { "code": "Surveillance_01", "description": "Mettre en place une architecture de journalisation permettant de conserver une trace des \u00e9v\u00e8nements de s\u00e9curit\u00e9 et du moment o\u00f9 ils ont eu lieu.", "uuid": "7db357a2-3776-44b4-a97e-b78367310ff9" }, { "code": "Surveillance_02", "description": "Choisir les \u00e9v\u00e8nements \u00e0 journaliser en fonction du contexte, des supports (postes de travail, pare-feu, \u00e9quipements r\u00e9seau, serveurs, etc.), des risques et du cadre l\u00e9gal.", "uuid": "d62b121b-9365-40d8-8a56-2e2d542909ff" }, { "code": "Surveillance_03", "description": "Respecter les exigences du RGPD si les \u00e9v\u00e8nements journalis\u00e9s comprennent des donn\u00e9es \u00e0 caract\u00e8re personnel.", "uuid": "336df569-2369-4397-accd-2ec1886e00aa" }, { "code": "Surveillance_04", "description": "Proc\u00e9der p\u00e9riodiquement \u00e0 l'analyse des informations journalis\u00e9es, voire mettre en place un syst\u00e8me de d\u00e9tection automatique de signaux faibles.", "uuid": "2868de95-7bb9-46b7-8218-d9cc8424b72d" }, { "code": "Surveillance_05", "description": "Conserver les journaux d'\u00e9v\u00e8nements sur six mois, hors contraintes l\u00e9gales et r\u00e8glementaires particuli\u00e8res imposant des dur\u00e9es de conservation sp\u00e9cifiques.", "uuid": "2452fb02-3ec7-4f44-a0c0-d31a18542ed8" }, { "code": "Surveillance_06", "description": "[pare-feu] Mettre en place une politique de filtrage interdisant toute communication directe entre des postes internes et l'ext\u00e9rieur (ne permettre les connexions que via le pare-feu) et ne laisser passer que les flux explicitement autoris\u00e9s (blocage par le pare-feu de toute connexion sauf celles identifi\u00e9es comme n\u00e9cessaires).", "uuid": "4b4d6e38-4e83-4eba-903c-6bd0b21fcc3d" }, { "code": "Surveillance_07", "description": "[pare-feu] Journaliser toutes les connexions autoris\u00e9es r\u00e9ussies et toutes les tentatives de connexions rejet\u00e9es.", "uuid": "1c1b2da0-1208-490a-bf54-23155d261ae9" }, { "code": "Surveillance_08", "description": "[pare-feu] Exporter les journaux par un canal s\u00e9curis\u00e9 vers un serveur d\u00e9di\u00e9.", "uuid": "4b605778-2fd7-4fc7-969a-1c07218d63a9" }, { "code": "Surveillance_09", "description": "[\u00e9quipement r\u00e9seau] Journaliser l'activit\u00e9 sur chaque port d'un commutateur ou d'un routeur.", "uuid": "f9934676-6196-4d87-bf84-5e0a56d8e286" }, { "code": "Surveillance_10", "description": "[\u00e9quipement r\u00e9seau] Exporter les journaux vers un serveur d\u00e9di\u00e9 \u00e0 l'aide d'un client syslog int\u00e9gr\u00e9 ou via un flux netflow.", "uuid": "7916263f-fa8a-42f8-b9e1-479f5fe7365a" }, { "code": "Surveillance_11", "description": "[\u00e9quipement r\u00e9seau] Contr\u00f4ler la volum\u00e9trie en fonction des heures, ainsi que le respect des \u00e9ventuelles listes de contr\u00f4le d'acc\u00e8s (ACL : Access Control Lists) pour les routeurs.", "uuid": "8f5e385a-e9c5-458e-ad24-24e26f4e5e6d" }, { "code": "Surveillance_12", "description": "[serveur] Journaliser le maximum d'informations sur les requ\u00eates effectu\u00e9es par les clients sur les serveurs web dans le but d'identifier les d\u00e9fauts de configuration, les injections de requ\u00eates SQL, etc.", "uuid": "6b9f8abc-39fb-492e-bda4-0d8338cf3f46" }, { "code": "Surveillance_13", "description": "[serveur] Journaliser l'activit\u00e9 des usagers sur les serveurs proxy.", "uuid": "d288aca4-c9ee-407c-881f-1a5d5609536f" }, { "code": "Surveillance_14", "description": "[serveur] Journaliser l'ensemble des requ\u00eates qui sont faites aux serveurs DNS, qu'elles soient \u00e9mises par des internautes ou par des clients du r\u00e9seau interne.", "uuid": "b38b8e87-ef3d-4dac-bdb0-28e691a638e9" }, { "code": "Surveillance_15", "description": "[serveur] Journaliser les donn\u00e9es d'authentification horodat\u00e9es et la dur\u00e9e de chaque connexion sur les serveurs d'acc\u00e8s distant.", "uuid": "08d11510-f718-4575-b19a-abbd372d335d" }, { "code": "Surveillance_16", "description": "[serveur] Journaliser la r\u00e9ception et la gestion des messages sur les serveurs de messagerie.", "uuid": "da6e1b58-6d07-4c15-b45b-f8973043180c" }, { "code": "Tra\u00e7abilit\u00e9_01", "description": "Mettre en place un syst\u00e8me de journalisation applicative permettant de conserver une trace des acc\u00e8s et modifications de donn\u00e9es op\u00e9r\u00e9s par les utilisateurs et du moment o\u00f9 ils ont eu lieu.", "uuid": "a7560e7f-76b1-4833-9b9d-ed6eea38f8a9" }, { "code": "Tra\u00e7abilit\u00e9_02", "description": "Mettre en place une authentification des utilisateurs permettant d'assurer l'imputabilit\u00e9 des \u00e9v\u00e8nements journalis\u00e9s.", "uuid": "d1a26642-51f0-4dd9-8dde-3386af130a1d" }, { "code": "Tra\u00e7abilit\u00e9_03", "description": "Respecter les exigences du RGPD concernant les \u00e9v\u00e8nements journalis\u00e9s rattach\u00e9s \u00e0 un utilisateur identifi\u00e9.", "uuid": "f7920955-ae16-4502-8b24-e85186c4dfc0" }, { "code": "Tra\u00e7abilit\u00e9_04", "description": "Proc\u00e9der p\u00e9riodiquement \u00e0 l'analyse des informations journalis\u00e9es, voire mettre en place un syst\u00e8me de d\u00e9tection automatique de comportements anormaux.", "uuid": "b0cf4f33-d957-4e7f-b604-cc6983facce5" }, { "code": "Transferts hors UE_01", "description": "D\u00e9tailler le lieu g\u00e9ographique de stockage des diff\u00e9rentes donn\u00e9es du traitement.", "uuid": "69fdb9c2-df41-49d2-840f-7926f211ae6e" }, { "code": "Transferts hors UE_02", "description": "justifier le choix d'un h\u00e9bergement \u00e9loign\u00e9 et indiquer les modalit\u00e9s d'encadrement juridique mises en oeuvre afin d'assurer une protection ad\u00e9quate aux donn\u00e9es faisant l'objet d'un transfert transfrontalier.", "uuid": "a404e683-9464-4fd4-b98a-5d651684f8b5" } ], "version": 0 } 2020-01-28T22:30:31.543842+00:00 https://objects.monarc.lu/object/get/5122 COVID-19 2021-01-17T22:00:06.090833+00:00 MONARC { "a": true, "c": false, "code": "COVID-19", "description": "Corona virus", "i": false, "label": "Corona virus", "language": "EN", "theme": "Loss of essential services", "uuid": "1d5d4e81-1b8a-46eb-a00f-6c6d35ef816d" } 2020-03-11T10:26:30.162759+00:00 https://objects.monarc.lu/object/get/5123 Coronavirus: COVID-19 2021-01-17T22:00:06.090578+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "Preventive measures to avoid the contanination and to lower the impact of a contamination of an employee with COVID-19", "language": "EN", "refs": [ "https://gouvernement.lu/coronavirus" ], "uuid": "8e0715b2-192e-4535-b0cb-d62f71e33ce1", "values": [ { "code": "COVID-19_Rec-1", "description": "Wash your hands regularly and properly.", "importance": 3, "uuid": "43a89c13-8660-4ee4-83e5-98fda07031cf" }, { "code": "COVID-19_Rec-2", "description": "Do you cough or sneeze? Do it in a tissue or in the crease of the elbow. Throw the tissue in a bin with a lid.", "importance": 3, "uuid": "6031a6a6-f840-4e9a-8487-c8ac7d63db9f" }, { "code": "COVID-19_Rec-3", "description": "Avoid shaking hands or kissing.", "importance": 3, "uuid": "9dc7bc8f-5433-4518-8261-a00ec0c8fd6a" }, { "code": "COVID-19_Rec-4", "description": "Avoid close contact with sick people (keep a distance of at least 2 meters).", "importance": 3, "uuid": "5e9f15cb-cf84-44b7-8388-d7c063e45eff" }, { "code": "COVID-19_Rec-5", "description": "Stay home if you are sick. Don't go to work!", "importance": 3, "uuid": "b505aa3e-369f-49e4-b65a-3a8c0f2d3ce2" }, { "code": "COVID-19_Rec-6", "description": "Avoid touching your face with your hands as much as possible.", "importance": 3, "uuid": "880e6e99-c4a1-4f5f-82f8-41c6609a7ff1" }, { "code": "COVID-19_Rec-7", "description": "Keep up-to-date documentation of workflows.", "importance": 3, "uuid": "67bbd888-c5d7-4ccb-804a-befee66eea49" }, { "code": "COVID-19_Rec-8", "description": "Regularly train employees in order to prevent single point of failure.", "importance": 3, "uuid": "69fd1d1c-c848-4c0b-b3d9-92e9b03984a4" } ], "version": 1 } 2020-03-11T10:26:30.168156+00:00 https://objects.monarc.lu/object/get/5126 MITRE ATT&CK - Mobile Mitigations 2021-01-17T22:00:06.090059+00:00 MONARC { "authors": [ "MITRE ATT&CK\u00ae" ], "label": "MITRE ATT&CK - Mobile Mitigations", "language": "EN", "refs": [ "https://attack.mitre.org/mitigations/mobile/" ], "uuid": "f3caa83b-28fb-49fd-b7ad-6e4cd1aaad07", "values": [ { "code": "M1013 - Application Developer Guidance", "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.", "importance": 0, "uuid": "90624dfc-21b6-4172-8848-a4042860656b" }, { "code": "M1005 - Application Vetting", "description": "Enterprises can vet applications for exploitable vulnerabilities or unwanted (privacy-invasive or malicious) behaviors. Enterprises can inspect applications themselves or use a third-party service.", "importance": 0, "uuid": "7fd9df45-7351-420c-8116-57d48fa23c40" }, { "code": "M1002 - Attestation", "description": "Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.", "importance": 0, "uuid": "5617161e-a40d-461a-ae8e-6a0650392e3a" }, { "code": "M1007 - Caution with Device Administrator Access", "description": "Warn device users not to accept requests to grant Device Administrator access to applications without good reason.", "importance": 0, "uuid": "63138250-3821-45f3-a820-55d0ffa30367" }, { "code": "M1010 - Deploy Compromised Device Detection Method", "description": "A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.", "importance": 0, "uuid": "6501d616-1a60-4b38-a40a-847ad5d28058" }, { "code": "M1009 - Encrypt Network Traffic", "description": "Application developers should encrypt all of their application network traffic using the Transport Layer Security (TLS) protocol to ensure protection of sensitive data and deter network-based attacks. If desired, application developers could perform message-based encryption of data before passing it for TLS encryption.", "importance": 0, "uuid": "c591b8fd-5f57-4064-b5c5-f0acd38ae41f" }, { "code": "M1012 - Enterprise Policy", "description": "An enterprise mobility management (EMM), also known as mobile device management (MDM), system can be used to provision policies to mobile devices to control aspects of their allowed behavior.", "importance": 0, "uuid": "b141135f-2c2f-4588-9d4c-6c7abd243e23" }, { "code": "M1014 - Interconnection Filtering", "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests.", "importance": 0, "uuid": "6066f816-7914-4228-96b6-155f4501d70c" }, { "code": "M1003 - Lock Bootloader", "description": "On devices that provide the capability to unlock the bootloader (hence allowing any operating system code to be flashed onto the device), perform periodic checks to ensure that the bootloader is locked.", "importance": 0, "uuid": "148c35e1-7837-42a2-9884-4e475a48e6a3" }, { "code": "M1001 - Security Updates", "description": "Install security updates in response to discovered vulnerabilities.", "importance": 0, "uuid": "057adb3d-1eeb-4f04-a9c6-c08b514bc785" }, { "code": "M1004 - System Partition Integrity", "description": "Ensure that Android devices being used include and enable the Verified Boot capability, which cryptographically ensures the integrity of the system partition.", "importance": 0, "uuid": "daa42611-836d-464e-aab5-80d41da314cf" }, { "code": "M1006 - Use Recent OS Version", "description": "New mobile operating system versions bring not only patches against discovered vulnerabilities but also often bring security architecture improvements that provide resilience against potential vulnerabilities or weaknesses that have not yet been discovered. They may also bring improvements that block use of observed adversary techniques.", "importance": 0, "uuid": "f4bbe273-dc6c-4b5d-8c66-286effded2c7" }, { "code": "M1011 - User Guidance", "description": "Describes any guidance or training given to users to set particular configuration settings or avoid specific potentially risky behaviors.", "importance": 0, "uuid": "8f023e31-b83d-4323-ba0e-888ec025b35f" } ], "version": 6.3 } 2020-05-27T09:54:06.727943+00:00 https://objects.monarc.lu/object/get/5125 MITRE ATT&CK - Enterprise Mitigations 2021-01-17T22:00:06.089144+00:00 MONARC { "authors": [ "MITRE ATT&CK\u00ae" ], "label": "MITRE ATT&CK - Enterprise Mitigations", "language": "EN", "refs": [ "https://attack.mitre.org/mitigations/enterprise/" ], "uuid": "355a1506-4d46-4ace-a044-234ba5cc00e4", "values": [ { "code": "M1036 - Account Use Policies", "description": "Configure features related to account use like login attempt lockouts, specific login times, etc.", "importance": 0, "uuid": "5fc7d0fc-e28d-4f7a-a403-7e7bdda88e0d" }, { "code": "M1015 - Active Directory Configuration", "description": "Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.", "importance": 0, "uuid": "4aa9409f-bf4c-43c4-985b-a1435854c378" }, { "code": "M1049 - Antivirus/Antimalware", "description": "Use signatures or heuristics to detect malicious software.", "importance": 0, "uuid": "26347771-8c53-40f8-8416-de6ebce40d52" }, { "code": "M1013 - Application Developer Guidance", "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.", "importance": 0, "uuid": "a45f1b4e-169a-4ce9-b1a8-aa3a06eda460" }, { "code": "M1048 - Application Isolation and Sandboxing", "description": "Restrict execution of code to a virtual environment on or in transit to an endpoint system.", "importance": 0, "uuid": "b01fca12-12d0-498b-a2ea-d6d526094393" }, { "code": "M1047 - Audit", "description": "Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.", "importance": 0, "uuid": "fe0afbce-14d2-4fc0-b9d9-0ded2d2d46bf" }, { "code": "M1040 - Behavior Prevention on Endpoint", "description": "Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.", "importance": 0, "uuid": "2d4bd512-601b-428d-8c96-93eb0f8ab270" }, { "code": "M1046 - Boot Integrity", "description": "Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.", "importance": 0, "uuid": "7b98e144-2052-4365-a644-e439dd0b50f3" }, { "code": "M1045 - Code Signing", "description": "Enforce binary and application integrity with digital signature verification to prevent untrusted code from executing.", "importance": 0, "uuid": "b1bf2dc7-78a8-42d5-8912-3aff922f2c53" }, { "code": "M1043 - Credential Access Protection", "description": "Use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping.", "importance": 0, "uuid": "645905d3-2e47-45e8-b61d-35ee230d162c" }, { "code": "M1053 - Data Backup", "description": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.", "importance": 0, "uuid": "f687063a-4811-4782-9e6d-47368554818c" }, { "code": "M1042 - Disable or Remove Feature or Program", "description": "Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.", "importance": 0, "uuid": "479cf2d6-6772-4b07-9e3d-748c3c64acdd" }, { "code": "M1055 - Do Not Mitigate", "description": "This category is to associate techniques that mitigation might increase risk of compromise and therefore mitigation is not recommended.", "importance": 0, "uuid": "a5927ec6-60da-4367-8e4e-a6db261c2433" }, { "code": "M1041 - Encrypt Sensitive Information", "description": "Protect sensitive information with strong encryption.", "importance": 0, "uuid": "5c4c5b69-fc94-4922-b9a3-c7a621faaca8" }, { "code": "M1039 - Environment Variable Permissions", "description": "Prevent modification of environment variables by unauthorized users and groups.", "importance": 0, "uuid": "2ffd3b45-aa5f-4363-a6e9-c9c8dec111b6" }, { "code": "M1038 - Execution Prevention", "description": "Block execution of code on a system through application whitelisting, blacklisting, and/or script blocking.", "importance": 0, "uuid": "4d4ea32d-ec56-4eba-b22a-0ef3a1946a21" }, { "code": "M1050 - Exploit Protection", "description": "Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.", "importance": 0, "uuid": "25a8c89c-382f-4431-87ea-3b886e07c1ab" }, { "code": "M1037 - Filter Network Traffic", "description": "Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.", "importance": 0, "uuid": "c50e3dd7-d87b-498c-892c-d0683c38b1e1" }, { "code": "M1035 - Limit Access to Resource Over Network", "description": "Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.", "importance": 0, "uuid": "bb516ce1-5241-428b-ad41-ef292ef4b691" }, { "code": "M1034 - Limit Hardware Installation", "description": "Block users or groups from installing or using unapproved hardware on systems, including USB devices.", "importance": 0, "uuid": "ac4469fb-cfa0-4979-8a0e-d5137e1cf750" }, { "code": "M1033 - Limit Software Installation", "description": "Block users or groups from installing unapproved software.", "importance": 0, "uuid": "cdddeaa0-0ff7-4dda-8d8d-2836bd65862f" }, { "code": "M1032 - Multi-factor Authentication", "description": "Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.", "importance": 0, "uuid": "65bcbe9f-e7cb-4262-b5d4-dddc79bb4740" }, { "code": "M1031 - Network Intrusion Prevention", "description": "Use intrusion detection signatures to block traffic at network boundaries.", "importance": 0, "uuid": "cd1c61bb-0655-4d10-93a8-4f19fe409802" }, { "code": "M1030 - Network Segmentation", "description": "Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network.", "importance": 0, "uuid": "992b2dff-d6d5-4af8-adf6-e05a21c48fcb" }, { "code": "M1028 - Operating System Configuration", "description": "Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques.", "importance": 0, "uuid": "33242a01-d66e-4361-9cd0-6c84e5ed405a" }, { "code": "M1027 - Password Policies", "description": "Set and enforce secure password policies for accounts.", "importance": 0, "uuid": "87f7ae7d-d7af-40e5-8e26-ed046e49ecec" }, { "code": "M1026 - Privileged Account Management", "description": "Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.", "importance": 0, "uuid": "237dc8eb-d3e8-4561-80c9-d6c10f3101dd" }, { "code": "M1025 - Privileged Process Integrity", "description": "Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures.", "importance": 0, "uuid": "4f82cb16-f43a-4032-bebb-63e901dc669d" }, { "code": "M1029 - Remote Data Storage", "description": "Use remote security log and sensitive file storage where access can be controlled better to prevent exposure of intrusion detection log data or sensitive information.", "importance": 0, "uuid": "cb442fee-310a-4bd4-a5ac-0607a1132d80" }, { "code": "M1022 - Restrict File and Directory Permissions", "description": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.", "importance": 0, "uuid": "556d2fa4-ec80-4012-8d42-cf2aa003883c" }, { "code": "M1044 - Restrict Library Loading", "description": "Prevent abuse of library loading mechanisms in the operating system and software to load untrusted code by configuring appropriate library loading mechanisms and investigating potential vulnerable software.", "importance": 0, "uuid": "81ff3e62-c8a5-437d-90af-a90a77a7240b" }, { "code": "M1024 - Restrict Registry Permissions", "description": "Restrict the ability to modify certain hives or keys in the Windows Registry.", "importance": 0, "uuid": "4a464358-5cb8-471b-8f42-b222cff6ee23" }, { "code": "M1021 - Restrict Web-Based Content", "description": "Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.", "importance": 0, "uuid": "0874d800-bded-4bd1-a5a8-d68f83db734e" }, { "code": "M1054 - Software Configuration", "description": "Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.", "importance": 0, "uuid": "7a99e33f-0fb4-487a-b965-f19d7c6d0977" }, { "code": "M1020 - SSL/TLS Inspection", "description": "Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.", "importance": 0, "uuid": "e4cf1546-a2cb-4d8d-8bd2-a88bd60b2fb4" }, { "code": "M1019 - Threat Intelligence Program", "description": "A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities to mitigate risk.", "importance": 0, "uuid": "1af3aa74-5d49-4285-a9d1-a15cc9fb84b9" }, { "code": "M1051 - Update Software", "description": "Perform regular software updates to mitigate exploitation risk.", "importance": 0, "uuid": "541d848f-2672-42f6-be1c-6b1b0f76100e" }, { "code": "M1052 - User Account Control", "description": "Configure Windows User Account Control to mitigate risk of adversaries obtaining elevated process access.", "importance": 0, "uuid": "3d3be1de-7d06-4f89-a8a5-c73e06384f4d" }, { "code": "M1018 - User Account Management", "description": "Manage the creation, modification, use, and permissions associated to user accounts.", "importance": 0, "uuid": "8d1fcda5-0e35-43c8-aab5-2b2bebf97c4c" }, { "code": "M1017 - User Training", "description": "Train users to to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.", "importance": 0, "uuid": "9e318f0b-0864-4150-a50c-6e1118dd69e7" }, { "code": "M1016 - Vulnerability Scanning", "description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.", "importance": 0, "uuid": "406160f2-9c33-44c2-b1d2-852478fe050d" } ], "version": 6.3 } 2020-05-27T09:54:30.422956+00:00 https://objects.monarc.lu/object/get/5128 PSDC v3.1 2021-01-17T22:00:06.087593+00:00 Numen Europe { "authors": [ "Hanna Lteif" ], "label": "PSDC v3.1", "language": "FR", "refs": [ "http://legilux.public.lu/eli/etat/leg/rgd/2017/09/21/a865/jo" ], "uuid": "55e7e3f0-2e59-491e-bc92-349a4bc3922a", "values": [ { "category": "Politiques de s\u00e9curit\u00e9 de l\u2019information", "code": "5.2.1", "label": "Politiques de d\u00e9mat\u00e9rialisation ou de conservation", "uuid": "8e43a8eb-7868-49d2-a629-5b2b166c86ca" }, { "category": "Politiques de s\u00e9curit\u00e9 de l\u2019information", "code": "5.2.2", "label": "Revue de la politique de d\u00e9mat\u00e9rialisation ou de conservation", "uuid": "207cc214-1938-4ae4-b69f-5123d07dab2e" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l\u2019information et des processus de d\u00e9mat\u00e9rialisation ou de conservation", "code": "6.1.1", "label": "Fonctions et responsabilit\u00e9s li\u00e9es \u00e0 la s\u00e9curit\u00e9 de l\u2019information et aux processus de d\u00e9mat\u00e9rialisation ou de conservation", "uuid": "f5594a4a-5c9d-4fc3-bb67-2283e952a611" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l\u2019information et des processus de d\u00e9mat\u00e9rialisation ou de conservation", "code": "6.1.2", "label": "S\u00e9paration des t\u00e2ches", "uuid": "709b7236-5268-4b71-bff8-ed505f2376ef" }, { "category": "Organisation de la s\u00e9curit\u00e9 de l\u2019information et des processus de d\u00e9mat\u00e9rialisation ou de conservation", "code": "6.1.5", "label": "La s\u00e9curit\u00e9 de l\u2019information dans la gestion de projet", "uuid": "1b5cc8d6-a9e4-4b0a-b9c5-aad0b7d75021" }, { "category": "Organisation interne sp\u00e9cifique aux processus de d\u00e9mat\u00e9rialisation et de conservation", "code": "6.3.1", "label": "V\u00e9rification des documents num\u00e9riques apr\u00e8s d\u00e9mat\u00e9rialisation", "uuid": "4ecb54b0-a6aa-46a3-b674-c63665500274" }, { "category": "Organisation interne sp\u00e9cifique aux processus de d\u00e9mat\u00e9rialisation et de conservation", "code": "6.3.2", "label": "Principes du double contr\u00f4le pour la modification ou la suppression d\u2019archives num\u00e9riques", "uuid": "07527027-5eb4-4665-806e-da4082725ae6" }, { "category": "Organisation interne sp\u00e9cifique aux processus de d\u00e9mat\u00e9rialisation et de conservation", "code": "6.3.3", "label": "Gestion des preuves", "uuid": "16d1b645-7d5f-488e-9fb0-52b652a98ebd" }, { "category": "Organisation interne sp\u00e9cifique aux processus de d\u00e9mat\u00e9rialisation et de conservation", "code": "6.3.4", "label": "Relations avec l\u2019autorit\u00e9 nationale", "uuid": "772fa867-6fe2-4762-80ff-4757a853eb0a" }, { "category": "Organisation des processus de d\u00e9mat\u00e9rialisation et de conservation impliquant les clients", "code": "6.4.1", "label": "La s\u00e9curit\u00e9 dans les accords avec le client", "uuid": "b63f36e1-1a08-4734-be65-c16eed4b93c3" }, { "category": "Organisation des processus de d\u00e9mat\u00e9rialisation et de conservation impliquant les clients", "code": "6.4.2", "label": "Obligation d\u2019information pr\u00e9alable du client", "uuid": "adec2acd-23ff-445a-baf6-e36be8671b28" }, { "category": "Organisation des processus de d\u00e9mat\u00e9rialisation et de conservation impliquant les clients", "code": "6.4.3", "label": "Classification des actifs du client", "uuid": "3c58a881-25f1-431e-90ae-790e83d4c5f0" }, { "category": "Organisation des processus de d\u00e9mat\u00e9rialisation et de conservation impliquant les clients", "code": "6.4.4", "label": "Obligation d\u2019information du client en cas de changements ou d\u2019incidents", "uuid": "37a57686-d05b-45bb-a030-9a6d35bd5002" }, { "category": "La s\u00e9curit\u00e9 des ressources humaines", "code": "7.2.4", "label": "Ebgagement vers les politiques", "uuid": "888cbcc3-6db0-449d-b5c7-dca7ebdfdde8" }, { "category": "Gestion des actifs", "code": "8.1.1", "label": "Inventaire des actifs", "uuid": "7e63016d-60c1-4ed3-958b-eeaa0e7e3099" }, { "category": "Gestion des actifs", "code": "8.1.2", "label": "propri\u00e9t\u00e9 des actifs", "uuid": "eabe1c39-d9c4-4b02-b0ff-3ad77d5b7c5f" }, { "category": "Gestion des actifs", "code": "8.1.4", "label": "Cloisonnement d\u2019informations secr\u00e8tes ou d\u2019informations \u00e0 caract\u00e8re personnel", "uuid": "eabefd09-b554-4532-91cd-8fc2e8b833c6" }, { "category": "Gestion des actifs", "code": "8.2.1", "label": "Classification des informations", "uuid": "a0709511-2e99-4d95-9aa6-82e00187873d" }, { "category": "Gestion des actifs", "code": "8.3.2", "label": "Mise au rebut des supports", "uuid": "81bbde74-7809-423f-b1c6-fb210d9b2831" }, { "category": "Contr\u00f4le d\u2019acc\u00e8s", "code": "9.1.3", "label": "S\u00e9gr\u00e9gation effective li\u00e9e aux droits d\u2019acc\u00e8s", "uuid": "e4ebc3c1-2af0-421b-a236-282d05ff7c21" }, { "category": "Cryptographie", "code": "10.1.1", "label": "Politique d\u2019utilisation des mesures cryptographiques", "uuid": "2e5831fd-4a0e-4fc9-9cc8-2d1a3c8ef32b" }, { "category": "Cryptographie", "code": "10.1.3", "label": "Authentification \u00e0 deux facteurs", "uuid": "a137ffa1-0e21-4bfd-8644-ef2682abcfb4" }, { "category": "Cryptographie", "code": "10.1.4", "label": "Protection de l\u2019int\u00e9grit\u00e9 des documents num\u00e9riques ou des archives num\u00e9riques", "uuid": "6063d1ac-0e2b-4a13-be79-c27515f2f28c" }, { "category": "Cryptographie", "code": "10.1.5", "label": "Protection de l\u2019int\u00e9grit\u00e9 des documents internes", "uuid": "fc7f5063-c38b-43f9-8b76-329b15348c90" }, { "category": "Cryptographie", "code": "10.1.6", "label": "Signature \u00e9lectroniques des documents internes", "uuid": "efa37bfd-f020-4618-aa48-b1837a0bb09c" }, { "category": "Cryptographie", "code": "10.1.7", "label": "Protection des transmissions de documents", "uuid": "e6a856e3-0e7c-46bb-8be0-4f5cdaaa4f79" }, { "category": "Cyptographie", "code": "10.1.8", "label": "Conservation des signatures \u00e9lectroniques", "uuid": "a9ac69a6-c0f5-442c-962f-31958e490084" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.1.7", "label": "Accompagnement des visiteurs", "uuid": "906b78b1-b7ac-4bfa-8cd1-ad614c743f76" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.1", "label": "Emplacement et protection du mat\u00e9riel", "uuid": "246fcd93-d57e-4ca8-bf13-e8dfdd4c18d2" }, { "category": "S\u00e9curit\u00e9 physique et environnementale", "code": "11.2.5", "label": "Sortie des actifs", "uuid": "a0c72242-6a8f-47b8-afbb-6b910b13839f" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.1.5", "label": "Proc\u00e9dures d\u2019exploitation du SDC", "uuid": "47768649-7edc-4141-acc7-b185907415f6" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.1", "label": "Journalisation des \u00e9v\u00e9nements", "uuid": "e1eff0a9-af59-4fb9-94d6-52aae25f99d0" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.3", "label": "Journaux administrateur et op\u00e9rateur", "uuid": "43431fb4-c6c1-43ed-9957-d051d5c193ca" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.4", "label": "Synchronisation des horloges", "uuid": "d837858b-fe56-4eab-8f5b-2dac6cacd965" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.4.5", "label": "Exploitabilit\u00e9 des journaux d\u2019\u00e9v\u00e9nements", "uuid": "1203c306-3c05-4f10-a410-916b0ed57d6d" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.8.1", "label": "Ad\u00e9quation du SDC", "uuid": "ea5928b6-649f-48f1-9e83-c9dedc654ec4" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.8.2", "label": "Description d\u00e9taill\u00e9e du SDC", "uuid": "77191554-8851-4914-834c-1416675d78f6" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.8.3", "label": "M\u00e9canismes de s\u00e9curit\u00e9 du SDC", "uuid": "51265af3-b83f-4680-b0c4-5d70dce3d587" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.8.4", "label": "Supervision des aspects op\u00e9rationnels du SDC", "uuid": "f54019e3-657e-448c-8a0c-8a6ba35de3c3" }, { "category": "S\u00e9curit\u00e9 li\u00e9e \u00e0 l'exploitation", "code": "12.8.5", "label": "Contr\u00f4le r\u00e9gulier de l'int\u00e9grit\u00e9 du SDC", "uuid": "66d8e041-cba3-4536-a1f2-5838f18bfacb" }, { "category": "Acquisition, d\u00e9veloppement et maintenance des syst\u00e8mes d'information", "code": "14.1.1", "label": "Analyse et sp\u00e9cification des exigences de s\u00e9curit\u00e9 de l\u2019information", "uuid": "90351cfa-b8a9-4eba-ad0d-e27b833194d8" }, { "category": "Relation avec les fournisseurs", "code": "15.1.4", "label": "Conditions contractuelles pour les fournisseurs intervenant dans le processus de d\u00e9mat\u00e9rialisation et de conservation", "uuid": "2c78971f-9f0b-4730-aecd-5b4fc391e70b" }, { "category": "Gestion des incidents li\u00e9s \u00e0 la s\u00e9curit\u00e9 de l'information", "code": "16.1.1", "label": "Responsabilit\u00e9s et proc\u00e9dures", "uuid": "1f8e8865-032c-4d61-9de1-c7b1a6dd3088" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.3.1", "label": "Organisation de la continuit\u00e9", "uuid": "7b2684cf-881c-48b7-9536-677af7b8b7db" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.3.2", "label": "Mise en oeuvre de la continuit\u00e9", "uuid": "02de269b-c745-4d6f-8e66-0464e50a2ca7" }, { "category": "Aspects de la s\u00e9curit\u00e9 de l'information dans la gestion de la continuit\u00e9 de l'activit\u00e9", "code": "17.3.3", "label": "V\u00e9rifier, revoir et \u00e9valuer la continuit\u00e9", "uuid": "8f87dd7a-c913-40c3-8297-9f48bd3df13a" }, { "category": "Conformit\u00e9", "code": "18.1.3", "label": "Protection des enregistrements", "uuid": "00d8f557-b34d-4c81-be8d-d3e2caeb8761" }, { "category": "Conformit\u00e9", "code": "18.2.4", "label": "Revue ind\u00e9pendante de la conformit\u00e9 du syst\u00e8me et des processus de d\u00e9mat\u00e9rialisation ou de conservation", "uuid": "e3d48bd2-a585-4f7d-9fa6-438a7f81716b" }, { "category": "Conformit\u00e9", "code": "18.2.5", "label": "Revue ind\u00e9pendante de la s\u00e9curit\u00e9 du SDC", "uuid": "7bbfec44-526b-457a-aee5-3ba2c336a5a8" } ], "version": 1, "version_ext": "PSDC" } 2020-09-22T06:23:51.957824+00:00 https://objects.monarc.lu/object/get/5130 DNS queries 2021-01-17T22:00:06.086613+00:00 CIRCL { "description": "DNS queries extracted from the network captures of a distributed set of honeypots.", "frequency": "daily", "human-validated": false, "license": "CC-BY-4.0", "machine-validated": true, "producer": "https://www.circl.lu/", "source": [ "honeybot-1234", "honeybot-1235" ], "subtitle": "Extracted DNS queries from a set of distributed honeypots", "tags": [ "honeypot-basic:interaction-level=\"none\"", "honeypot-basic:data-capture=\"network-capture\"", "tlp:white" ], "time-precision": "seconds", "title": "DNS queries" } 2020-09-22T12:07:04.587575+00:00 https://objects.monarc.lu/object/get/57 Use of a standard operating system on which logical attacks have already been carried out 2021-01-17T22:00:06.086419+00:00 MONARC { "code": "102", "description": "", "label": "Use of a standard operating system on which logical attacks have already been carried out", "mode": 0, "uuid": "69fbfed1-4591-11e9-9173-0800277f0571" } 2020-12-16T12:15:59.834857+00:00 https://objects.monarc.lu/object/get/5139 Internet of Things - IoT [EN] 2021-01-17T22:00:06.084612+00:00 MONARC { "object": { "asset": { "amvs": [], "asset": { "code": "CONT", "description": "Asset container", "label": "Container", "language": "EN", "type": "Primary", "uuid": "d2023c8f-44d1-11e9-a78c-0800277f0571", "version": 0 }, "measures": [], "threats": [], "vuls": [] }, "children": [ { "asset": { "amvs": [ { "asset": "4447ebac-6831-4617-a653-4aedfe235faf", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "26c8f378-14a7-4dda-885e-4e371ce0ed99", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_ACTUATORS", "description": "", "label": "IoT - Actuators", "language": "EN", "type": "Secondary", "uuid": "4447ebac-6831-4617-a653-4aedfe235faf", "version": 0 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", "i": true, "label": "Data from untrustworthy sources", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "The system allows information to be sent and received without authentication of the senders or recipients", "language": "EN", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Actuator", "language": "EN", "name": "Actuator", "scope": "local", "uuid": "5581f4e4-75ea-4fe0-ac43-a4d8311ab6bf", "version": 0 } }, { "asset": { "amvs": [ { "asset": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "threat": "b402d5af-4576-11e9-9173-0800277f0571", "uuid": "d1140297-6b68-4ccf-9716-665c0b3d4306", "vulnerability": "69fc0555-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_DEVICE", "description": "", "label": "IoT - Physical part of the IoT", "language": "EN", "type": "Secondary", "uuid": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MD36", "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.", "i": false, "label": "Theft or destruction of media, documents or equipment", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5af-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1183", "description": "Can unauthorised persons access information without physical barriers?Is it easy to access? Are the premises public? Is there a passage or corridor nearby?", "label": "Persons without a service reason can gain access", "language": "EN", "mode": 0, "uuid": "69fc0555-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Device", "language": "EN", "name": "Device", "scope": "local", "uuid": "59617857-43b1-4660-b571-3f75fa22a1ae", "version": 0 } }, { "asset": { "amvs": [ { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb547-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5ea-4576-11e9-9173-0800277f0571", "uuid": "7f9fb55e-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0627-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb58d-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "d2522441-1a7b-456f-8b4b-8f2d6b586632", "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_MAINTENANCE", "description": "Software maintenance", "label": "Software maintenance", "language": "EN", "type": "Secondary", "uuid": "d2023de2-44d1-11e9-a78c-0800277f0571", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MA15", "description": "Design error, installation error or operating error committed during modification causing incorrect execution.", "i": true, "label": "Software malfunction", "language": "EN", "theme": "Technical failures", "uuid": "b402d513-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA17", "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.", "i": true, "label": "Abuse of rights", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA13", "description": "Unwanted software that is doing operations seeking to harm the company.", "i": true, "label": "Malware infection", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1172", "description": "Are there formal contractual agreements with the main third parties?Are there intervention rules? People's names? Timeframes?", "label": "No SLAs with third parties (internal or external)", "language": "EN", "mode": 0, "uuid": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "code": "1224", "description": "Link permanently maintainedUnencrypted exchangesNo record", "label": "The supplier does not manage remote maintenance properly", "language": "EN", "mode": 0, "uuid": "69fc0627-4591-11e9-9173-0800277f0571" }, { "code": "1213", "description": "Is change management for software or the IT system correct?Is there planning for changes? Cost estimates? Tests before production begins?", "label": "Problems in change management or software maintenance", "language": "EN", "mode": 0, "uuid": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "code": "1178", "description": "Is there a procedure? Is it formal?How frequently is it implemented? Who is in charge?Are tests performed? Before? After?", "label": "Update management (patches) is flawed", "language": "EN", "mode": 0, "uuid": "69fc051f-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Operating system", "language": "EN", "name": "Operating system", "scope": "local", "uuid": "4b31e8dd-24d8-4780-aa62-d5f4fff53760", "version": 0 } }, { "asset": { "amvs": [ { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d5df-4576-11e9-9173-0800277f0571", "uuid": "02c8ec95-756a-447b-916b-312b29c2e43c", "vulnerability": "69fc0101-4591-11e9-9173-0800277f0571" }, { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "4896c568-6eb2-4454-9d80-bad8f8106a0f", "vulnerability": "69fc0952-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_NETWORK_INTERFACE", "description": "IoT - Network interface", "label": "IoT - Interface r\u00e9seau", "language": "EN", "type": "Secondary", "uuid": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MDA16", "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.", "i": false, "label": "Saturation of the information system", "language": "EN", "theme": "Technical failures", "uuid": "b402d5df-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", "i": false, "label": "Eavesdropping", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1070", "description": "", "label": "Incorrect sizing of resources (e.g. too many users for the number of connections possible and the passband)", "language": "EN", "mode": 0, "uuid": "69fc0101-4591-11e9-9173-0800277f0571" }, { "code": "210", "description": "", "label": "Equipment with a communication interface that can be eavesdropped (infrared, 802.11, Bluetooth, etc.)", "language": "EN", "mode": 0, "uuid": "69fc0952-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Communication interface", "language": "EN", "name": "Communication interface", "scope": "local", "uuid": "926e6d32-9bca-4675-b817-b572f5947072", "version": 0 } }, { "asset": { "amvs": [ { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d5c9-4576-11e9-9173-0800277f0571", "uuid": "5cf11c67-0843-4dec-bb0e-c649d97a2bc4", "vulnerability": "69fc057e-4591-11e9-9173-0800277f0571" }, { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d620-4576-11e9-9173-0800277f0571", "uuid": "a162b328-c313-4464-80ba-f1db359d7655", "vulnerability": "69fc0f0d-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_STORAGE_LOCAL", "description": "", "label": "IoT - Local Storage", "language": "EN", "type": "Secondary", "uuid": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "version": 0 }, "measures": [], "threats": [ { "a": false, "c": true, "code": "MDA12", "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.", "i": false, "label": "Retrieval of recycled or discarded media", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" }, { "a": true, "c": false, "code": "MDA29", "description": "Event causing destruction of equipment or media.", "i": false, "label": "Destruction of equipment or supports", "language": "EN", "theme": "Physical damage", "uuid": "b402d620-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1191", "description": "Is there a formal procedure?Is it followed?Is the disposal line correct?", "label": "Disposal is not carried out properly", "language": "EN", "mode": 0, "uuid": "69fc057e-4591-11e9-9173-0800277f0571" }, { "code": "283", "description": "", "label": "No back-up of data contained on the media", "language": "EN", "mode": 0, "uuid": "69fc0f0d-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Local storage", "language": "EN", "name": "Local storage", "scope": "local", "uuid": "7da319ff-851c-414f-bb76-50cfc48254b5", "version": 0 } }, { "asset": { "amvs": [ { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d4e0-4576-11e9-9173-0800277f0571", "uuid": "1631becd-9756-46f3-b23d-a3d93bac3fab", "vulnerability": "69fc0515-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb735-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb74c-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb763-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb77a-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc061d-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d58f-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7a9-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc1924-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7ca-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0560-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_LOGICIEL", "description": "Business application", "label": "Software", "language": "EN", "type": "Secondary", "uuid": "d2023dd3-44d1-11e9-a78c-0800277f0571", "version": 0 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MA11", "description": "A person commits an operating error, input error or utilisation error on hardware or software.", "i": true, "label": "Error in use", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d4e0-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MDA20", "description": "Person who voluntarily or negligently disclosure information.", "i": false, "label": "Disclosure", "language": "EN", "theme": "Compromise of information", "uuid": "b402d600-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MD14", "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.", "i": true, "label": "Forging of rights", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d530-4576-11e9-9173-0800277f0571" }, { "a": false, "c": false, "code": "MD24", "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation.", "i": true, "label": "Denial of actions", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d58f-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", "i": false, "label": "Eavesdropping", "language": "EN", "theme": "Compromise of functions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1177", "description": "Does the software's design cause users problems?Is it complicated to understand or use?Does training or adaptation take a long time? Are there any known errors?", "label": "Tools or programs are not adapted for use or are not ergonomic", "language": "EN", "mode": 0, "uuid": "69fc0515-4591-11e9-9173-0800277f0571" }, { "code": "1168", "description": "Are all authorisations granted in compliance with this principle?", "label": "The need-to-know principle is not respected", "language": "EN", "mode": 0, "uuid": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "code": "1166", "description": "Is there a formal procedure?Who authorises access?Is the four-eyes principle followed?", "label": "Authorisation management is flawed", "language": "EN", "mode": 0, "uuid": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "code": "1167", "description": "Is there a password policy?Are there good practices (length, complexity, change, etc.)?Is there one account per person?Are there shared accounts?", "label": "User authentication is not ensured", "language": "EN", "mode": 0, "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "code": "1221", "description": "Can data be exported?Also in a structured format (XLS, CSV, XML, etc.)?", "label": "User rights allow information to be exported", "language": "EN", "mode": 0, "uuid": "69fc061d-4591-11e9-9173-0800277f0571" }, { "code": "50", "description": "Are there logs?Are they sufficient in terms of the checks to be carried out?", "label": "No storage of activity tracks", "language": "EN", "mode": 0, "uuid": "69fc1924-4591-11e9-9173-0800277f0571" }, { "code": "1184", "description": "Is the method of communication encrypted?Could third parties access the method of communication?", "label": "Use of an unsecured method of communication", "language": "EN", "mode": 0, "uuid": "69fc0560-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Application", "language": "EN", "name": "Application", "scope": "local", "uuid": "cbfb813a-3e9c-415c-9ece-9c2bd7c781b7", "version": 0 } }, { "asset": { "amvs": [ { "asset": "fa281f62-931c-47dd-82b6-976e543a2168", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "15715227-f575-462b-b467-236532cddbb6", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_SENSORS", "description": "", "label": "IoT - Sensor", "language": "EN", "type": "Secondary", "uuid": "fa281f62-931c-47dd-82b6-976e543a2168", "version": 0 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", "i": true, "label": "Data from untrustworthy sources", "language": "EN", "theme": "Compromise of information", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "The system allows information to be sent and received without authentication of the senders or recipients", "language": "EN", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Sensor", "language": "EN", "name": "Sensor", "scope": "local", "uuid": "e1473c38-42fc-4124-8b66-595ed18c1db2", "version": 0 } } ], "object": { "label": "IoT", "language": "EN", "name": "IoT", "scope": "local", "uuid": "0ceec4ea-73c0-4055-bcf1-819346ffdd0b", "version": 0 } } } 2020-12-18T16:00:09.223263+00:00 https://objects.monarc.lu/object/get/5138 Internet des Objets - IoT [FR] 2021-01-17T22:00:06.081749+00:00 MONARC { "object": { "asset": { "amvs": [], "asset": { "code": "CONT", "description": "Conteneur d'actifs", "label": "Conteneur", "language": "FR", "type": "Primary", "uuid": "d2023c8f-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [], "vuls": [] }, "children": [ { "asset": { "amvs": [ { "asset": "4447ebac-6831-4617-a653-4aedfe235faf", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "26c8f378-14a7-4dda-885e-4e371ce0ed99", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_ACTUATORS", "description": "", "label": "IoT - Actionneurs", "language": "FR", "type": "Secondary", "uuid": "4447ebac-6831-4617-a653-4aedfe235faf", "version": 1 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "R\u00e9ception et exploitation dans le syst\u00e8me d'information de l'organisme de donn\u00e9es erron\u00e9es ou de mat\u00e9riels non adapt\u00e9s provenant de sources ext\u00e9rieures.", "i": true, "label": "Information sans garantie de l'origine", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "Le syst\u00e8me permet l'\u00e9mission et la r\u00e9ception d'information sans authentification des \u00e9metteurs ni des destinataires", "language": "FR", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Actionneur", "language": "FR", "name": "Actionneur", "scope": "local", "uuid": "5581f4e4-75ea-4fe0-ac43-a4d8311ab6bf", "version": 1 } }, { "asset": { "amvs": [ { "asset": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "threat": "b402d5af-4576-11e9-9173-0800277f0571", "uuid": "d1140297-6b68-4ccf-9716-665c0b3d4306", "vulnerability": "69fc0555-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_DEVICE", "description": "Partie physique de l'objet connect\u00e9", "label": "IoT - Partie physique de l'objet connect\u00e9", "language": "FR", "type": "Secondary", "uuid": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MD36", "description": "Le mat\u00e9riel est accessible par des personnes \u00e9trang\u00e8res en interne ou en externe. Il est possible de le d\u00e9t\u00e9riorer ou de le voler.", "i": false, "label": "", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5af-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1183", "description": "Des personnes non autoris\u00e9es peuvent acc\u00e9der \u00e0 l'information sans barri\u00e8res physiques ?Acc\u00e8s facile ? Locaux publics ? Passage ou couloir \u00e0 proximit\u00e9 ?", "label": "L'acc\u00e8s est possible pour des personnes n'ayant aucun motif de service", "language": "FR", "mode": 0, "uuid": "69fc0555-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Device", "language": "FR", "name": "Device", "scope": "local", "uuid": "59617857-43b1-4660-b571-3f75fa22a1ae", "version": 1 } }, { "asset": { "amvs": [ { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb547-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5ea-4576-11e9-9173-0800277f0571", "uuid": "7f9fb55e-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0627-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d513-4576-11e9-9173-0800277f0571", "uuid": "7f9fb58d-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", "threat": "b402d5d5-4576-11e9-9173-0800277f0571", "uuid": "d2522441-1a7b-456f-8b4b-8f2d6b586632", "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_OS", "description": "Syst\u00e8me d'exploitation ou middleware de l'objet connect\u00e9", "label": "IoT - Syst\u00e8me d'exploitation", "language": "FR", "type": "Secondary", "uuid": "d2023de2-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MA15", "description": "Erreur de conception, erreur d'installation ou n\u00e9gligence d'exploitation commise lors de modification provoquant une ex\u00e9cution non-conforme.", "i": true, "label": "Dysfonctionnement logiciel", "language": "FR", "theme": "D\u00e9faillances techniques", "uuid": "b402d513-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA17", "description": "Personne poss\u00e9dant des droits privil\u00e9gi\u00e9s (administrateur de r\u00e9seaux, personnel informaticien...) et pouvant modifier les caract\u00e9ristiques d'exploitation des ressources.", "i": true, "label": "Abus de droits", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MDA13", "description": "Logiciel non d\u00e9sir\u00e9 executant des op\u00e9rations cherchant \u00e0 nuire \u00e0 l'organisme.", "i": true, "label": "Infection par un malware", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1172", "description": "Y a-t-il des accords contractuels formels avec les tiers principaux ?Existe-t-il des r\u00e8gles d'intervention ? Nom de personnes ? D\u00e9lais ?", "label": "Pas d'accord de services avec les tiers (internes ou externes)", "language": "FR", "mode": 0, "uuid": "69fc04ed-4591-11e9-9173-0800277f0571" }, { "code": "1224", "description": "Liaison maintenue en permanence\u00c9changes en clair Absence de compte-rendu", "label": "La t\u00e9l\u00e9maintenance n'est pas g\u00e9r\u00e9e correctement par le fournisseur", "language": "FR", "mode": 0, "uuid": "69fc0627-4591-11e9-9173-0800277f0571" }, { "code": "1213", "description": "La gestion des changements sur les logiciels ou sur le syst\u00e8me d'information est elle correcte ?Planification des changements ? Estimation des charges ? Tests avant mise en production ?", "label": "Pr\u00e9sences de lacunes dans la gestion des changements ou la maintenance des logiciels", "language": "FR", "mode": 0, "uuid": "69fc05b4-4591-11e9-9173-0800277f0571" }, { "code": "1178", "description": "Existe-t-il une proc\u00e9dure ? Formelle ?Quelle est la p\u00e9riodicit\u00e9 d'application ? Qui est le responsable ?Des tests sont-ils effectu\u00e9s ? Avant ? Apr\u00e8s ?", "label": "La gestion des mises \u00e0 jour (patch) comporte des lacunes", "language": "FR", "mode": 0, "uuid": "69fc051f-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Syst\u00e8me d'exploitation", "language": "FR", "name": "Syst\u00e8me d'exploitation", "scope": "local", "uuid": "4b31e8dd-24d8-4780-aa62-d5f4fff53760", "version": 1 } }, { "asset": { "amvs": [ { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d5df-4576-11e9-9173-0800277f0571", "uuid": "02c8ec95-756a-447b-916b-312b29c2e43c", "vulnerability": "69fc0101-4591-11e9-9173-0800277f0571" }, { "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "4896c568-6eb2-4454-9d80-bad8f8106a0f", "vulnerability": "69fc0952-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_NETWORK_INTERFACE", "description": "IOT - Interface r\u00e9seau", "label": "IoT - Interface r\u00e9seau", "language": "FR", "type": "Secondary", "uuid": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": false, "code": "MDA16", "description": "Personne ou ressource de type mat\u00e9riel, logiciel ou r\u00e9seau simulant un besoin de ressource intense en provoquant un parasitage intense et continu de la ressource.", "i": false, "label": "Saturation du syst\u00e8me informatique", "language": "FR", "theme": "D\u00e9faillances techniques", "uuid": "b402d5df-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Personne \u00e9tant connect\u00e9e aux \u00e9quipements ou aux supports de communication ou plac\u00e9e dans le p\u00e9rim\u00e8tre de couverture d'\u00e9mission d'une communication.", "i": false, "label": "\u00c9coute passive", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1070", "description": "", "label": "Mauvais dimensionnement des ressources (ex.: trop d'utilisateurs par rapport aux nombres possibles de connexions et \u00e0 la bande passante)", "language": "FR", "mode": 0, "uuid": "69fc0101-4591-11e9-9173-0800277f0571" }, { "code": "210", "description": "", "label": "Mat\u00e9riel disposant d'interface de communication \u00e9coutable (infra rouge, 802.11, Bluetooth...)", "language": "FR", "mode": 0, "uuid": "69fc0952-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Interfaces de communication", "language": "FR", "name": "Interface de communication", "scope": "local", "uuid": "926e6d32-9bca-4675-b817-b572f5947072", "version": 1 } }, { "asset": { "amvs": [ { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d5c9-4576-11e9-9173-0800277f0571", "uuid": "5cf11c67-0843-4dec-bb0e-c649d97a2bc4", "vulnerability": "69fc057e-4591-11e9-9173-0800277f0571" }, { "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "threat": "b402d620-4576-11e9-9173-0800277f0571", "uuid": "a162b328-c313-4464-80ba-f1db359d7655", "vulnerability": "69fc0f0d-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_STORAGE_LOCAL", "description": "El\u00e9ments sauvegard\u00e9s en local sur l'objet connect\u00e9", "label": "IoT - Storage local", "language": "FR", "type": "Secondary", "uuid": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", "version": 1 }, "measures": [], "threats": [ { "a": false, "c": true, "code": "MDA12", "description": "R\u00e9cup\u00e9ration de supports \u00e9lectroniques (disques durs, disquettes, cartouches de sauvegarde, cl\u00e9s USB, disquettes ZIP, disques durs amovibles...) ou papier (listing, \u00e9ditions incompl\u00e8tes, messages...) destin\u00e9s au recyclage et contenant des informations r\u00e9c", "i": false, "label": "R\u00e9cup\u00e9ration de supports recycl\u00e9s ou mis au rebut", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" }, { "a": true, "c": false, "code": "MDA29", "description": "Ev\u00e8nement provoquant la destruction d\u2019un mat\u00e9riel ou d'un support.", "i": false, "label": "Destruction de mat\u00e9riel ou de supports", "language": "FR", "theme": "Sinistres physiques", "uuid": "b402d620-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1191", "description": "Existe-t-il une proc\u00e9dure formelle ?Est-elle respect\u00e9e ?La chaine de mise au rebut est-elle correcte ?", "label": "La mise au rebut n'est pas correctement assur\u00e9e", "language": "FR", "mode": 0, "uuid": "69fc057e-4591-11e9-9173-0800277f0571" }, { "code": "283", "description": "", "label": "Absence de sauvegarde des donn\u00e9es contenues sur les supports", "language": "FR", "mode": 0, "uuid": "69fc0f0d-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Storage local", "language": "FR", "name": "Storage local", "scope": "local", "uuid": "7da319ff-851c-414f-bb76-50cfc48254b5", "version": 1 } }, { "asset": { "amvs": [ { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d4e0-4576-11e9-9173-0800277f0571", "uuid": "1631becd-9756-46f3-b23d-a3d93bac3fab", "vulnerability": "69fc0515-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb735-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb74c-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d530-4576-11e9-9173-0800277f0571", "uuid": "7f9fb763-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d600-4576-11e9-9173-0800277f0571", "uuid": "7f9fb77a-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc061d-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d58f-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7a9-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc1924-4591-11e9-9173-0800277f0571" }, { "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", "threat": "b402d557-4576-11e9-9173-0800277f0571", "uuid": "7f9fb7ca-4f02-11e9-b3ea-0800277f0571", "vulnerability": "69fc0560-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_APP", "description": "Application du device IOT", "label": "IoT - Application utilisateur", "language": "FR", "type": "Secondary", "uuid": "d2023dd3-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [ { "a": true, "c": true, "code": "MA11", "description": "Personne commettant une erreur de manipulation, de saisie, d'utilisation de mat\u00e9riels ou logiciels.", "i": true, "label": "Erreur d'utilisation", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d4e0-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MDA20", "description": "Personne qui, volontairement ou par n\u00e9gligence, diffuse de l'information .", "i": false, "label": "Divulgation d'information", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d600-4576-11e9-9173-0800277f0571" }, { "a": true, "c": true, "code": "MD14", "description": "Personne se faisant passer pour une autre de mani\u00e8re \u00e0 utiliser ces privil\u00e8ges d'acc\u00e8s au syst\u00e8me d'information, d\u00e9sinformer le destinataire, r\u00e9aliser une fraude\u2026", "i": true, "label": "Usurpation de droits", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d530-4576-11e9-9173-0800277f0571" }, { "a": false, "c": false, "code": "MD24", "description": "Une personne ou une entit\u00e9 renie sa participation \u00e0 un \u00e9change avec un tiers ou \u00e0 la r\u00e9alisation d'une op\u00e9ration.", "i": true, "label": "Reniement d'actions", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d58f-4576-11e9-9173-0800277f0571" }, { "a": false, "c": true, "code": "MD15", "description": "Personne \u00e9tant connect\u00e9e aux \u00e9quipements ou aux supports de communication ou plac\u00e9e dans le p\u00e9rim\u00e8tre de couverture d'\u00e9mission d'une communication.", "i": false, "label": "\u00c9coute passive", "language": "FR", "theme": "Compromission des fonctions", "uuid": "b402d557-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1177", "description": "L'ergonomie du logiciel pose-t-elle des probl\u00e8mes ?Est-il complexe \u00e0 comprendre ou \u00e0 utiliser ?Le temps de formation ou d'adaptation est-il long ? Existe-t-il des cas d'erreurs connus ?", "label": "Outils ou programmes non adapt\u00e9s \u00e0 l'utilisation ou non ergonomiques", "language": "FR", "mode": 0, "uuid": "69fc0515-4591-11e9-9173-0800277f0571" }, { "code": "1168", "description": "Est-ce que toutes les autorisations sont donn\u00e9es en respectant ce principe ?", "label": "Le principe de besoin d'en conna\u00eetre n'est pas respect\u00e9", "language": "FR", "mode": 0, "uuid": "69fc04e2-4591-11e9-9173-0800277f0571" }, { "code": "1166", "description": "Y a-t-il une proc\u00e9dure formelle ?Qui autorise les acc\u00e8s ?Le principe de 4 yeux est-il respect\u00e9 ?", "label": "La gestion des autorisations comporte des failles", "language": "FR", "mode": 0, "uuid": "69fc04c4-4591-11e9-9173-0800277f0571" }, { "code": "1167", "description": "Y a-t-il une politique de mots de passe ?Bonnes pratiques (longueur, complexit\u00e9, changement ...) ?Y a-t-il un compte par personne ?Y a-t-il des comptes partag\u00e9s ?", "label": "L'authentification des utilisateurs n'est pas assur\u00e9e", "language": "FR", "mode": 0, "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" }, { "code": "1221", "description": "Y a-t-il possibilit\u00e9 d'exporter les donn\u00e9es ?\u00c9galement en format structur\u00e9 (XLS, CSV, XML, etc.) ?", "label": "Les droits de l'utilisateur permettent l\u2019export de l'information", "language": "FR", "mode": 0, "uuid": "69fc061d-4591-11e9-9173-0800277f0571" }, { "code": "50", "description": "Y a-t-il des logs ?Sont-ils suffisants au regard des contr\u00f4les \u00e0 effectuer ?", "label": "Absence de conservation des traces des activit\u00e9s", "language": "FR", "mode": 0, "uuid": "69fc1924-4591-11e9-9173-0800277f0571" }, { "code": "1184", "description": "Le moyen de communication est-il chiffr\u00e9 ?Le moyen de communication est-il accessible par des tiers ?", "label": "Utilisation d'un moyen de communication non s\u00e9curis\u00e9", "language": "FR", "mode": 0, "uuid": "69fc0560-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Application", "language": "FR", "name": "Application", "scope": "local", "uuid": "cbfb813a-3e9c-415c-9ece-9c2bd7c781b7", "version": 1 } }, { "asset": { "amvs": [ { "asset": "fa281f62-931c-47dd-82b6-976e543a2168", "threat": "b402d5f5-4576-11e9-9173-0800277f0571", "uuid": "15715227-f575-462b-b467-236532cddbb6", "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" } ], "asset": { "code": "OV_IOT_SENSORS", "description": "", "label": "IoT - Capteur", "language": "FR", "type": "Secondary", "uuid": "fa281f62-931c-47dd-82b6-976e543a2168", "version": 1 }, "measures": [], "threats": [ { "a": false, "c": false, "code": "MDA18", "description": "R\u00e9ception et exploitation dans le syst\u00e8me d'information de l'organisme de donn\u00e9es erron\u00e9es ou de mat\u00e9riels non adapt\u00e9s provenant de sources ext\u00e9rieures.", "i": true, "label": "Information sans garantie de l'origine", "language": "FR", "theme": "Compromission des informations", "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" } ], "vuls": [ { "code": "1094", "description": "", "label": "Le syst\u00e8me permet l'\u00e9mission et la r\u00e9ception d'information sans authentification des \u00e9metteurs ni des destinataires", "language": "FR", "mode": 0, "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" } ] }, "children": [], "object": { "label": "Capteur", "language": "FR", "name": "Capteur", "scope": "local", "uuid": "e1473c38-42fc-4124-8b66-595ed18c1db2", "version": 1 } } ], "object": { "label": "Objet connect\u00e9", "language": "FR", "name": "Objet connect\u00e9", "scope": "local", "uuid": "0ceec4ea-73c0-4055-bcf1-819346ffdd0b", "version": 1 } } } 2020-12-18T16:00:10.604285+00:00