https://objects.monarc.lu/objects.atom Recent objects published on MOSP 2021-06-20T03:57:49.939879+00:00 https://www.cases.lu info@cases.lu python-feedgen https://objects.monarc.lu/object/get/714 No physical and logical protection 2021-06-20T03:57:49.979834+00:00 MONARC { "code": "955", "description": "", "label": "No physical and logical protection", "language": "EN", "uuid": "69fc2a16-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:29.635436+00:00 https://objects.monarc.lu/object/get/644 Water pipe close to equipment 2021-06-20T03:57:49.979711+00:00 MONARC { "code": "863", "description": "", "label": "Water pipe close to equipment", "language": "EN", "uuid": "69fc2430-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:29.773229+00:00 https://objects.monarc.lu/object/get/707 Possibility of incompatibility between the media and other components 2021-06-20T03:57:49.979587+00:00 MONARC { "code": "944", "description": "", "label": "Possibility of incompatibility between the media and other components", "language": "EN", "uuid": "69fc29bb-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:29.913194+00:00 https://objects.monarc.lu/object/get/606 Site located in flood-prone area 2021-06-20T03:57:49.979465+00:00 MONARC { "code": "799", "description": "", "label": "Site located in flood-prone area", "language": "EN", "uuid": "69fc225e-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.053883+00:00 https://objects.monarc.lu/object/get/582 No procedure and means of verifying the origin of the software (code signature, binary signature, etc.) 2021-06-20T03:57:49.979341+00:00 MONARC { "code": "764", "description": "", "label": "No procedure and means of verifying the origin of the software (code signature, binary signature, etc.)", "language": "EN", "uuid": "69fc2117-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.188177+00:00 https://objects.monarc.lu/object/get/581 No procedure for assessing products 2021-06-20T03:57:49.979216+00:00 MONARC { "code": "763", "description": "", "label": "No procedure for assessing products", "language": "EN", "uuid": "69fc210c-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.326306+00:00 https://objects.monarc.lu/object/get/580 No product certification 2021-06-20T03:57:49.979073+00:00 MONARC { "code": "762", "description": "", "label": "No product certification", "language": "EN", "uuid": "69fc2102-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.468086+00:00 https://objects.monarc.lu/object/get/530 Personnel categories with higher access privileges 2021-06-20T03:57:49.978945+00:00 MONARC { "code": "685", "description": "", "label": "Personnel categories with higher access privileges", "language": "EN", "uuid": "69fc1ea0-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.603821+00:00 https://objects.monarc.lu/object/get/491 User grant rights are not controlled. 2021-06-20T03:57:49.978816+00:00 MONARC { "code": "607", "description": "", "label": "User grant rights are not controlled.", "language": "EN", "uuid": "69fc1cd3-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.744101+00:00 https://objects.monarc.lu/object/get/486 No rules covering conditions of use of information processing infrastructures (ban on smoking, drinks and food in rooms housing IT equipment) 2021-06-20T03:57:49.978684+00:00 MONARC { "code": "602", "description": "", "label": "No rules covering conditions of use of information processing infrastructures (ban on smoking, drinks and food in rooms housing IT equipment)", "language": "EN", "uuid": "69fc1c92-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:30.883967+00:00 https://objects.monarc.lu/object/get/532 The notion of right is not defined for the personnel 2021-06-20T03:57:49.978554+00:00 MONARC { "code": "689", "description": "", "label": "The notion of right is not defined for the personnel", "language": "EN", "uuid": "69fc1eb5-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.027700+00:00 https://objects.monarc.lu/object/get/513 Obtaining an advantage through selling equipment 2021-06-20T03:57:49.978424+00:00 MONARC { "code": "646", "description": "", "label": "Obtaining an advantage through selling equipment", "language": "EN", "uuid": "69fc1dd3-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.166632+00:00 https://objects.monarc.lu/object/get/488 No definition of privileges limiting the possibility of installing software on workstations 2021-06-20T03:57:49.978294+00:00 MONARC { "code": "604", "description": "", "label": "No definition of privileges limiting the possibility of installing software on workstations", "language": "EN", "uuid": "69fc1ca7-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.304761+00:00 https://objects.monarc.lu/object/get/468 No regulation defining rights 2021-06-20T03:57:49.978164+00:00 MONARC { "code": "575", "description": "", "label": "No regulation defining rights", "language": "EN", "uuid": "69fc1b74-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.447903+00:00 https://objects.monarc.lu/object/get/512 Failure to follow the rules concerning physical protection of transportable equipment 2021-06-20T03:57:49.978028+00:00 MONARC { "code": "645", "description": "", "label": "Failure to follow the rules concerning physical protection of transportable equipment", "language": "EN", "uuid": "69fc1dc8-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.587444+00:00 https://objects.monarc.lu/object/get/467 No definition of the right to know 2021-06-20T03:57:49.977879+00:00 MONARC { "code": "573", "description": "", "label": "No definition of the right to know", "language": "EN", "uuid": "69fc1b6a-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.723942+00:00 https://objects.monarc.lu/object/get/455 No monitoring of product origin 2021-06-20T03:57:49.977726+00:00 MONARC { "code": "557", "description": "", "label": "No monitoring of product origin", "language": "EN", "uuid": "69fc1ade-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.856465+00:00 https://objects.monarc.lu/object/get/388 No contractual clauses setting out the responsibilities of both parties 2021-06-20T03:57:49.977467+00:00 MONARC { "code": "444", "description": "", "label": "No contractual clauses setting out the responsibilities of both parties", "language": "EN", "uuid": "69fc17a8-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:31.993575+00:00 https://objects.monarc.lu/object/get/456 The security policy does not include reminding all personnel of their obligations and responsibilities in civil, criminal and regulatory matters. 2021-06-20T03:57:49.977339+00:00 MONARC { "code": "559", "description": "", "label": "The security policy does not include reminding all personnel of their obligations and responsibilities in civil, criminal and regulatory matters.", "language": "EN", "uuid": "69fc1ae8-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.131433+00:00 https://objects.monarc.lu/object/get/437 No rules covering the operating environment of information processing infrastructures (temperature, humidity, etc.) 2021-06-20T03:57:49.977209+00:00 MONARC { "code": "527", "description": "", "label": "No rules covering the operating environment of information processing infrastructures (temperature, humidity, etc.)", "language": "EN", "uuid": "69fc1a07-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.292636+00:00 https://objects.monarc.lu/object/get/372 No clause covering response time for repair and treatment in the event of malfunction 2021-06-20T03:57:49.977081+00:00 MONARC { "code": "429", "description": "", "label": "No clause covering response time for repair and treatment in the event of malfunction", "language": "EN", "uuid": "69fc16f3-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.431271+00:00 https://objects.monarc.lu/object/get/454 No monitoring of product certification 2021-06-20T03:57:49.976954+00:00 MONARC { "code": "556", "description": "", "label": "No monitoring of product certification", "language": "EN", "uuid": "69fc1ad3-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.570739+00:00 https://objects.monarc.lu/object/get/436 No reporting on malfunctions 2021-06-20T03:57:49.976826+00:00 MONARC { "code": "524", "description": "", "label": "No reporting on malfunctions", "language": "EN", "uuid": "69fc19fc-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.708565+00:00 https://objects.monarc.lu/object/get/469 Assignment of user rights is not clearly defined 2021-06-20T03:57:49.976697+00:00 MONARC { "code": "576", "description": "", "label": "Assignment of user rights is not clearly defined", "language": "EN", "uuid": "69fc1b7e-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.845060+00:00 https://objects.monarc.lu/object/get/380 Contract contains no clauses concerning identification and verification of the origin of the software. 2021-06-20T03:57:49.976565+00:00 MONARC { "code": "437", "description": "", "label": "Contract contains no clauses concerning identification and verification of the origin of the software.", "language": "EN", "uuid": "69fc1747-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:32.958888+00:00 https://objects.monarc.lu/object/get/343 Lack of information concerning laws and regulations applicable to information processing 2021-06-20T03:57:49.976413+00:00 MONARC { "code": "378", "description": "", "label": "Lack of information concerning laws and regulations applicable to information processing", "language": "EN", "uuid": "69fc1384-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.093145+00:00 https://objects.monarc.lu/object/get/323 No security policy for protecting the information processing infrastructure in the organisation's sites 2021-06-20T03:57:49.976285+00:00 MONARC { "code": "341", "description": "", "label": "No security policy for protecting the information processing infrastructure in the organisation's sites", "language": "EN", "uuid": "69fc1210-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.225463+00:00 https://objects.monarc.lu/object/get/261 Easily dismantled equipment 2021-06-20T03:57:49.976157+00:00 MONARC { "code": "254", "description": "", "label": "Easily dismantled equipment", "language": "EN", "uuid": "69fc0c6e-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.363665+00:00 https://objects.monarc.lu/object/get/256 Equipment allowing data to be recorded on media (floppy disc, ZIP disc, CD/DVD writer) 2021-06-20T03:57:49.976030+00:00 MONARC { "code": "244", "description": "", "label": "Equipment allowing data to be recorded on media (floppy disc, ZIP disc, CD/DVD writer)", "language": "EN", "uuid": "69fc0ba7-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.483690+00:00 https://objects.monarc.lu/object/get/241 The system is connected to external networks 2021-06-20T03:57:49.975901+00:00 MONARC { "code": "225", "description": "", "label": "The system is connected to external networks", "language": "EN", "uuid": "69fc0aed-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.596845+00:00 https://objects.monarc.lu/object/get/236 Possibility of incompatibility between equipment items 2021-06-20T03:57:49.975770+00:00 MONARC { "code": "220", "description": "", "label": "Possibility of incompatibility between equipment items", "language": "EN", "uuid": "69fc0a9d-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.729851+00:00 https://objects.monarc.lu/object/get/284 Tempting equipment (trading value, technology, strategic) 2021-06-20T03:57:49.975639+00:00 MONARC { "code": "278", "description": "", "label": "Tempting equipment (trading value, technology, strategic)", "language": "EN", "uuid": "69fc0ee2-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.862787+00:00 https://objects.monarc.lu/object/get/253 Equipment that can be resold (no marking, used without password) 2021-06-20T03:57:49.975507+00:00 MONARC { "code": "240", "description": "", "label": "Equipment that can be resold (no marking, used without password)", "language": "EN", "uuid": "69fc0b7b-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:33.997603+00:00 https://objects.monarc.lu/object/get/228 No equipment inventory 2021-06-20T03:57:49.975371+00:00 MONARC { "code": "211", "description": "", "label": "No equipment inventory", "language": "EN", "uuid": "69fc0969-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.131228+00:00 https://objects.monarc.lu/object/get/187 Default authentication IDs and passwords are not changed after system installation 2021-06-20T03:57:49.975222+00:00 MONARC { "code": "1225", "description": "Where are they stored?\nAre they changed regularly?", "label": "Default authentication IDs and passwords are not changed after system installation", "language": "EN", "uuid": "69fc0631-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.241826+00:00 https://objects.monarc.lu/object/get/195 Possibility of the operating system being subjected to badly formed requests and data (e.g. buffer overflow) 2021-06-20T03:57:49.975016+00:00 MONARC { "code": "132", "description": "", "label": "Possibility of the operating system being subjected to badly formed requests and data (e.g. buffer overflow)", "language": "EN", "uuid": "69fc074f-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.377678+00:00 https://objects.monarc.lu/object/get/152 Possibility of the systems operating with illegally copied or counterfeit operating systems 2021-06-20T03:57:49.974882+00:00 MONARC { "code": "113", "description": "", "label": "Possibility of the systems operating with illegally copied or counterfeit operating systems", "language": "EN", "uuid": "69fc0401-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.510611+00:00 https://objects.monarc.lu/object/get/74 Possibility of deleting, modifying or installing new programmes 2021-06-20T03:57:49.974746+00:00 MONARC { "code": "104", "description": "", "label": "Possibility of deleting, modifying or installing new programmes", "language": "EN", "uuid": "69fbff90-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.643573+00:00 https://objects.monarc.lu/object/get/94 The system makes it easy to disclose information to the outside 2021-06-20T03:57:49.974587+00:00 MONARC { "code": "1059", "description": "", "label": "The system makes it easy to disclose information to the outside", "language": "EN", "uuid": "69fc008e-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.777120+00:00 https://objects.monarc.lu/object/get/66 The system is connected to external networks 2021-06-20T03:57:49.974398+00:00 MONARC { "code": "1029", "description": "", "label": "The system is connected to external networks", "language": "EN", "uuid": "69fbff3c-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:34.910871+00:00 https://objects.monarc.lu/object/get/144 Use of an obsolete version of the messaging server 2021-06-20T03:57:49.974213+00:00 MONARC { "code": "1118", "description": "", "label": "Use of an obsolete version of the messaging server", "language": "EN", "uuid": "69fc03a0-4591-11e9-9173-0800277f0571" } 2021-03-16T12:45:35.046659+00:00 https://objects.monarc.lu/object/get/5201 ANSSI France - Directive NIS 2021-06-20T03:57:49.973421+00:00 MONARC { "authors": [ "Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information [ANSSI France] " ], "label": "ANSSI France - Directive NIS", "language": "FR", "refs": [ "https://www.ssi.gouv.fr/uploads/2020/12/guide_protection_des_systemes_essentiels.pdf" ], "uuid": "edff67be-6d5f-442a-8bc8-c351cae8d31a", "values": [ { "code": "R1 [Modification de la configuration par d\u00e9faut]", "description": "Modifier les \u00e9l\u00e9ments de configuration par d\u00e9faut", "importance": 0, "uuid": "e0276fb1-d39f-45d8-81ab-32adf7be57b8" }, { "code": "R1- [Modification de la configuration par d\u00e9faut]", "description": "Pallier l\u2019impossibilit\u00e9 de changer un \u00e9l\u00e9ment par d\u00e9faut", "importance": 0, "uuid": "78f8ed48-39de-4429-a8f5-05a36a3e36eb" }, { "code": "R2 [Restriction des fonctionnalit\u00e9s accessibles]", "description": "Installer uniquement les services ou fonctionnalit\u00e9s indispensables", "importance": 0, "uuid": "ad9fcb16-2d35-440c-a0b3-7383acf262be" }, { "code": "R2- [Restriction des fonctionnalit\u00e9s accessibles]", "description": "Pallier l\u2019impossibilit\u00e9 de d\u00e9sinstaller un service non indispensable", "importance": 0, "uuid": "ae96c982-2f00-41c1-b697-1e7cf521f1c3" }, { "code": "R3 [Restriction des fonctionnalit\u00e9s accessibles]", "description": "D\u00e9finir et utiliser des configurations de r\u00e9f\u00e9rence", "importance": 0, "uuid": "acb9ac12-48af-4eff-9270-5829c67e4345" }, { "code": "R4 [Inventaire des \u00e9l\u00e9ments connect\u00e9s au SIE]", "description": "\u00c9tablir un inventaire technique des \u00e9l\u00e9ments et des acc\u00e8s au SIE", "importance": 0, "uuid": "f1483fea-3c0d-4034-9a22-e79d0a3c82a8" }, { "code": "R5 [Utilisation d'\u00e9l\u00e9ments ma\u00eetris\u00e9s dans le SI]", "description": "Utiliser uniquement des \u00e9quipements ma\u00eetris\u00e9s", "importance": 0, "uuid": "883e4bfe-df85-4770-b8eb-ec36cd625be8" }, { "code": "R6 [D\u00e9dier des supports amovibles au SIE]", "description": "D\u00e9dier aux SIE des supports amovibles identifi\u00e9s", "importance": 0, "uuid": "84237a51-3f4d-4d42-a72b-9105580d72a6" }, { "code": "R7 [Innocuit\u00e9 des supports amovibles \u00e0 usage mixte]", "description": "D\u00e9contaminer les supports amovibles avant leur utilisation", "importance": 0, "uuid": "66b29f1e-2651-49c1-98da-1b07e9802272" }, { "code": "R7+ [Innocuit\u00e9 des supports amovibles \u00e0 usage mixte]", "description": "Utiliser un \u00e9quipement d\u00e9di\u00e9 \u00e0 l\u2019analyse des supports amovibles", "importance": 0, "uuid": "6b6d3cfe-ee9b-4ca0-99e0-1d335edc0ca5" }, { "code": "R8 [Tra\u00e7abilit\u00e9 de l'utilisation des supports amovibles sur le SIE]", "description": "Mettre en \u0153uvre une tra\u00e7abilit\u00e9 de l\u2019utilisation des supports amovibles", "importance": 0, "uuid": "e7938d2f-039a-49d0-8f11-40bf573eb49e" }, { "code": "R8+ [Tra\u00e7abilit\u00e9 de l'utilisation des supports amovibles sur le SIE]", "description": "Mettre en \u0153uvre un outil de protection contre l\u2019exfiltration de donn\u00e9es", "importance": 0, "uuid": "21c8dddf-dca4-4ada-adfe-04c2fd2b9b5a" }, { "code": "R9 [Cloisonnement du SI en zones]", "description": "Segmenter le SI en syst\u00e8mes et sous-syst\u00e8mes", "importance": 0, "uuid": "0c36355d-6998-49f3-8f55-5eb7345aee66" }, { "code": "R10 [Cloisonnement du SI en zones]", "description": "Autoriser les interconnexions suivant le besoin de fonctionnement", "importance": 0, "uuid": "64e1e9a6-fe72-4c46-a0a1-b0b1b51402a7" }, { "code": "R11 [Cloisonnement physique]", "description": "Mettre en place un cloisonnement physique", "importance": 0, "uuid": "85afafe1-fd7a-4619-b38c-e695186fb5a0" }, { "code": "R11- [Cloisonnement logique par le chiffre]", "description": "Mettre en place un cloisonnement logique par le chiffre", "importance": 0, "uuid": "7ad99d6b-bebd-4928-8831-b3f2ab85b973" }, { "code": "R11- - [Cloisonnement logique simple]", "description": "Mettre en place un cloisonnement logique", "importance": 0, "uuid": "608a1888-2492-4fcf-a523-b0efb7528b74" }, { "code": "R12 [Mise en \u0153uvre technique du cloisonnement]", "description": "Chiffrer les donn\u00e9es en amont du stockage avec des secrets distincts", "importance": 0, "uuid": "b2c41503-c28f-49d6-a79d-7bc6b17e2476" }, { "code": "R13 [Cas des SIE dont l'h\u00e9bergement est externalis\u00e9]", "description": "Contr\u00f4ler le cloisonnement mis en place en cas d\u2019externalisation", "importance": 0, "uuid": "1a092d40-75da-45a3-b5ab-a02d5b6487bf" }, { "code": "R14 [Cas des SIE des infrastructures num\u00e9riques]", "description": "Infrastructures num\u00e9riques : cloisonner les services internes", "importance": 0, "uuid": "a8c53062-0cc7-4ae6-be29-e8a90aba516e" }, { "code": "R15 [Cas des SIE ouverts au public]", "description": "Segmenter les SIE publics en au moins deux sous-syst\u00e8mes", "importance": 0, "uuid": "258c3927-ed45-4ce9-994d-90a67037057b" }, { "code": "R16 [Acc\u00e8s publics \u00e0 un SIE]", "description": "Acc\u00e8s public : chiffrer et authentifier les flux au niveau applicatif", "importance": 0, "uuid": "6ee7ba91-c75d-4c62-80b2-79dcd2ec90a6" }, { "code": "R17 [Acc\u00e8s publics \u00e0 un SIE]", "description": "Acc\u00e8s public : authentifier les utilisateurs", "importance": 0, "uuid": "e58064e7-b20c-49fe-88dc-90d426a3dce0" }, { "code": "R17+ [Acc\u00e8s publics \u00e0 un SIE]", "description": "Acc\u00e8s public : authentifier les utilisateurs avec deux facteurs", "importance": 0, "uuid": "e62bf9e5-5832-4003-a1ef-17678843e405" }, { "code": "R18 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : mettre en place un tunnel chiffr\u00e9 et authentifi\u00e9", "importance": 0, "uuid": "b3ac8b8e-0b73-4729-aeb6-a72c3e774062" }, { "code": "R19 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : authentifier les utilisateurs avec deux facteurs", "importance": 0, "uuid": "6cc7b484-d83d-45fe-a5b0-9461b61f41e4" }, { "code": "R20 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : chiffrer int\u00e9gralement le disque du poste", "importance": 0, "uuid": "625907ca-41ad-491d-9699-852a2048faed" }, { "code": "R21 [Acc\u00e8s nomades \u00e0 un SIE]", "description": "Acc\u00e8s nomade : utiliser des filtres de confidentialit\u00e9", "importance": 0, "uuid": "6444a2b5-30d8-4575-b73f-f87bef919948" }, { "code": "R22 [Acc\u00e8s internes \u00e0 un SIE]", "description": "Acc\u00e8s interne : mettre en place un tunnel chiffr\u00e9 et authentifi\u00e9", "importance": 0, "uuid": "07b46e24-1862-404d-8e1c-940b110bd272" }, { "code": "R23 [Points de filtrage]", "description": "Filtrer les flux aux interconnexions entre les syst\u00e8mes et entre les sous-syst\u00e8mes", "importance": 0, "uuid": "03c21681-f083-4a4a-8575-eeba7547ccdf" }, { "code": "R23+ [Points de filtrage]", "description": "Filtrer les flux aux extr\u00e9mit\u00e9s des communications", "importance": 0, "uuid": "fe326817-c25f-4c91-b6b5-389e11f21be9" }, { "code": "R24 [Besoins de filtrage]", "description": "D\u00e9finir les besoins de filtrage sur le SIE", "importance": 0, "uuid": "23dd1a3a-3c70-4ad9-a321-0708757cc5af" }, { "code": "R25 [R\u00e8gles de filtrage]", "description": "Formaliser les r\u00e8gles de filtrage", "importance": 0, "uuid": "fd7f3bc2-7699-4f70-9eca-c8e71cf81bae" }, { "code": "R26 [R\u00e8gles de filtrage]", "description": "Passer r\u00e9guli\u00e8rement en revue les r\u00e8gles de filtrage", "importance": 0, "uuid": "ced779a2-3cf1-4141-b861-2f6b81decf57" }, { "code": "R27 [Choix et mutualisation des dispositifs de filtrage]", "description": "Mettre en \u0153uvre le filtrage gr\u00e2ce \u00e0 des \u00e9quipements sp\u00e9cialis\u00e9s", "importance": 0, "uuid": "80ff0fb8-2edf-437b-b51c-ad17393de815" }, { "code": "R28 [Listes d'autorisation et d'interdiction]", "description": "Bloquer tous les flux non explicitement autoris\u00e9s", "importance": 0, "uuid": "91b484fb-cea7-4ec1-9d52-4e41f0d4ab74" }, { "code": "R29 [Usage des comptes d'administration]", "description": "Utiliser des comptes d\u2019administration d\u00e9di\u00e9s", "importance": 0, "uuid": "d5be4401-d6ff-4b7b-b534-8c285029e35d" }, { "code": "R29- [Usage des comptes d'administration]", "description": "Pallier l\u2019absence de comptes d\u00e9di\u00e9s \u00e0 l\u2019administration", "importance": 0, "uuid": "60910bc5-e7c7-4d88-8cab-04fd56c5fdeb" }, { "code": "R30 [Usage des comptes d'administration]", "description": "Utiliser par d\u00e9faut des comptes d\u2019administration individuels", "importance": 0, "uuid": "5e5deb7e-4db1-469f-b381-ea9023ad6355" }, { "code": "R31 [Usage des comptes d'administration]", "description": "Attribuer les droits d\u2019administration \u00e0 des groupes", "importance": 0, "uuid": "a9ae7cd0-9002-49cc-b140-666f01328821" }, { "code": "R32 [Protection des comptes d'administration]", "description": "Prot\u00e9ger l\u2019acc\u00e8s aux annuaires des comptes d\u2019administration", "importance": 0, "uuid": "7e35ab96-40fa-4a36-b11d-c77b836a0dd0" }, { "code": "R33 [Protection des comptes d'administration]", "description": "Renforcer l\u2019authentification pour les comptes d\u2019administration", "importance": 0, "uuid": "8b646bf7-245b-475d-a5d5-0707c7871916" }, { "code": "R34 [Protection des comptes d'administration]", "description": "Emp\u00eacher le stockage des secrets d\u2019authentification dans les journaux", "importance": 0, "uuid": "8246e775-aea8-4d03-b245-db5d16b52163" }, { "code": "R35 [Protection des comptes d'administration]", "description": "Respecter le principe du moindre privil\u00e8ge dans l\u2019attribution des droits d\u2019administration", "importance": 0, "uuid": "b2e8ec4b-c80b-4563-9ead-4754d30b1723" }, { "code": "R36 [Ma\u00eetrise des ressources d'administration]", "description": "N\u2019utiliser que des \u00e9quipements ma\u00eetris\u00e9s pour l\u2019administration", "importance": 0, "uuid": "ffb799fe-bba5-4906-b9cc-094e10191215" }, { "code": "R37 [Poste d'administration]", "description": "Utiliser un poste d\u2019administration d\u00e9di\u00e9", "importance": 0, "uuid": "464b5919-26d9-44e2-af0a-4d1db9473a01" }, { "code": "R37- [Poste d'administration]", "description": "Acc\u00e9der aux autres environnements de travail depuis le poste d\u2019administration", "importance": 0, "uuid": "67129fd3-0579-4126-a1cb-4748dd42946d" }, { "code": "R38 [Poste d'administration]", "description": "Renforcer la s\u00e9curit\u00e9 du poste d\u2019administration", "importance": 0, "uuid": "e30af12e-b883-41c7-9ac6-662707b32fbd" }, { "code": "R39 [R\u00e9seau d'administration]", "description": "Connecter les ressources d\u2019administration sur un r\u00e9seau physique d\u00e9di\u00e9", "importance": 0, "uuid": "a61b75c8-c616-46d1-a353-89a653678e9a" }, { "code": "R39- [R\u00e9seau d'administration]", "description": "Connecter les ressources d\u2019administration sur un r\u00e9seau VPN IPsec d\u00e9di\u00e9", "importance": 0, "uuid": "1ca12b44-1262-4f46-a655-58514d1dc233" }, { "code": "R39- - [R\u00e9seau d'administration]", "description": "Pallier l\u2019absence de chiffrement des flux d\u2019administration", "importance": 0, "uuid": "68cd794b-7eae-4d48-81e9-bc2a5a357a06" }, { "code": "R40 [R\u00e9seau d'administration]", "description": "D\u00e9dier une interface r\u00e9seau physique d\u2019administration", "importance": 0, "uuid": "80043152-84c2-4c66-a914-d9a589f50d8f" }, { "code": "R40- [R\u00e9seau d'administration]", "description": "D\u00e9dier une interface r\u00e9seau virtuelle d\u2019administration", "importance": 0, "uuid": "011b5dd7-95fb-4be3-8d9b-37c998494ce9" }, { "code": "R41 [R\u00e9seau d'administration]", "description": "Cloisonner et filtrer le r\u00e9seau d\u2019administration", "importance": 0, "uuid": "acac371f-f4bc-400a-9b23-355d49b797a7" }, { "code": "R42 [Protocoles d'adminsitration]", "description": "Utiliser des protocoles s\u00e9curis\u00e9s pour l\u2019administration", "importance": 0, "uuid": "6fea5fca-2663-4c97-b9d4-349f18220723" }, { "code": "R43 [Administration de plusieurs SI]", "description": "Administrer des SI diff\u00e9rents avec des serveurs outils diff\u00e9rents", "importance": 0, "uuid": "fe0db2f7-a227-474e-a36c-826e2c2d084d" }, { "code": "R44 [Utilisation de comptes individuels]", "description": "Utiliser des comptes individuels", "importance": 0, "uuid": "69830471-5465-4db5-9504-898f50349860" }, { "code": "R44- [Utilisation de comptes individuels]", "description": "Pallier l\u2019absence de comptes individuels", "importance": 0, "uuid": "00113844-1fd3-4ad9-a94a-7a5a07756932" }, { "code": "R45 [Comptes inutilis\u00e9s]", "description": "D\u00e9sactiver les comptes inutilis\u00e9s", "importance": 0, "uuid": "6691f594-a6be-4a51-af96-251a95cdfcbb" }, { "code": "R46 [S\u00e9curit\u00e9 du m\u00e9canisme d'authentification]", "description": "Mettre en \u0153uvre un m\u00e9canisme d\u2019authentification pour chaque compte", "importance": 0, "uuid": "ffc4a621-79eb-4945-b634-d212e8a23c81" }, { "code": "R47 [S\u00e9curit\u00e9 du m\u00e9canisme d'authentification]", "description": "\u00c9tablir une politique de gestion des secrets d\u2019authentification", "importance": 0, "uuid": "2c260d25-e41e-4437-936a-fa5cc5e107ee" }, { "code": "R48 [Partage de secrets]", "description": "Interdire le partage de secrets d\u2019authentification", "importance": 0, "uuid": "a54a09e0-9b85-48c5-a10a-1fec4fcba6d1" }, { "code": "R48- [Partage de secrets]", "description": "Prot\u00e9ger les secrets d\u2019authentification des comptes partag\u00e9s", "importance": 0, "uuid": "2e8ce6a6-b2ac-43d0-958c-0a693bb29ec0" }, { "code": "R49 [Cas des comptes privil\u00e9gi\u00e9s]", "description": "D\u00e9dier un mot de passe \u00e0 chaque compte privil\u00e9gi\u00e9", "importance": 0, "uuid": "1a420a98-7c81-4c9c-87eb-546417ee3d8c" }, { "code": "R50 [Cas des comptes privil\u00e9gi\u00e9s]", "description": "Stocker les mots de passe dans un coffre-fort de mots de passe", "importance": 0, "uuid": "adc8df51-114f-435e-9a33-b63135158c3f" }, { "code": "R51 [Renouvellement r\u00e9gulier des secrets]", "description": "Renouveler r\u00e9guli\u00e8rement les secrets d\u2019authentification", "importance": 0, "uuid": "c8df75f1-c2be-424a-b93a-80e64852bd48" }, { "code": "R51- [Renouvellement r\u00e9gulier des secrets]", "description": "Pallier l\u2019impossibilit\u00e9 de modifier un secret d\u2019authentification", "importance": 0, "uuid": "57699a82-d109-40ff-b9f5-a1523025b987" }, { "code": "R52 [Renouvellement r\u00e9gulier des secrets]", "description": "Contr\u00f4ler le renouvellement et l\u2019acc\u00e8s aux secrets d\u2019authentification", "importance": 0, "uuid": "7c174c4e-bd75-4adc-8b27-68add751ebe4" }, { "code": "R53 [Renouvellement ponctuel des secrets]", "description": "Renouveler imm\u00e9diatement des secrets d\u2019authentification", "importance": 0, "uuid": "2c92383e-c404-47dd-89f7-4c8691aee0dd" }, { "code": "R54 [Attribution des droits d'acc\u00e8s]", "description": "D\u00e9finir une politique de gestion des droits d\u2019acc\u00e8s", "importance": 0, "uuid": "a4acc36e-5901-4641-95ba-427d3a4f6d63" }, { "code": "R55 [Attribution des droits d'acc\u00e8s]", "description": "Attribuer les droits d\u2019acc\u00e8s suivant le principe du moindre privil\u00e8ge", "importance": 0, "uuid": "94ef4b4b-8de5-42ad-be3e-4a3195ffa153" }, { "code": "R56 [Attribution des droits d'acc\u00e8s]", "description": "D\u00e9finir une tra\u00e7abilit\u00e9 des comptes privil\u00e9gi\u00e9s", "importance": 0, "uuid": "674efdbe-4276-4ed9-a966-f8940a150035" }, { "code": "R57 [Revue des droits d'acc\u00e8s]", "description": "Faire une revue r\u00e9guli\u00e8re des droits d\u2019acc\u00e8s", "importance": 0, "uuid": "61d07010-7570-42ce-b3e7-4375514a5ee0" }, { "code": "R58 [Proc\u00e9dure de maintien en conditions de s\u00e9curit\u00e9]", "description": "Documenter une politique de MCS", "importance": 0, "uuid": "2ecb9f20-8f5b-439f-8013-140544a14da2" }, { "code": "R59 [Proc\u00e9dure de maintien en conditions de s\u00e9curit\u00e9]", "description": "Mettre en place une veille de s\u00e9curit\u00e9", "importance": 0, "uuid": "8f3d3f38-3b3c-4522-8fe4-f78f1e9b08a7" }, { "code": "R60 [T\u00e9l\u00e9chargement de mises \u00e0 jour fiables]", "description": "Obtenir des mises \u00e0 jour de s\u00e9curit\u00e9 officielles", "importance": 0, "uuid": "66711a35-3fd5-47b0-b12d-4dd2e717650f" }, { "code": "R61 [Application des mises \u00e0 jour]", "description": "Appliquer les mises \u00e0 jour de s\u00e9curit\u00e9", "importance": 0, "uuid": "21089293-3792-45a3-8c82-caec58e11ac3" }, { "code": "R62 [Gestion des syst\u00e8mes obsol\u00e8tes]", "description": "Utiliser des logiciels et des mat\u00e9riels support\u00e9s", "importance": 0, "uuid": "9b7f5a3e-f58b-4885-89f2-238bc1ae053e" }, { "code": "R62- [Gestion des syst\u00e8mes obsol\u00e8tes]", "description": "Pallier l\u2019utilisation de versions obsol\u00e8tes de logiciels et de mat\u00e9riels", "importance": 0, "uuid": "aa858252-f4fa-48be-b80f-c6dfb425d8c6" } ], "version": 1 } 2021-04-09T09:27:51.540977+00:00 https://objects.monarc.lu/object/get/5202 CNIL [fr] 2021-06-20T03:57:49.969535+00:00 MONARC { "label": "CNIL", "language": "FR", "refs": [ "https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-fr-basesdeconnaissances.pdf" ], "uuid": "8d24c5ef-0748-4689-b189-3a4e505e3065", "values": [ { "code": "Acc\u00e8s logique_01", "description": "G\u00e9rer les profils d'utilisateurs en s\u00e9parant les t\u00e2ches et les domaines de responsabilit\u00e9, de pr\u00e9f\u00e9rence de mani\u00e8re centralis\u00e9e, afin de limiter l'acc\u00e8s aux donn\u00e9es aux seuls utilisateurs habilit\u00e9s, en appliquant les principes du besoin d'en conna\u00eetre et du moindre privil\u00e8ge.", "importance": 0, "uuid": "e118a3c6-7482-4211-b7ec-299efd46138f" }, { "code": "Acc\u00e8s logique_02", "description": "Identifier toute personne ayant un acc\u00e8s l\u00e9gitime aux donn\u00e9es (employ\u00e9s, contractants et autres tiers) par un identifiant unique.", "importance": 0, "uuid": "26276cb1-c4e4-467d-b408-54c2d319880e" }, { "code": "Acc\u00e8s logique_03", "description": "Dans le cas o\u00f9 l'utilisation d'identifiants g\u00e9n\u00e9riques ou partag\u00e9s est incontournable, obtenir une validation de la hi\u00e9rarchie et mettre en oeuvre des moyens de tra\u00e7abilit\u00e9 de l'utilisation de ce type d'identifiant.", "importance": 0, "uuid": "ceaf2533-f871-401b-9152-22176215a30c" }, { "code": "Acc\u00e8s logique_04", "description": "Limiter l'acc\u00e8s aux outils et interfaces d'administration aux personnes habilit\u00e9es.", "importance": 0, "uuid": "e6ebe368-9a36-4fe6-b5d5-868debdf6111" }, { "code": "Acc\u00e8s logique_05", "description": "Limiter l'utilisation des comptes permettant de disposer de privil\u00e8ges \u00e9lev\u00e9s aux op\u00e9rations qui le n\u00e9cessitent.", "importance": 0, "uuid": "93a2aa2a-c3e8-4e30-8bb3-ee2d361397f5" }, { "code": "Acc\u00e8s logique_06", "description": "Limiter l'utilisation des comptes \u00ab administrateurs \u00bb au service en charge de l'informatique, et ce, uniquement pour les actions d'administration qui le n\u00e9cessitent.", "importance": 0, "uuid": "0b18bac6-9fb1-4192-975e-21b0e72e1bf4" }, { "code": "Acc\u00e8s logique_07", "description": "Chaque compte, et d'autant plus s'il a des privil\u00e8ges \u00e9lev\u00e9s (ex : compte administrateur), doit avoir un mot de passe propre.", "importance": 0, "uuid": "bf0202ac-622c-42fc-9ea0-3110e0bb43b6" }, { "code": "Acc\u00e8s logique_08", "description": "Journaliser les informations li\u00e9es \u00e0 l'utilisation des privil\u00e8ges.", "importance": 0, "uuid": "44d19a09-c60f-418c-8f5b-4ebd68313bb2" }, { "code": "Acc\u00e8s logique_09", "description": "R\u00e9aliser une revue annuelle des privil\u00e8ges afin d'identifier et de supprimer les comptes non utilis\u00e9s, et de r\u00e9aligner les privil\u00e8ges sur les fonctions de chaque utilisateur.", "importance": 0, "uuid": "fea2a14d-15c4-4336-887b-952b2e53a659" }, { "code": "Acc\u00e8s logique_10", "description": "Retirer les droits des employ\u00e9s, contractants et autres tiers d\u00e8s lors qu'ils ne sont plus habilit\u00e9s \u00e0 acc\u00e9der \u00e0 un local ou \u00e0 une ressource ou \u00e0 la fin de leur contrat, et les ajuster en cas de changement de poste. Pour les personnes ayant un compte temporaire (stagiaire, prestataire...), configurer une date d'expiration \u00e0 la cr\u00e9ation du compte.", "importance": 0, "uuid": "3567ae95-f967-4d83-b8a5-2e128eb8a4bb" }, { "code": "Acc\u00e8s logique_11", "description": "Choisir un moyen d'authentification pour les ouvertures de session, adapt\u00e9 au contexte, au niveau des risques et \u00e0 la robustesse attendue.", "importance": 0, "uuid": "f5fa7cf6-962a-4479-b4dd-b4055940c4c3" }, { "code": "Acc\u00e8s logique_12", "description": "Interdire que les mots de passe utilis\u00e9s apparaissent en clair dans les programmes, fichiers, scripts, traces ou fichiers journaux, ou \u00e0 l'\u00e9cran lors de leur saisie.", "importance": 0, "uuid": "109dcedb-1be9-450e-b27f-7e51ee709bac" }, { "code": "Acc\u00e8s logique_13", "description": "D\u00e9terminer les actions \u00e0 entreprendre en cas d'\u00e9chec de l'authentification.", "importance": 0, "uuid": "9faa0ed5-8a85-40d1-93a0-ed2e7d0fcf4e" }, { "code": "Acc\u00e8s logique_14", "description": "Limiter l'authentification par identifiants et mots de passe au contr\u00f4le de l'acc\u00e8s au poste de travail (d\u00e9verrouillage uniquement).", "importance": 0, "uuid": "d04e18d8-0db0-4a6d-8e2b-9d8ffedd8e61" }, { "code": "Acc\u00e8s logique_15", "description": "Authentifier le poste de travail aupr\u00e8s du syst\u00e8me d'information distant (serveurs) \u00e0 l'aide de m\u00e9canismes cryptographiques.", "importance": 0, "uuid": "84390e07-d195-4fe0-8e39-84c29b418224" }, { "code": "Acc\u00e8s logique_16", "description": "Adopter une politique de mots de passe, la mettre en oeuvre et la contr\u00f4ler automatiquement dans la mesure o\u00f9 les applications et les ressources le permettent, et y sensibiliser les utilisateurs.", "importance": 0, "uuid": "679cdcd4-b5cc-449d-8570-9767ac8b9050" }, { "code": "Acc\u00e8s logique_17", "description": "Adopter une politique sp\u00e9cifique de mots de passe pour les administrateurs, la mettre en oeuvre et la contr\u00f4ler automatiquement dans la mesure o\u00f9 les applications et les ressources le permettent, et y sensibiliser les administrateurs.", "importance": 0, "uuid": "ed213665-55a1-4e17-b48d-14ed86eae184" }, { "code": "Acc\u00e8s logique_18", "description": "Modifier imm\u00e9diatement apr\u00e8s installation d'une application ou d'un syst\u00e8me les mots de passe par d\u00e9faut.", "importance": 0, "uuid": "91202b19-adc1-41fc-955d-654b03c724a8" }, { "code": "Acc\u00e8s logique_19", "description": "Cr\u00e9er chaque compte utilisateur avec un mot de passe initial al\u00e9atoire unique, le transmettre de mani\u00e8re s\u00e9curis\u00e9e \u00e0 l'utilisateur, par exemple en utilisant deux canaux s\u00e9par\u00e9s (papier et autres) ou une \u00ab case \u00e0 gratter \u00bb, et le contraindre \u00e0 le modifier lors de sa premi\u00e8re connexion et lorsqu'un nouveau mot de passe lui est fourni (par exemple en cas d'oubli).", "importance": 0, "uuid": "8f0e75d1-19d5-4e35-9517-b4c4e600a082" }, { "code": "Acc\u00e8s logique_20", "description": "Stocker les informations d'authentification (mots de passe d'acc\u00e8s aux syst\u00e8mes d'information, cl\u00e9s priv\u00e9es li\u00e9es aux certificats \u00e9lectroniques) de fa\u00e7on \u00e0 \u00eatre accessibles uniquement par des utilisateurs autoris\u00e9s.", "importance": 0, "uuid": "852a4c9c-8240-42cc-9581-038a410112cc" }, { "code": "Acc\u00e8s logique_21", "description": "Dans le cas o\u00f9 de nombreux mots de passe ou secrets (cl\u00e9s priv\u00e9es, certificats, etc.) doivent \u00eatre utilis\u00e9s, mettre en place une solution d'authentification centralis\u00e9e, de mots de passe \u00e0 usage unique ou de coffres-forts s\u00e9curis\u00e9s.", "importance": 0, "uuid": "32fc5d12-b90c-48aa-8332-006131cfb16b" }, { "code": "Acc\u00e8s physique_01", "description": "Distinguer les zones des b\u00e2timents selon les risques.", "importance": 0, "uuid": "8610c9a9-2dc5-4a26-b06c-80b00a4809a4" }, { "code": "Acc\u00e8s physique_02", "description": "Tenir \u00e0 jour une liste des personnes (visiteurs, employ\u00e9s, employ\u00e9s habilit\u00e9s, stagiaires, prestataires, etc.) autoris\u00e9es \u00e0 p\u00e9n\u00e9trer dans chaque zone.", "importance": 0, "uuid": "abdffe63-1cf7-4e8c-b2c1-f1f4a6f97aa1" }, { "code": "Acc\u00e8s physique_03", "description": "Choisir des moyens d'authentification des collaborateurs proportionnels aux risques selon chaque zone.", "importance": 0, "uuid": "5873e81e-f01e-4be4-ac19-4a1da00c6e7a" }, { "code": "Acc\u00e8s physique_04", "description": "Choisir des moyens d'authentification des visiteurs (personnes venant en r\u00e9union, prestataires externes, auditeurs, etc.) proportionnels aux risques selon chaque zone.", "importance": 0, "uuid": "c4ccc241-19ee-4e8f-8531-6cbcd88aa702" }, { "code": "Acc\u00e8s physique_05", "description": "D\u00e9terminer les actions \u00e0 entreprendre en cas d'\u00e9chec de l'authentification (impossible de v\u00e9rifier une identit\u00e9, d\u00e9faut d'habilitation \u00e0 p\u00e9n\u00e9trer dans une zone s\u00e9curis\u00e9e, etc.).", "importance": 0, "uuid": "1e71ff0f-e62b-41f6-9dfa-0adda57a4e39" }, { "code": "Acc\u00e8s physique_06", "description": "Conserver une trace des acc\u00e8s apr\u00e8s en avoir inform\u00e9 les personnes concern\u00e9es.", "importance": 0, "uuid": "707fc241-d84c-445d-b2ad-00a5b2e3d52f" }, { "code": "Acc\u00e8s physique_07", "description": "Faire accompagner les visiteurs, en dehors des zones d'accueil du public (depuis leur entr\u00e9e, pendant leur visite et jusqu'\u00e0 leur sortie des locaux) par une personne appartenant \u00e0 l'organisme.", "importance": 0, "uuid": "6e9286ef-e3e7-4dfe-b609-7ec4edda92fa" }, { "code": "Acc\u00e8s physique_08", "description": "Prot\u00e9ger les zones les plus sensibles de mani\u00e8re proportionnelle aux risques.", "importance": 0, "uuid": "cc5ceb8c-d72c-4ecf-a307-2aac21144b78" }, { "code": "Acc\u00e8s physique_09", "description": "Installer un dispositif permettant d'\u00eatre alert\u00e9 en cas d'effraction.", "importance": 0, "uuid": "0bceee9c-5fa7-4c8e-9350-ab1c55a1934f" }, { "code": "Acc\u00e8s physique_10", "description": "Pr\u00e9voir les moyens de ralentir les personnes qui auraient p\u00e9n\u00e9tr\u00e9 dans une zone dont l'acc\u00e8s leur est interdit, ainsi que les moyens d'intervention dans de telles situations, de telle sorte que le d\u00e9lai d'intervention soit inf\u00e9rieur au temps qu'il faut aux personnes non autoris\u00e9es pour sortir de la zone.", "importance": 0, "uuid": "a1679d06-d84a-4808-8d71-51fcd6f796a5" }, { "code": "Anonymisation _01", "description": "D\u00e9terminer ce qui doit \u00eatre anonymis\u00e9 selon le contexte, la forme de stockage des donn\u00e9es (champs d'une base de donn\u00e9es, extraits de textes, etc.) et les risques identifi\u00e9s.", "importance": 0, "uuid": "d1fc946c-b3cb-42f4-b9db-5b4ca070d6f9" }, { "code": "Anonymisation _02", "description": "Anonymiser de mani\u00e8re irr\u00e9versible ce qui doit l'\u00eatre, selon la forme des donn\u00e9es \u00e0 anonymiser (base de donn\u00e9es, documents textuels, etc.) et les risques identifi\u00e9s.", "importance": 0, "uuid": "19292c60-80ae-4713-8a32-ed2c7aaae607" }, { "code": "Anonymisation _03", "description": "Si ce qui doit \u00eatre anonymis\u00e9 ne peut l'\u00eatre de mani\u00e8re irr\u00e9versible, choisir les outils (suppression partielle, chiffrement, hachage, hachage \u00e0 cl\u00e9, index, etc.) qui satisfont le mieux possible les besoins fonctionnels.", "importance": 0, "uuid": "57800e17-0f6e-4480-a3d6-e44dd3998588" }, { "code": "Archivage_01", "description": "V\u00e9rifier que les processus de gestion des archives sont d\u00e9finis.", "importance": 0, "uuid": "9ef28197-0cb6-416d-afaf-7f9b24bfc431" }, { "code": "Archivage_02", "description": "V\u00e9rifier que les r\u00f4les en mati\u00e8re d'archivage sont identifi\u00e9s.", "importance": 0, "uuid": "edc6df06-9c0c-4247-9aee-f5794fadf4bd" }, { "code": "Archivage_03", "description": "V\u00e9rifier que les mesures prises permettent de garantir, si besoin, l'identification et l'authentification de l'origine des archives, l'int\u00e9grit\u00e9 des archives, l'intelligibilit\u00e9 et la lisibilit\u00e9 des archives, la dur\u00e9e de conservation des archives, la tra\u00e7abilit\u00e9 des op\u00e9rations effectu\u00e9es sur les archives (versement, consultation, migration, \u00e9limination, etc.), la disponibilit\u00e9 et l'accessibilit\u00e9 des archives, les compl\u00e9ter si ce n'est pas le cas.", "importance": 0, "uuid": "5acba894-3f1e-493a-8cb4-718d33522093" }, { "code": "Archivage_04", "description": "D\u00e9terminer les moyens de protection de la confidentialit\u00e9 des donn\u00e9es archiv\u00e9es selon les risques identifi\u00e9s.", "importance": 0, "uuid": "cebae15e-1aa4-480d-a39f-f35ff6001a6f" }, { "code": "Archivage_05", "description": "V\u00e9rifier que les autorit\u00e9s d'archivage disposent d'une politique d'archivage.", "importance": 0, "uuid": "bf78101a-0197-406f-b027-bd5f96751904" }, { "code": "Archivage_06", "description": "V\u00e9rifier qu'il existe une d\u00e9claration des pratiques d'archivage.", "importance": 0, "uuid": "28e18337-0c7a-49eb-8436-1f70b01372db" }, { "code": "Chiffrement_01", "description": "D\u00e9terminer ce qui doit \u00eatre chiffr\u00e9 (un disque dur entier, une partition, un conteneur , certains fichiers, des donn\u00e9es d'une base de donn\u00e9es, un canal de communication, etc.) selon la forme de stockage des donn\u00e9es, les risques identifi\u00e9s et les performances exig\u00e9es .", "importance": 0, "uuid": "d1491661-134b-41fc-aca3-74937d131809" }, { "code": "Chiffrement_02", "description": "Choisir le type de chiffrement (sym\u00e9trique ou asym\u00e9trique ) selon le contexte et les risques identifi\u00e9s.", "importance": 0, "uuid": "5692f3e1-db9a-4127-8ef8-4c48f1b119d1" }, { "code": "Chiffrement_03", "description": "Recourir \u00e0 des solutions de chiffrement bas\u00e9es sur des algorithmes publics r\u00e9put\u00e9s forts.", "importance": 0, "uuid": "6b541553-3b6c-4b3e-b904-33d08ba30a53" }, { "code": "Chiffrement_04", "description": "Mettre en place des mesures pour garantir la disponibilit\u00e9, l'int\u00e9grit\u00e9 et la confidentialit\u00e9 des \u00e9l\u00e9ments permettant de r\u00e9cup\u00e9rer des secrets perdus (mots de passe administrateurs, CD de recouvrement, etc.).", "importance": 0, "uuid": "c33fa90c-2f64-46ea-bebc-64adcc9312ea" }, { "code": "Chiffrement_05", "description": "N'employer une cl\u00e9 ou bicl\u00e9 de chiffrement que pour un seul usage.", "importance": 0, "uuid": "8fad8a50-3f94-4fda-a878-765bf475a13e" }, { "code": "Chiffrement_06", "description": "Formaliser la mani\u00e8re dont les cl\u00e9s de chiffrement vont \u00eatre g\u00e9r\u00e9es.", "importance": 0, "uuid": "f0d035bb-bddc-47b8-9d67-5f04fcaddbb9" }, { "code": "Chiffrement_07", "description": "Choisir un m\u00e9canisme de chiffrement reconnu par les organisations comp\u00e9tentes et qui dispose d'une preuve de s\u00e9curit\u00e9.", "importance": 0, "uuid": "0854a91c-8dda-492f-a1ec-f113146fd7fc" }, { "code": "Chiffrement_08", "description": "Mettre en place des m\u00e9canismes de v\u00e9rification des certificats \u00e9lectroniques.", "importance": 0, "uuid": "4c00cea1-76cb-4b4d-b5cd-a24e3e15a619" }, { "code": "Chiffrement_09", "description": "Prot\u00e9ger la s\u00e9curit\u00e9 de la g\u00e9n\u00e9ration et de l'utilisation des cl\u00e9s de chiffrement en coh\u00e9rence avec leur niveau dans la hi\u00e9rarchie des cl\u00e9s.", "importance": 0, "uuid": "0443fb22-930e-430f-a525-2268afbb4f35" }, { "code": "Chiffrement_10", "description": "[postes de travail] Privil\u00e9gier les dispositifs ne stockant pas les cl\u00e9s sur le mat\u00e9riel \u00e0 chiffrer sauf \u00e0 ce que celui-ci mette en oeuvre un dispositif de stockage s\u00e9curis\u00e9 (par exemple une puce TPM pour les ordinateurs portables).", "importance": 0, "uuid": "3c48c7fa-a0a7-4b9c-8c4e-94395f1e2ccf" }, { "code": "Chiffrement_11", "description": "[postes de travail] Chiffrer les donn\u00e9es au niveau du syst\u00e8me d'exploitation (chiffrement d'une partition, d'un r\u00e9pertoire ou d'un fichier) ou \u00e0 l'aide d'un logiciel sp\u00e9cialis\u00e9 (chiffrement d'un conteneur).", "importance": 0, "uuid": "cedcb402-1a1e-4796-b6ac-ad13a451731a" }, { "code": "Chiffrement_12", "description": "[bases de donn\u00e9es] Chiffrer l'espace de stockage (au niveau mat\u00e9riel, du syst\u00e8me d'exploitation ou de la base de donn\u00e9es) afin de se prot\u00e9ger d'un vol physique, de la donn\u00e9e elle-m\u00eame (chiffrement par l'application) afin de garantir la confidentialit\u00e9 de certaines donn\u00e9es vis-\u00e0-vis des administrateurs eux-m\u00eames. Le chiffrement par la base de donn\u00e9es peut dans le cas d'\u00e9quipes informatiques cloisonn\u00e9es permettre de rendre les donn\u00e9es uniquement accessibles des administrateurs de base de donn\u00e9es sans que les administrateurs syst\u00e8me y aient acc\u00e8s.", "importance": 0, "uuid": "8cc0ea9d-1af1-4311-a454-1ba757bbe022" }, { "code": "Chiffrement_13", "description": "[email] Chiffrer les fichiers stock\u00e9s ou les pi\u00e8ces \u00e0 joindre \u00e0 des courriers \u00e9lectroniques.", "importance": 0, "uuid": "22226bd6-bb16-4a2b-9c28-fe2775b71914" }, { "code": "Chiffrement_14", "description": "[email] Chiffrer les messages \u00e9lectroniques.", "importance": 0, "uuid": "9a562522-6788-46f2-89f3-5927a5954b83" }, { "code": "Chiffrement_15", "description": "[r\u00e9seaux] Chiffrer le canal de communication entre un serveur authentifi\u00e9 et un client distant.", "importance": 0, "uuid": "bd2c611c-fb9d-47c6-a2f5-5abe452dde48" }, { "code": "Cloisonnement_01", "description": "Identifier les seules donn\u00e9es utiles \u00e0 chaque processus m\u00e9tier.", "importance": 0, "uuid": "dedea729-0c56-41a9-a507-2648cf80d4c9" }, { "code": "Cloisonnement_02", "description": "S\u00e9parer logiquement les donn\u00e9es utiles \u00e0 chaque processus.", "importance": 0, "uuid": "c8a70a56-af4d-4cc0-b8de-dc73b8b36396" }, { "code": "Cloisonnement_03", "description": "V\u00e9rifier de mani\u00e8re r\u00e9guli\u00e8re que les donn\u00e9es sont bien cloisonn\u00e9es, et que des destinataires ou des interconnexions n'ont pas \u00e9t\u00e9 ajout\u00e9s.", "importance": 0, "uuid": "ffb3ad05-3d82-4d46-9bab-95e5ef88e27d" }, { "code": "Consentement_01", "description": "D\u00e9terminer et justifier les moyens pratiques qui vont \u00eatre mis en oeuvre pour obtenir le consentement des personnes concern\u00e9es ou justifier de l'impossibilit\u00e9 de les mettre en oeuvre.", "importance": 0, "uuid": "714cb101-0a63-42bf-9e95-18d0f60ac9c8" }, { "code": "Consentement_02", "description": "S'assurer que le traitement ne puisse pas \u00eatre mis en oeuvre sans consentement.", "importance": 0, "uuid": "1344a6be-8017-41ff-bcb2-7eaca1d7d7ca" }, { "code": "Consentement_03", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re libre.", "importance": 0, "uuid": "8b658ce9-e207-4fae-ba69-747f393fe8cb" }, { "code": "Consentement_04", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re \u00e9clair\u00e9e et transparente quant aux finalit\u00e9s du traitement.", "importance": 0, "uuid": "b0d8f199-46d7-4766-9c5b-ea7ccdfa1007" }, { "code": "Consentement_05", "description": "S'assurer que le consentement sera obtenu de mani\u00e8re sp\u00e9cifique \u00e0 une finalit\u00e9.", "importance": 0, "uuid": "5275ce0f-d24e-41b8-9058-d1b4e7ca851e" }, { "code": "Consentement_06", "description": "En cas de sous-traitance, encadrer les obligations de chacun dans un document \u00e9crit, explicite et accept\u00e9 des deux parties.", "importance": 0, "uuid": "2d7ac8b6-918d-436e-b7a8-f9e26ca5024e" }, { "code": "Consentement_07", "description": "Recueillir le consentement des parents pour les mineurs de moins de 13 ans.", "importance": 0, "uuid": "cf2a0e63-2440-4339-b080-318530142a38" }, { "code": "Consentement_08", "description": "Obtenir le consentement \u00e9clair\u00e9 et expr\u00e8s des personnes concern\u00e9es pr\u00e9alablement \u00e0 la mise en oeuvre du traitement, sauf dans le cas o\u00f9 le traitement repose sur une autre base l\u00e9gale ou que la loi pr\u00e9voit qu'il est interdit de collecter ou de traiter ces donn\u00e9es.", "importance": 0, "uuid": "ce24a3e2-a85c-4715-9754-062e27da56ae" }, { "code": "Consentement_09", "description": "[collecte de donn\u00e9es via un site Internet] Pr\u00e9voir un formulaire avec des cases \u00e0 cocher et qui ne sont pas coch\u00e9es par d\u00e9faut (dit \u00ab opt-in \u00bb).", "importance": 0, "uuid": "cdf6455d-9bda-431d-bd90-0473cf53bead" }, { "code": "Consentement_10", "description": "[collecte de donn\u00e9es via des cookies] Dans le cas o\u00f9 le cookie n'est pas strictement n\u00e9cessaire \u00e0 la fourniture du service express\u00e9ment demand\u00e9 par l'utilisateur, recueillir le consentement de l'internaute (ex : via une banni\u00e8re en haut d'une page web), une zone de demande de consentement en surimpression sur la page, des cases \u00e0 cocher lors de l'inscription \u00e0 un service en ligne, etc.) apr\u00e8s information de celui-ci et avant le d\u00e9p\u00f4t du cookie.", "importance": 0, "uuid": "46cd679f-1d55-49cd-afc3-220518f128b8" }, { "code": "Consentement_11", "description": "[collecte de donn\u00e9es via une application mobile] Recueillir le consentement de l'utilisateur au premier d\u00e9marrage de l'objet ou de l'application mobile.", "importance": 0, "uuid": "75482a90-c07c-40da-988b-22614e5a8394" }, { "code": "Consentement_12", "description": "[collecte de donn\u00e9es via une application mobile] Proposer un consentement segment\u00e9 par cat\u00e9gorie de donn\u00e9es ou types de traitement, en distinguant notamment le partage de donn\u00e9es avec d'autres utilisateurs ou avec des soci\u00e9t\u00e9s tierces.", "importance": 0, "uuid": "076d2004-99f5-4987-8deb-bfd17e6c1125" }, { "code": "Consentement_13", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de refuser qu'une application puisse le g\u00e9olocaliser de mani\u00e8re syst\u00e9matique.", "importance": 0, "uuid": "43e88dac-4872-43d0-8866-24ab14ef68bb" }, { "code": "Consentement_14", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de s\u00e9lectionner quelle application peut utiliser la g\u00e9olocalisation.", "importance": 0, "uuid": "3db56638-0ac3-45f4-b423-beb7c651b1ba" }, { "code": "Consentement_15", "description": "[g\u00e9olocalisation via un smartphone] Permettre \u00e0 l'usager de choisir quelles personnes peuvent acc\u00e9der \u00e0 l'information de g\u00e9olocalisation le concernant et avec quelle pr\u00e9cision.", "importance": 0, "uuid": "13923ace-5491-414e-8397-bd41fd92ebb1" }, { "code": "Consentement_16", "description": "[publicit\u00e9 cibl\u00e9e] Mettre \u00e0 disposition des utilisateurs des moyens simples et non payants pour accepter ou refuser la diffusion \u00e0 leur \u00e9gard de contenus publicitaires adapt\u00e9s \u00e0 leur comportement de navigation, et choisir les centres d'int\u00e9r\u00eat \u00e0 propos desquels ils souhaiteraient voir s'afficher des offres publicitaires adapt\u00e9es \u00e0 leurs souhaits.", "importance": 0, "uuid": "18ea7c10-06db-4457-b137-647cebe240b5" }, { "code": "Consentement_17", "description": "[recherches sur des pr\u00e9l\u00e8vements biologiques identifiants] Si les pr\u00e9l\u00e8vements sont conserv\u00e9s pour un traitement ult\u00e9rieur diff\u00e9rent du traitement initial, s'assurer \u00e9galement du consentement \u00e9clair\u00e9 et expr\u00e8s de la personne concern\u00e9e pour cet autre traitement.", "importance": 0, "uuid": "cd22d65f-2bb3-43df-98b2-929903a6628d" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_01", "description": "Identifier les donn\u00e9es dont l'int\u00e9grit\u00e9 doit \u00eatre contr\u00f4l\u00e9e selon les risques identifi\u00e9s.", "importance": 0, "uuid": "3cec2c97-10e1-4469-b168-df05844cb77b" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_02", "description": "Choisir un moyen de contr\u00f4ler l'int\u00e9grit\u00e9 selon le contexte, les risques appr\u00e9ci\u00e9s et la robustesse attendue.", "importance": 0, "uuid": "40e44f1d-650a-4fee-a79e-3088d695f836" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_03", "description": "D\u00e9finir le moment auquel la fonction est appliqu\u00e9e et celui o\u00f9 le contr\u00f4le d'int\u00e9grit\u00e9 doit \u00eatre effectu\u00e9 selon le d\u00e9roulement du processus m\u00e9tier.", "importance": 0, "uuid": "78f01fab-a9d9-44b6-8d86-c37c9be66ca4" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_04", "description": "Lorsque les donn\u00e9es sont envoy\u00e9es dans une base de donn\u00e9es, il est n\u00e9cessaire de mettre en place des mesures d'analyse permettant de pr\u00e9venir les attaques par injection SQL ou de scripts.", "importance": 0, "uuid": "9d0be52f-a03a-4807-94ff-8b930954c112" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_05", "description": "Utiliser un m\u00e9canisme de hachage reconnu par les organisations comp\u00e9tentes et qui dispose d'une preuve de s\u00e9curit\u00e9.", "importance": 0, "uuid": "98f3804b-00c7-4211-9474-680558ead2a0" }, { "code": "Contr\u00f4le d'int\u00e9grit\u00e9_06", "description": "Recourir \u00e0 des solutions de signature \u00e9lectronique bas\u00e9es sur des algorithmes publics r\u00e9put\u00e9s forts.", "importance": 0, "uuid": "623b84d7-b0cd-4716-9c17-5cb027b3e5d8" }, { "code": "Documents papier_01", "description": "Porter une mention visible et explicite sur chaque page des documents contenant des donn\u00e9es sensibles.", "importance": 0, "uuid": "1512c36f-aecc-4fa6-979a-a69e31932228" }, { "code": "Documents papier_02", "description": "Porter une mention visible et explicite dans les applications m\u00e9tiers permettant d'acc\u00e9der \u00e0 des donn\u00e9es et permettant de les imprimer.", "importance": 0, "uuid": "554dedff-298a-48e9-bf63-0b04f40a6515" }, { "code": "Documents papier_03", "description": "Choisir des supports papier et des proc\u00e9d\u00e9s d'impression appropri\u00e9s aux conditions de conservation (selon la dur\u00e9e de conservation, l'humidit\u00e9 ambiante, etc.).", "importance": 0, "uuid": "2186b63f-74b8-48d5-b019-aa553747da34" }, { "code": "Documents papier_04", "description": "R\u00e9cup\u00e9rer les documents imprim\u00e9s contenant des donn\u00e9es imm\u00e9diatement apr\u00e8s leur impression ou effectuer, lorsque c'est possible, une impression s\u00e9curis\u00e9.", "importance": 0, "uuid": "6a064432-95d1-4fc9-b6c2-c351c538c0a8" }, { "code": "Documents papier_05", "description": "Limiter la diffusion des documents papier contenant des donn\u00e9es qu'aux personnes ayant le besoin d'en disposer dans le cadre de leur activit\u00e9.", "importance": 0, "uuid": "49927122-8e47-45ee-a8e3-8f0c3601e5b1" }, { "code": "Documents papier_06", "description": "Stocker les documents papier contenant des donn\u00e9es dans un meuble s\u00e9curis\u00e9.", "importance": 0, "uuid": "5ac9f935-a1d4-47f6-968c-d4fcbd783608" }, { "code": "Documents papier_07", "description": "D\u00e9truire les documents papier contenant des donn\u00e9es et qui ne sont plus utiles \u00e0 l'aide d'un broyeur appropri\u00e9.", "importance": 0, "uuid": "c343cc7c-620c-4308-b71f-8d59c7bc71f4" }, { "code": "Documents papier_08", "description": "N'envoyer que les documents papier contenant des donn\u00e9es n\u00e9cessaires au traitement.", "importance": 0, "uuid": "948ebbc4-cd89-44e6-8592-5bf5809255b8" }, { "code": "Documents papier_09", "description": "Garder une trace pr\u00e9cise de la transmission des documents papier contenant des donn\u00e9es.", "importance": 0, "uuid": "ca01e8c9-4113-444b-9493-5a62afb087eb" }, { "code": "Documents papier_10", "description": "Choisir un canal de transmission adapt\u00e9 aux risques et \u00e0 la fr\u00e9quence de transmission.", "importance": 0, "uuid": "b7c9c6fb-abbb-49f3-b5a8-f12fab7bacae" }, { "code": "Documents papier_11", "description": "Am\u00e9liorer la confiance envers le transporteur de documents papier contenant des donn\u00e9es.", "importance": 0, "uuid": "511f7037-7fbe-41e5-80b3-2acb6a34cb3b" }, { "code": "Documents papier_12", "description": "Prot\u00e9ger les documents papier contenant des donn\u00e9es.", "importance": 0, "uuid": "da589b18-e850-4576-a779-d27024dd91f0" }, { "code": "Droit \u00e0 la limitation et d'opposition_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit d'opposition. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches \u00e0 effectuer ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais.", "importance": 0, "uuid": "7bd7ed97-ee93-422a-a1f2-4703f5a7ea7c" }, { "code": "Droit \u00e0 la limitation et d'opposition_02", "description": "S'assurer que le droit d'opposition pourra toujours s'exercer et que les donn\u00e9es collect\u00e9es et trait\u00e9es permettent effectivement l'exercice du droit d'opposition.", "importance": 0, "uuid": "ed0341d5-b5e0-4989-9084-07bfa7668941" }, { "code": "Droit \u00e0 la limitation et d'opposition_03", "description": "S'assurer que \u00ab l'int\u00e9ress\u00e9 est mis en mesure d'exprimer son choix avant la validation d\u00e9finitive de ses r\u00e9ponses \u00bb.", "importance": 0, "uuid": "ed324770-7b66-4a5c-95cd-b2cc34f85cdb" }, { "code": "Droit \u00e0 la limitation et d'opposition_04", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites sur place permettent de s'assurer de l'identit\u00e9 des demandeurs et des personnes qu'ils peuvent mandater.", "importance": 0, "uuid": "9e2762fd-b530-46b1-a438-b2a40c7d4f3d" }, { "code": "Droit \u00e0 la limitation et d'opposition_05", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites par voie postale sont sign\u00e9es et accompagn\u00e9es de la photocopie d'un titre d'identit\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9e sauf en cas de besoin de conserver une preuve) et qu'elles pr\u00e9cisent l'adresse \u00e0 laquelle doit parvenir la r\u00e9ponse.", "importance": 0, "uuid": "da19be7b-85b1-4ace-85c1-95a5cfddcf01" }, { "code": "Droit \u00e0 la limitation et d'opposition_06", "description": "V\u00e9rifier que les demandes d'exercice du droit d'opposition faites par voie \u00e9lectronique (en utilisant un canal chiffr\u00e9 si la transmission se fait via Internet) sont accompagn\u00e9es d'un titre d'identit\u00e9 num\u00e9ris\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9 sauf en cas de besoin de conservation d'une preuve, et ce, en noir et blanc, en faible d\u00e9finition et sous la forme d'un fichier chiffr\u00e9).", "importance": 0, "uuid": "80bac0dc-0f02-411f-885b-1d9be6939426" }, { "code": "Droit \u00e0 la limitation et d'opposition_07", "description": "S'assurer que le motif l\u00e9gitime des personnes exer\u00e7ant leur droit d'opposition est fourni et appr\u00e9ci\u00e9 (sauf dans le cas de la prospection et des traitements ayant pour fin la recherche dans le domaine de la sant\u00e9, pour lesquels la personne dispose d'un droit d'opposition discr\u00e9tionnaire).", "importance": 0, "uuid": "b581b87b-6219-4c82-8a2f-b1e98b7eea66" }, { "code": "Droit \u00e0 la limitation et d'opposition_08", "description": "S'assurer que tous les destinataires du traitement seront inform\u00e9s des oppositions exerc\u00e9es par des personnes concern\u00e9es.", "importance": 0, "uuid": "866d2956-dd3b-46ee-b2bc-a41d572179d2" }, { "code": "Droit \u00e0 la limitation et d'opposition_09", "description": "[traitement par t\u00e9l\u00e9phone] Pr\u00e9voir un m\u00e9canisme permettant aux personnes concern\u00e9es de signifier leur opposition \u00e0 l'aide du t\u00e9l\u00e9phone.", "importance": 0, "uuid": "8e98bc8a-ce48-415a-9568-3428a13b3616" }, { "code": "Droit \u00e0 la limitation et d'opposition_10", "description": "[traitement par formulaire \u00e9lectronique] Cr\u00e9er un formulaire, facilement accessible, avec des cases \u00e0 d\u00e9cocher (dit \u00ab opt-out \u00bb) ou pr\u00e9voir la possibilit\u00e9 de se d\u00e9sinscrire d'un service (suppression de compte).", "importance": 0, "uuid": "2d59e2ad-27de-4939-896e-30beb57ad2e3" }, { "code": "Droit \u00e0 la limitation et d'opposition_11", "description": "[traitement par courrier \u00e9lectronique] S'assurer que l'exp\u00e9diteur des messages appara\u00eet tr\u00e8s clairement.", "importance": 0, "uuid": "065ce986-8708-4c0c-9daf-5714ceec2e49" }, { "code": "Droit \u00e0 la limitation et d'opposition_12", "description": "[traitement par courrier \u00e9lectronique] S'assurer que le corps des messages est en rapport avec le sujet des messages.", "importance": 0, "uuid": "551dec70-2bb3-4113-846c-690e82881a60" }, { "code": "Droit \u00e0 la limitation et d'opposition_13", "description": "[traitement par courrier \u00e9lectronique] Pr\u00e9voir une opposition en r\u00e9pondant au message ou en cliquant sur un lien permettant de s'opposer. La personne ne doit pas avoir besoin de s'authentifier pour \u00eatre d\u00e9sinscrite.", "importance": 0, "uuid": "e13b23d5-65bc-4ebe-aa41-d98b6efaca5d" }, { "code": "Droit \u00e0 la limitation et d'opposition_14", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Proposer des param\u00e8tres \u00ab Vie priv\u00e9e \u00bb dans les applications mobiles.", "importance": 0, "uuid": "228ef7b0-3a31-484e-9840-c56e1e2903ec" }, { "code": "Droit \u00e0 la limitation et d'opposition_15", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Permettre \u00e0 l'utilisateur de l'application mobile de s'opposer \u00e0 la collecte de donn\u00e9es particuli\u00e8res.", "importance": 0, "uuid": "e8554843-c50b-496f-bbf2-b6de7a9c9efc" }, { "code": "Droit \u00e0 la limitation et d'opposition_16", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Prendre en compte les utilisateurs mineurs.", "importance": 0, "uuid": "e7b9a183-4b66-46e1-b308-4b4236e65845" }, { "code": "Droit \u00e0 la limitation et d'opposition_17", "description": "[traitement par un objet connect\u00e9 ou une application mobile] Arr\u00eater effectivement toute collecte de donn\u00e9es si l'utilisateur retire son consentement.", "importance": 0, "uuid": "8813246d-90df-4a98-a2a5-abbfae9396c6" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit d'acc\u00e8s. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois (un mois dans le cadre du RGPD) pour des donn\u00e9es, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais exc\u00e9dant le co\u00fbt de la reproduction.", "importance": 0, "uuid": "2cb24716-0d53-4c63-858b-cf6324205306" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_02", "description": "S'assurer que le droit d'acc\u00e8s pourra toujours s'exercer.", "importance": 0, "uuid": "178520c6-b3ac-4d08-904c-b1c78b244c32" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_03", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites sur place permettent de s'assurer de l'identit\u00e9 des demandeurs et des personnes qu'ils peuvent mandater.", "importance": 0, "uuid": "95f5461d-4f4c-4371-b20f-f2f70f26f8f9" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_04", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites par voie postale sont sign\u00e9es et accompagn\u00e9es de la photocopie d'un titre d'identit\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9e sauf en cas de besoin de conserver une preuve) et qu'elles pr\u00e9cisent l'adresse \u00e0 laquelle doit parvenir la r\u00e9ponse.", "importance": 0, "uuid": "a453a528-9893-461c-ade1-e338f24ba34b" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_05", "description": "V\u00e9rifier que les demandes d'exercice du droit d'acc\u00e8s faites par voie \u00e9lectronique (en utilisant un canal chiffr\u00e9 si la transmission se fait via Internet) sont accompagn\u00e9es d'un titre d'identit\u00e9 num\u00e9ris\u00e9 (qui ne devrait pas \u00eatre conserv\u00e9 sauf en cas de besoin de conservation d'une preuve, et ce, en noir et blanc, en faible d\u00e9finition et sous la forme d'un fichier chiffr\u00e9).", "importance": 0, "uuid": "f4841bb7-12d6-445c-affb-4414a91c1f73" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_06", "description": "S'assurer de la possibilit\u00e9 de fournir toutes les informations qui peuvent \u00eatre demand\u00e9es par les personnes concern\u00e9es, tout en prot\u00e9geant les donn\u00e9es des tiers.", "importance": 0, "uuid": "20826216-5939-47a0-8363-b11c050be8e0" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_07", "description": "[dossiers m\u00e9dicaux] Communiquer les informations au plus tard dans les huit jours suivant la demande et dans les deux mois si les informations remontent \u00e0 plus de cinq ans (\u00e0 compter de la date \u00e0 laquelle l'information m\u00e9dicale a \u00e9t\u00e9 constitu\u00e9e).", "importance": 0, "uuid": "b870e46f-3bb8-42bc-ac50-7bf66371d346" }, { "code": "Droit d'acc\u00e8s et \u00e0 la portabilit\u00e9_08", "description": "[dossiers m\u00e9dicaux] Permettre l'exercice du droit d'acc\u00e8s par les titulaires de l'autorit\u00e9 parentale, pour les mineurs, ou le repr\u00e9sentant l\u00e9gal, pour les personnes faisant l'objet d'une mesure de tutelle.", "importance": 0, "uuid": "24e51c4d-4249-4473-9e0f-1093b49360d0" }, { "code": "Droit de rectification et d'effacement_01", "description": "D\u00e9terminer les moyens pratiques qui vont \u00eatre mis en oeuvre pour permettre l'exercice du droit de rectification. Ce droit doit pouvoir \u00eatre exerc\u00e9 le plus rapidement possible, sans jamais exc\u00e9der deux mois, dans une forme similaire \u00e0 celle du traitement (voie postale et/ou voie \u00e9lectronique). En outre, les d\u00e9marches \u00e0 effectuer ne doivent pas d\u00e9courager les personnes concern\u00e9es et ne doivent pas leur occasionner de frais.", "importance": 0, "uuid": "9ee6c61b-4ef7-4e88-81ed-ae1bd08e4452" }, { "code": "Droit de rectification et d'effacement_02", "description": "S'assurer que le droit de rectification pourra toujours s'exercer.", "importance": 0, "uuid": "f8495542-f8f0-4067-ac16-a74d560ebfef" }, { "code": "Droit de rectification et d'effacement_03", "description": "S'assurer que le droit d'effacement pourra toujours s'exercer.", "importance": 0, "uuid": "4e1e8d6e-6db0-4f3b-8243-66c3368e6ed1" }, { "code": "Droit de rectification et d'effacement_04", "description": "S'assurer que l'identit\u00e9 des demandeurs va \u00eatre v\u00e9rifi\u00e9e.", "importance": 0, "uuid": "ebd8e891-cab9-45bd-9ba0-d52fc5a5ba97" }, { "code": "Droit de rectification et d'effacement_05", "description": "S'assurer que la v\u00e9racit\u00e9 des rectifications demand\u00e9es sera v\u00e9rifi\u00e9e.", "importance": 0, "uuid": "bf9dfd20-0e6a-423e-8f34-8fc14849cae4" }, { "code": "Droit de rectification et d'effacement_06", "description": "S'assurer de l'effacement effectif des donn\u00e9es \u00e0 supprimer.", "importance": 0, "uuid": "a2d7b18a-0192-48ca-baee-c2c2ad992e13" }, { "code": "Droit de rectification et d'effacement_07", "description": "S'assurer qu'une confirmation sera fournie aux demandeurs.", "importance": 0, "uuid": "a641888a-64ba-41d6-81a1-5cad2f59fba6" }, { "code": "Droit de rectification et d'effacement_08", "description": "S'assurer que les destinataires \u00e0 qui des donn\u00e9es auraient \u00e9t\u00e9 transmises seront inform\u00e9s des rectifications faites.", "importance": 0, "uuid": "7e5943e7-1779-4b96-adca-28408d3a5dc2" }, { "code": "Droit de rectification et d'effacement_09", "description": "Suite \u00e0 une demande d'effacement, pr\u00e9ciser \u00e0 l'utilisateur si des donn\u00e9es personnelles seront conserv\u00e9es malgr\u00e9 tout (contraintes techniques, obligations l\u00e9gales, etc.).", "importance": 0, "uuid": "ee24573b-5e0a-4afc-9049-4aeb14fac625" }, { "code": "Droit de rectification et d'effacement_10", "description": "Mettre en oeuvre le droit \u00e0 l'oubli pour les mineurs.", "importance": 0, "uuid": "05313636-e285-4da0-ad31-7d581a0cd21c" }, { "code": "Droit de rectification et d'effacement_11", "description": "[publicit\u00e9 cibl\u00e9e en ligne] Pr\u00e9voir un acc\u00e8s par la personne aux centres d'int\u00e9r\u00eat \u00e9tablis pour son profil et la possibilit\u00e9 de les modifier. L'authentification de la personne peut se faire sur la base des informations utilis\u00e9es pour acc\u00e9der \u00e0 son compte ou sur la base du cookie (ou \u00e9quivalent) pr\u00e9sent sur son poste.", "importance": 0, "uuid": "b3e8c9d9-f85e-4a82-b6af-a03acee7ff49" }, { "code": "Dur\u00e9es de conservation_01", "description": "D\u00e9finir, pour chaque cat\u00e9gorie de donn\u00e9es, des dur\u00e9es de conservation limit\u00e9es dans le temps et en ad\u00e9quation avec la finalit\u00e9 du traitement et/ou des contraintes l\u00e9gales.", "importance": 0, "uuid": "21b3119e-23cd-4616-ac86-ec3bfd6e1e0b" }, { "code": "Dur\u00e9es de conservation_02", "description": "V\u00e9rifier que le traitement permet de d\u00e9tecter la fin de la dur\u00e9e de conservation (mettre en place un m\u00e9canisme automatique bas\u00e9 sur la date de cr\u00e9ation des donn\u00e9es ou de leur dernier usage).", "importance": 0, "uuid": "2ea0ebdd-01da-48a5-bdba-f13fce7426ea" }, { "code": "Dur\u00e9es de conservation_03", "description": "V\u00e9rifier que le traitement permet de supprimer les donn\u00e9es en fin de dur\u00e9e de conservation et que le moyen choisi pour les supprimer est appropri\u00e9 aux risques qui p\u00e8sent sur la vie priv\u00e9e des personnes concern\u00e9es.", "importance": 0, "uuid": "c1c6c1cb-65fd-4415-9a03-2e133cc730f4" }, { "code": "Dur\u00e9es de conservation_04", "description": "Une fois la dur\u00e9e de conservation atteinte, sous r\u00e9serve de l'archivage interm\u00e9diaire pour les donn\u00e9es qui le n\u00e9cessitent, supprimer les donn\u00e9es sans d\u00e9lai.", "importance": 0, "uuid": "e43d69d6-3c04-411e-adc7-e5b4f9067694" }, { "code": "Environnemental_01", "description": "Placer les produits dangereux (inflammables, combustibles, corrosifs, explosifs, a\u00e9rosols, humides, etc.) dans des lieux de stockage appropri\u00e9s et \u00e9loign\u00e9s de ceux o\u00f9 sont trait\u00e9es des donn\u00e9es.", "importance": 0, "uuid": "3c0eeef6-e291-4877-8f5d-6059880514a9" }, { "code": "Environnemental_02", "description": "\u00c9viter les zones g\u00e9ographiques dangereuses (zones inondables, proximit\u00e9 d'a\u00e9roports, zones d'industries chimiques, zones sismiques, zones volcaniques, etc.).", "importance": 0, "uuid": "fac6dd31-c831-4665-b3e7-8ead3e3b82a5" }, { "code": "Environnemental_03", "description": "Ne pas stocker les donn\u00e9es dans un \u00e9tat \u00e9tranger sauf s'il existe des garanties permettant d'assurer un niveau de protection des donn\u00e9es suffisant.", "importance": 0, "uuid": "e64271a6-ab78-442c-851d-cfddbabd6f7c" }, { "code": "Exploitation_01", "description": "Documenter les proc\u00e9dures d'exploitation, les tenir \u00e0 jour et les communiquer \u00e0 tous les utilisateurs concern\u00e9s (toute action sur le syst\u00e8me, qu'il s'agisse d'op\u00e9rations d'administration ou de la simple utilisation d'une application, doit \u00eatre expliqu\u00e9e dans des documents auxquels les utilisateurs peuvent se r\u00e9f\u00e9rer).", "importance": 0, "uuid": "05dd9f8d-9c84-456c-9b93-17002e38cb67" }, { "code": "Exploitation_02", "description": "Tenir \u00e0 jour un inventaire des logiciels et mat\u00e9riels utilis\u00e9s en exploitation.", "importance": 0, "uuid": "dc3c264f-b898-41ea-949e-3aff913e45a7" }, { "code": "Exploitation_03", "description": "R\u00e9aliser une veille sur vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les logiciels (y compris les firmwares) utilis\u00e9s en exploitation, et les corriger d\u00e8s que possible.", "importance": 0, "uuid": "a65cce3e-6ca4-460c-975b-878ea60f1663" }, { "code": "Exploitation_04", "description": "Formaliser les proc\u00e9dures de mises \u00e0 jour mat\u00e9rielles et logicielles.", "importance": 0, "uuid": "690cc289-f2f6-4920-8056-73c61ebb7b26" }, { "code": "Exploitation_05", "description": "Interdire l'usage des serveurs de production (serveurs de base de donn\u00e9es, serveur web, serveur de messagerie, etc.) pour d'autres fins que celles pr\u00e9vues initialement.", "importance": 0, "uuid": "3202bc26-de65-40cf-a46c-286ee8dfac1b" }, { "code": "Exploitation_06", "description": "Utiliser des unit\u00e9s de stockage de donn\u00e9es utilisant des m\u00e9canismes de redondance mat\u00e9rielle (tel que le RAID), ou bien des m\u00e9canismes de duplication des donn\u00e9es entre plusieurs serveurs et/ou sites.", "importance": 0, "uuid": "86b75046-44bb-485c-aba2-1a7ee41c02c7" }, { "code": "Exploitation_07", "description": "V\u00e9rifier que le dimensionnement des capacit\u00e9s de stockage et de calcul est suffisant pour assurer le fonctionnement correct des traitements, m\u00eame en cas de pic d'activit\u00e9.", "importance": 0, "uuid": "9f0ee3ea-d5e8-43db-a10d-71de859a9720" }, { "code": "Exploitation_08", "description": "V\u00e9rifier que les conditions physiques d'h\u00e9bergement (temp\u00e9rature, humidit\u00e9, fourniture d'\u00e9nergie, etc.) sont appropri\u00e9es \u00e0 l'usage pr\u00e9vu des mat\u00e9riels, et incluent des m\u00e9canismes de secours (onduleur et/ou alimentation de secours et/ou groupe \u00e9lectrog\u00e8ne).", "importance": 0, "uuid": "860fcb9f-407b-4cdb-8bc8-e1b49f2ee7af" }, { "code": "Exploitation_09", "description": "Limiter l'acc\u00e8s physique aux mat\u00e9riels sensibles et/ou qui ont une grande valeur marchande.", "importance": 0, "uuid": "4c7a25c3-9402-4547-83d2-7711f1bb47a9" }, { "code": "Exploitation_10", "description": "Limiter les possibilit\u00e9s de modification des mat\u00e9riels.", "importance": 0, "uuid": "bf12c3b9-987b-4fe1-a2e0-3fdae3a93cb4" }, { "code": "Exploitation_11", "description": "Pr\u00e9voir un Plan de Reprise d'Activit\u00e9 (PRA) ou un Plan de Continuit\u00e9 d'Activit\u00e9 (PCA), en fonction des objectifs de disponibilit\u00e9 des traitements mis en oeuvre.", "importance": 0, "uuid": "b60140df-0bd7-428e-a348-f673449c258b" }, { "code": "Exploitation_12", "description": "Mettre en place une proc\u00e9dure de gestion des incidents de s\u00e9curit\u00e9 permettant de les d\u00e9tecter, les enregistrer, les qualifier et les traiter.", "importance": 0, "uuid": "13b05332-8b7f-40fb-bbea-164bc1e2b3f6" }, { "code": "Finalit\u00e9_01", "description": "D\u00e9tailler les finalit\u00e9s de traitement des donn\u00e9es et justifier leur l\u00e9gitimit\u00e9.", "importance": 0, "uuid": "2c9a3e94-058c-459d-90d7-a79d4f0f9db2" }, { "code": "Finalit\u00e9_02", "description": "Expliciter les finalit\u00e9s de partage avec des tiers ainsi que les finalit\u00e9s de traitement de donn\u00e9es pour l'am\u00e9lioration du service.", "importance": 0, "uuid": "60dfb6f8-6482-4b93-ad42-db9b6d7311aa" }, { "code": "Finalit\u00e9_03", "description": "Expliciter les modalit\u00e9s particuli\u00e8res du traitement, en pr\u00e9cisant notamment les croisements de donn\u00e9es s'il y a lieu.", "importance": 0, "uuid": "ada21354-1cd6-4738-831d-aa3168f7a2e3" }, { "code": "Fondement_01", "description": "D\u00e9terminer et justifier le crit\u00e8re de lic\u00e9it\u00e9 qui s'applique au traitement de donn\u00e9es.", "importance": 0, "uuid": "11c0774f-789a-4b87-a668-7723fcb5e02e" }, { "code": "Formalit\u00e9s pr\u00e9alables_01", "description": "V\u00e9rifier que le traitement de donn\u00e9es est effectivement conforme \u00e0 la finalit\u00e9 d\u00e9clar\u00e9e.", "importance": 0, "uuid": "a04441de-c785-4997-868d-d3df75d6a4df" }, { "code": "Formalit\u00e9s pr\u00e9alables_02", "description": "R\u00e9aliser une \u00e9tude d'impact sur la vie priv\u00e9e (EIVP ou PIA) et le faire valider.", "importance": 0, "uuid": "f4a0cca8-e784-44d5-b695-3e9676724678" }, { "code": "Formalit\u00e9s pr\u00e9alables_03", "description": "Consulter l'autorit\u00e9 de contr\u00f4le si les risques r\u00e9siduels, \u00e0 l'issue d' une \u00e9tude d'impact sur la vie priv\u00e9e, sont importants, selon l'article 36 du r\u00e8glement g\u00e9n\u00e9ral sur la protection des donn\u00e9es (RGPD).", "importance": 0, "uuid": "662a2926-8deb-4ebf-835e-7d0c7bc7b826" }, { "code": "Formalit\u00e9s pr\u00e9alables_04", "description": "R\u00e9aliser les autres formalit\u00e9s sectorielles et contractuelles applicables au traitement (par exemple, formalit\u00e9s li\u00e9es \u00e0 d'autres codes et r\u00e8glements, contrat avec une source externe de donn\u00e9es, etc.).", "importance": 0, "uuid": "0c96d60f-1d8e-4a67-92a9-9d24997d34a8" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_01", "description": "D\u00e9finir les r\u00f4les et responsabilit\u00e9s des parties prenantes, ainsi que les proc\u00e9dures de remont\u00e9es d'informations et de r\u00e9action, en cas de violation de donn\u00e9es.", "importance": 0, "uuid": "900e1886-88c0-4a84-9a94-0d2dec073482" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_02", "description": "\u00c9tablir un annuaire des personnes en charge de g\u00e9rer les violations de donn\u00e9es.", "importance": 0, "uuid": "9f095104-f66d-42ca-906a-2f104c937265" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_03", "description": "\u00c9laborer un plan de r\u00e9action en cas de violation de donn\u00e9es pour chaque risque \u00e9lev\u00e9, le tenir \u00e0 jour et le tester p\u00e9riodiquement.", "importance": 0, "uuid": "4feb5fb9-0316-4653-99a1-b41d47825205" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_04", "description": "Permettre de qualifier les violations de donn\u00e9es selon leur impact sur la vie priv\u00e9e des personnes concern\u00e9es.", "importance": 0, "uuid": "0c84b441-a79b-4747-a9e1-358cc21ffb2f" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_05", "description": "Traiter les \u00e9v\u00e8nements selon leur qualification (\u00e9v\u00e8nement, incident, sinistre, crise, etc.).", "importance": 0, "uuid": "6f9d9a9a-600e-40fb-862f-4e6d3f6e7f45" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_06", "description": "Tenir \u00e0 jour une documentation des violations de donn\u00e9es.", "importance": 0, "uuid": "113e65f1-51b1-481d-89c4-0d2167db3d35" }, { "code": "Gestion des incidents et des violations de donn\u00e9es_07", "description": "\u00c9tudier la possibilit\u00e9 d'am\u00e9liorer les mesures de s\u00e9curit\u00e9 en fonction des violations de donn\u00e9es qui ont eu lieu.", "importance": 0, "uuid": "b01b9ad8-c2ef-42f4-b4ac-be1bc06203d4" }, { "code": "Gestion des personnels_01", "description": "V\u00e9rifier que les personnes ayant acc\u00e8s aux donn\u00e9es et au traitement sont aptes \u00e0 exercer leur fonction.", "importance": 0, "uuid": "37bb5c77-1212-462b-9c7d-f6e84290c2ea" }, { "code": "Gestion des personnels_02", "description": "S'assurer que les conditions de travail des personnes ayant acc\u00e8s aux donn\u00e9es et au traitement sont satisfaisantes.", "importance": 0, "uuid": "ab831b8f-d2a2-4c16-99d6-3510c1c6923b" }, { "code": "Gestion des personnels_03", "description": "Sensibiliser les personnes ayant acc\u00e8s aux donn\u00e9es et au traitement aux risques li\u00e9s \u00e0 l'exploitation de leurs vuln\u00e9rabilit\u00e9s.", "importance": 0, "uuid": "1b67a440-471e-450e-a90d-799670a16333" }, { "code": "Gestion des projets_01", "description": "Utiliser une d\u00e9marche de gestion des risques d\u00e8s l'\u00e9laboration d'un service ou la conception d'une application.", "importance": 0, "uuid": "656dbbb9-a017-4a8c-b92c-2755f8bb303b" }, { "code": "Gestion des projets_02", "description": "Privil\u00e9gier le recours \u00e0 des labels de confiance dans les domaines de la SSI et la protection des donn\u00e9es personnelles (proc\u00e9dures, produits, syst\u00e8mes de management, organismes, personnes, etc.).", "importance": 0, "uuid": "9ea3fc0a-f56b-4e33-a78a-2be467a6ea29" }, { "code": "Gestion des projets_03", "description": "Privil\u00e9gier le recours \u00e0 des r\u00e9f\u00e9rentiels \u00e9prouv\u00e9s et reconnus.", "importance": 0, "uuid": "14d0e0b8-2313-4401-9111-60e3301cacf2" }, { "code": "Gestion des projets_04", "description": "Effectuer les formalit\u00e9s aupr\u00e8s de l'autorit\u00e9 de contr\u00f4le avant le lancement d'un nouveau traitement.", "importance": 0, "uuid": "43f8343d-5c13-41fc-aa1e-047ede81f29d" }, { "code": "Gestion des projets_05", "description": "[acquisitions de logiciels] V\u00e9rifier que les d\u00e9veloppeurs et les mainteneurs disposent des ressources suffisantes pour ma\u00eetriser leurs actions.", "importance": 0, "uuid": "80759e48-4710-45f8-b416-afe17878b7a2" }, { "code": "Gestion des projets_06", "description": "[acquisitions de logiciels] Privil\u00e9gier les applications interop\u00e9rables et ergonomiques.", "importance": 0, "uuid": "934e5306-bd2e-4f8b-bdb4-33e26bd9ef67" }, { "code": "Gestion des projets_07", "description": "[acquisitions de logiciels] Effectuer les d\u00e9veloppements informatiques dans un environnement informatique distinct de celui de la production.", "importance": 0, "uuid": "e6502e29-d199-40d9-8a51-b343fca3b0cb" }, { "code": "Gestion des projets_08", "description": "[acquisitions de logiciels] Prot\u00e9ger la disponibilit\u00e9, l'int\u00e9grit\u00e9 et si besoin la confidentialit\u00e9 des codes sources.", "importance": 0, "uuid": "1a4fc4a7-5c98-4081-8c8f-3488ff593960" }, { "code": "Gestion des projets_09", "description": "[acquisitions de logiciels] Imposer des formats de saisie et d'enregistrement des donn\u00e9es qui minimisent les donn\u00e9es collect\u00e9es.", "importance": 0, "uuid": "4e40b7a9-b487-47e0-acf5-f45f71f38f44" }, { "code": "Gestion des projets_10", "description": "[acquisitions de logiciels] S'assurer que les formats de donn\u00e9es sont compatibles avec la mise en oeuvre d'une dur\u00e9e de conservation.", "importance": 0, "uuid": "a8923625-8999-44a0-a3b7-9bcead357b55" }, { "code": "Gestion des projets_11", "description": "[acquisitions de logiciels] Int\u00e9grer le contr\u00f4le d'acc\u00e8s aux donn\u00e9es par des cat\u00e9gories d'utilisateurs au moment du d\u00e9veloppement.", "importance": 0, "uuid": "5eb06b3b-9b41-4090-8ce1-b3874699f862" }, { "code": "Gestion des projets_12", "description": "[acquisitions de logiciels] \u00c9viter le recours \u00e0 des zones de texte libre, et si de telles zones sont requises, faire appara\u00eetre soit en filigrane, soit comme texte pr\u00e9rempli s'effa\u00e7ant sit\u00f4t que l'utilisateur d\u00e9cide d'\u00e9crire dans la zone, les mentions suivantes : \u00ab Les personnes disposent d'un droit d'acc\u00e8s aux informations contenues dans cette zone de texte. Les informations que vous y inscrivez doivent \u00eatre PERTINENTES au regard du contexte. Elles ne doivent pas comporter d'appr\u00e9ciation subjective ni faire appara\u00eetre, \"directement ou indirectement les origines raciales ou ethniques, les opinions politiques, philosophiques ou religieuses ou l'appartenance syndicale des personnes, ou qui sont relatives \u00e0 la sant\u00e9 ou \u00e0 la vie sexuelles de celles-ci\" \u00bb.", "importance": 0, "uuid": "a03ca1c2-c087-44b5-81e4-751c296ff051" }, { "code": "Gestion des projets_13", "description": "[acquisitions de logiciels] Interdire l'utilisation de donn\u00e9es r\u00e9elles avant la mise en op\u00e9ration, et les anonymiser si n\u00e9cessaire.", "importance": 0, "uuid": "922ab9c2-d9d1-486e-bc68-14636b70544c" }, { "code": "Gestion des projets_14", "description": "[acquisitions de logiciels] V\u00e9rifier que les logiciels fonctionnent correctement et conform\u00e9ment lors de la recette.", "importance": 0, "uuid": "5dd3704d-5f27-43dd-945c-94a42b69bf2a" }, { "code": "Gestion des risques_01", "description": "Recenser les traitements de donn\u00e9es \u00e0 caract\u00e8re personnel, automatis\u00e9s ou non, les donn\u00e9es trait\u00e9es (ex : fichiers client, contrats) et les supports sur lesquels ils reposent.", "importance": 0, "uuid": "31b39fb1-84e9-407c-ade5-c59aac597e8a" }, { "code": "Gestion des risques_02", "description": "\u00c9valuer la mani\u00e8re dont les principes fondamentaux (information, consentement, droit d'acc\u00e8s...) sont respect\u00e9s.", "importance": 0, "uuid": "a6e56295-2436-4a4c-823d-eaf42b481a36" }, { "code": "Gestion des risques_03", "description": "Appr\u00e9cier les risques de chaque traitement.", "importance": 0, "uuid": "f73a7ecb-79f4-4319-8041-7c60cd642cce" }, { "code": "Gestion des risques_04", "description": "Mettre en oeuvre et v\u00e9rifier les mesures pr\u00e9vues. Si les mesures existantes et pr\u00e9vues sont jug\u00e9es comme appropri\u00e9es afin de garantir un niveau de s\u00e9curit\u00e9 adapt\u00e9 aux risques, il convient de s'assurer qu'elles soient appliqu\u00e9es et contr\u00f4l\u00e9es.", "importance": 0, "uuid": "ba370be8-68f2-41f3-b39c-a2d4fa56ed3c" }, { "code": "Gestion des risques_05", "description": "Faire r\u00e9aliser des audits de s\u00e9curit\u00e9 p\u00e9riodiques, si possible annuels. Chaque audit devrait donner lieu \u00e0 un plan d'action dont la mise en oeuvre devrait \u00eatre suivie au plus haut niveau de l'organisme.", "importance": 0, "uuid": "01d93bc9-1176-41f4-b8d2-0fba0e6721fc" }, { "code": "Gestion des risques_06", "description": "Ajuster la cartographie \u00e0 chaque \u00e9volution majeure et de mani\u00e8re p\u00e9riodique.", "importance": 0, "uuid": "f4ed6a9b-3efa-464c-a7e5-ac416537614c" }, { "code": "Information des personnes concern\u00e9es_01", "description": "D\u00e9terminer et justifier les moyens pratiques qui vont \u00eatre mis en oeuvre pour informer les personnes concern\u00e9es, ou justifier de l'impossibilit\u00e9 de leur mise en oeuvre.", "importance": 0, "uuid": "56e9a1bb-3ed4-4b74-92a3-63da11d9d12e" }, { "code": "Information des personnes concern\u00e9es_02", "description": "S'assurer que l'information sera r\u00e9alis\u00e9e de mani\u00e8re compl\u00e8te, claire et adapt\u00e9e au public vis\u00e9, en fonction de la nature des donn\u00e9es et des moyens pratiques choisis.", "importance": 0, "uuid": "78255ed3-a07e-4082-84b8-255c3e7218a3" }, { "code": "Information des personnes concern\u00e9es_03", "description": "S'assurer que l'information sera r\u00e9alis\u00e9e au plus tard au moment o\u00f9 seront collect\u00e9es les donn\u00e9es.", "importance": 0, "uuid": "4cf842f7-8d29-46eb-9f69-58b9f451cb4c" }, { "code": "Information des personnes concern\u00e9es_04", "description": "S'assurer que la collecte ne puisse pas \u00eatre effectu\u00e9e sans information.", "importance": 0, "uuid": "81719522-7886-4bbb-9a64-7f180f33e3f6" }, { "code": "Information des personnes concern\u00e9es_05", "description": "Si possible, pr\u00e9voir un moyen de prouver que l'information a \u00e9t\u00e9 faite.", "importance": 0, "uuid": "c306c451-ef33-4501-99e6-0e1d1ebc5c56" }, { "code": "Information des personnes concern\u00e9es_06", "description": "[salari\u00e9s d'un organisme] Obtenir l'avis pr\u00e9alable des institutions repr\u00e9sentatives du personnel dans les cas pr\u00e9vus par le Code du travail.", "importance": 0, "uuid": "f074b4ef-e83d-46b8-af79-404ed8f686e7" }, { "code": "Information des personnes concern\u00e9es_07", "description": "[salari\u00e9s d'un organisme] Utiliser le moyen le plus appropri\u00e9 \u00e0 la culture de l'organisme.", "importance": 0, "uuid": "104f9747-e8f2-4c66-bbed-a213c285a37d" }, { "code": "Information des personnes concern\u00e9es_08", "description": "[collecte de donn\u00e9es via un site Internet] Faire figurer une information \u00e0 destination des internautes directement ou facilement accessible.", "importance": 0, "uuid": "3c5f2ea5-e242-4118-8ac9-7a07f4dc8694" }, { "code": "Information des personnes concern\u00e9es_09", "description": "[collecte de donn\u00e9es via une application mobile] Faire figurer une information \u00e0 destination des utilisateurs directement ou facilement accessible.", "importance": 0, "uuid": "21af75d8-d761-4a91-8952-c9134dc0cb31" }, { "code": "Information des personnes concern\u00e9es_10", "description": "[collecte de donn\u00e9es via une application mobile] Informer l'utilisateur si l'application est susceptible d'acc\u00e9der \u00e0 des identifiants de l'appareil, en pr\u00e9cisant s'ils sont communiqu\u00e9s \u00e0 des tiers.", "importance": 0, "uuid": "4a24c05f-1761-4b37-a636-3774d5e228b2" }, { "code": "Information des personnes concern\u00e9es_11", "description": "[collecte de donn\u00e9es via une application mobile] Informer l'utilisateur si l'application est susceptible de fonctionner en arri\u00e8re-plan.", "importance": 0, "uuid": "52c55030-ddac-4ded-b9ae-b17f1bcb463e" }, { "code": "Information des personnes concern\u00e9es_12", "description": "[collecte de donn\u00e9es via une application mobile] Pr\u00e9senter \u00e0 l'utilisateur les protections d'acc\u00e8s \u00e0 l'appareil.", "importance": 0, "uuid": "df20a7a8-8c25-45e4-80e6-b704fcc3606f" }, { "code": "Information des personnes concern\u00e9es_13", "description": "[collecte de donn\u00e9es par t\u00e9l\u00e9phone] D\u00e9livrer un message automatique avant que la conversation soit engag\u00e9e, pr\u00e9cisant notamment les droits des personnes, et le cas \u00e9ch\u00e9ant, les finalit\u00e9s de l'enregistrement de la conversation (formation, enqu\u00eate sur la qualit\u00e9 du service rendu, etc.), en leur offrant la possibilit\u00e9 de s'opposer \u00e0 l'enregistrement (pour motif l\u00e9gitime).", "importance": 0, "uuid": "ff0e48bd-b80a-4de5-8c43-224157753353" }, { "code": "Information des personnes concern\u00e9es_14", "description": "[collecte de donn\u00e9es par t\u00e9l\u00e9phone] Mettre en place des moyens permettant l'authentification de l'appelant (ex : par une information connue seulement de l'organisme et de la personne concern\u00e9e).", "importance": 0, "uuid": "ddfd140c-b23e-4cc8-829e-f06867a5a8ec" }, { "code": "Information des personnes concern\u00e9es_15", "description": "[collecte de donn\u00e9es via un formulaire] Placer la mention appropri\u00e9e sur le formulaire avec une typographie identique au reste du document.", "importance": 0, "uuid": "06726271-3ddf-4af6-a5ac-327e477d8e36" }, { "code": "Information des personnes concern\u00e9es_16", "description": "[publicit\u00e9 cibl\u00e9e] Rendre accessible l'information des internautes de mani\u00e8re \u00e0 ce qu'elle soit parfaitement visible et lisible.", "importance": 0, "uuid": "1eb94b5b-fc79-4327-ac91-bb6919d89020" }, { "code": "Information des personnes concern\u00e9es_17", "description": "[publicit\u00e9 cibl\u00e9e] Informer les internautes sur les diff\u00e9rentes formes de publicit\u00e9 cibl\u00e9e auxquelles ils sont susceptibles d'\u00eatre expos\u00e9s via le service qu'ils consultent et les divers proc\u00e9d\u00e9s utilis\u00e9s, les cat\u00e9gories d'informations trait\u00e9es aux fins d'adapter le contenu publicitaire et, en tant que de besoin, les informations non recueillies, leurs possibilit\u00e9s pour consentir \u00e0 l'affichage de publicit\u00e9s comportementales ou personnalis\u00e9es. L'information et le recueil du consentement doivent \u00eatre effectu\u00e9s avant tout stockage d'information ou obtention de l'acc\u00e8s \u00e0 des informations d\u00e9j\u00e0 stock\u00e9es dans l'\u00e9quipement terminal.", "importance": 0, "uuid": "d294b307-f06c-45ac-9717-46c0a22c8c85" }, { "code": "Information des personnes concern\u00e9es_18", "description": "[mise \u00e0 jour d'un traitement existant] Informer plus particuli\u00e8rement sur les nouveaut\u00e9s du traitement (nouvelles finalit\u00e9s, nouveaux destinataires).", "importance": 0, "uuid": "601f4aa9-9726-446d-9524-780ffaa31935" }, { "code": "Logiciels malveillants_01", "description": "Installer un antivirus sur les serveurs et postes de travail et le configurer.", "importance": 0, "uuid": "df4f723b-d159-445d-aa91-d1898edfc86e" }, { "code": "Logiciels malveillants_02", "description": "Tenir les logiciels antivirus \u00e0 jour.", "importance": 0, "uuid": "952e2fdb-a649-49bb-8d96-328045daddd0" }, { "code": "Logiciels malveillants_03", "description": "Mettre en oeuvre des mesures de filtrage permettant de filtrer les flux entrants/sortants du r\u00e9seau (firewall, proxy, etc.).", "importance": 0, "uuid": "fb5a202a-3234-4d74-a811-31527881ab43" }, { "code": "Logiciels malveillants_04", "description": "Faire remonter les \u00e9v\u00e8nements de s\u00e9curit\u00e9 de l'antivirus sur un serveur centralis\u00e9 pour analyse statistique et gestion des probl\u00e8mes \u00e0 post\u00e9riori (dans le but de d\u00e9tecter un serveur infect\u00e9, un virus d\u00e9tect\u00e9 et non \u00e9radiqu\u00e9 par l'antivirus, etc.).", "importance": 0, "uuid": "8cf43928-2c23-4794-89dd-364eb704c8f1" }, { "code": "Logiciels malveillants_05", "description": "Installer un programme de lutte contre les logiciels espions (anti-spyware) sur les postes de travail, le configurer et le tenir \u00e0 jour.", "importance": 0, "uuid": "7ab822fa-8a63-45a0-952d-5e8fa4dbcfe9" }, { "code": "Maintenance_01", "description": "Encadrer par un contrat de sous-traitance la r\u00e9alisation des op\u00e9rations de maintenance lorsqu'elles sont effectu\u00e9es par des prestataires.", "importance": 0, "uuid": "8600d1ea-a92d-40c2-9384-85c140c3dc3a" }, { "code": "Maintenance_02", "description": "Enregistrer toutes les op\u00e9rations de maintenance dans une main courante.", "importance": 0, "uuid": "96a6e72d-02b7-4a7f-a8e8-9426dd5f75e3" }, { "code": "Maintenance_03", "description": "Encadrer les op\u00e9rations de t\u00e9l\u00e9maintenance.", "importance": 0, "uuid": "3ed3d127-4a05-48d9-b000-e113d0857393" }, { "code": "Maintenance_04", "description": "Chiffrer ou effacer les donn\u00e9es pr\u00e9sentes sur les mat\u00e9riels (poste de travail fixe ou nomade, serveurs, etc.) envoy\u00e9s en maintenance externe. En cas d'impossibilit\u00e9 d\u00e9poser les supports de stockage de l'\u00e9quipement avant l'envoi en maintenance ou g\u00e9rer la maintenance en interne.", "importance": 0, "uuid": "0afcfa8a-cb1d-4465-ba6f-301e549631d0" }, { "code": "Maintenance_05", "description": "[postes de travail] Lors des op\u00e9rations de maintenance n\u00e9cessitant une prise en main \u00e0 distance sur un poste de travail, ne r\u00e9aliser l'op\u00e9ration qu'apr\u00e8s avoir obtenu l'accord de l'utilisateur, et lui indiquer \u00e0 l'\u00e9cran si la prise en main est effective.", "importance": 0, "uuid": "50e15e94-a4d6-4f70-9087-9e8451be42f2" }, { "code": "Maintenance_06", "description": "[postes de travail] Lorsqu'une op\u00e9ration de maintenance n\u00e9cessite une intervention physique sur un poste de travail contenant des donn\u00e9es sensibles, supprimer les donn\u00e9es pendant la maintenance.", "importance": 0, "uuid": "ff149a3e-8f3e-43ae-821c-2b6a3a6b4b26" }, { "code": "Maintenance_07", "description": "[t\u00e9l\u00e9phone mobile] Configurer les t\u00e9l\u00e9phones avant de les remettre aux utilisateurs.", "importance": 0, "uuid": "a7bb0169-11b2-4aee-a3f8-78b955431351" }, { "code": "Maintenance_08", "description": "[t\u00e9l\u00e9phone mobile] Informer les utilisateurs, par exemple sous la forme d'une note accompagnant la livraison, sur l'usage du t\u00e9l\u00e9phone, des applications (ex : business mail, Exchange) et des services fournis, ainsi que sur les r\u00e8gles de s\u00e9curit\u00e9 \u00e0 respecter.", "importance": 0, "uuid": "c79a6fe4-3f57-43b3-918b-b1adee8c0d1c" }, { "code": "Maintenance_09", "description": "[supports de stockage] Effacer de fa\u00e7on s\u00e9curis\u00e9e ou bien d\u00e9truire physiquement les supports de stockage mis au rebut.", "importance": 0, "uuid": "3c49be1d-afcd-40f5-8184-3968026d95be" }, { "code": "Maintenance_10", "description": "[supports de stockage] Lors des op\u00e9rations de maintenance n\u00e9cessitant une prise en main \u00e0 distance sur un poste de travail, ne r\u00e9aliser l'op\u00e9ration qu'apr\u00e8s avoir obtenu l'accord de l'utilisateur.", "importance": 0, "uuid": "ad17dd47-cb36-4cdf-9628-2969a2e4a2e0" }, { "code": "Maintenance_11", "description": "[imprimantes et copieurs multifonctions] Dans le cas d'une maintenance par un tiers, pr\u00e9voir les mesures destin\u00e9es \u00e0 emp\u00eacher l'acc\u00e8s aux donn\u00e9es.", "importance": 0, "uuid": "84da6fc4-ff9e-471b-b7c7-cc813bb861c0" }, { "code": "Maintenance_12", "description": "[imprimantes et copieurs multifonctions] Dans le cas d'une t\u00e9l\u00e9maintenance par un tiers \u00e0 une imprimante ou copieur multifonction h\u00e9berg\u00e9 localement, prendre des mesures sp\u00e9cifiques pour prot\u00e9ger chaque acc\u00e8s.", "importance": 0, "uuid": "425074c4-142d-40f4-a094-37940e4fd731" }, { "code": "Maintenance_13", "description": "[imprimantes et copieurs multifonctions] Emp\u00eacher l'acc\u00e8s \u00e0 des donn\u00e9es stock\u00e9es sur des imprimantes ou copieurs multifonctions mis au rebut.", "importance": 0, "uuid": "09c09d1b-8191-472e-98e6-435847ddffb6" }, { "code": "Mat\u00e9riels_01", "description": "Tenir \u00e0 jour un inventaire des ressources informatiques utilis\u00e9es.", "importance": 0, "uuid": "c2ec9503-2c3d-4d23-8641-a6af1fae8cbd" }, { "code": "Mat\u00e9riels_02", "description": "Cloisonner les ressources de l'organisme en cas de partage de locaux.", "importance": 0, "uuid": "666ef708-8443-4f39-b91d-942e4c320c13" }, { "code": "Mat\u00e9riels_03", "description": "Emp\u00eacher l'acc\u00e8s \u00e0 des donn\u00e9es stock\u00e9es sur des ressources informatiques mises au rebut.", "importance": 0, "uuid": "f284858f-d562-4cfc-80a0-4f2bbecfc4fb" }, { "code": "Mat\u00e9riels_04", "description": "Pr\u00e9voir une redondance mat\u00e9rielle des unit\u00e9s de stockage par une technologie RAID ou \u00e9quivalente.", "importance": 0, "uuid": "6332515b-9304-4904-8780-1b95e27d9235" }, { "code": "Mat\u00e9riels_05", "description": "V\u00e9rifier que le dimensionnement des capacit\u00e9s de stockage et de traitement, ainsi que les conditions d'utilisation, sont appropri\u00e9s \u00e0 l'usage pr\u00e9vu des mat\u00e9riels, notamment en termes de place, d'humidit\u00e9 et de temp\u00e9rature.", "importance": 0, "uuid": "69f6611f-cab5-4478-bc92-1216bc9eb1f4" }, { "code": "Mat\u00e9riels_06", "description": "V\u00e9rifier que l'alimentation des mat\u00e9riels les plus critiques est prot\u00e9g\u00e9e contre les variations de tension et qu'elle est secourue, ou qu'elle permet au moins de les arr\u00eater normalement.", "importance": 0, "uuid": "4d31b35d-b318-4d1a-bdc0-343cf6c08ffd" }, { "code": "Mat\u00e9riels_07", "description": "Limiter l'acc\u00e8s aux mat\u00e9riels sensibles et/ou qui ont une grande valeur marchande.", "importance": 0, "uuid": "e5d8e91b-5729-477a-8343-0cc2b87dccc0" }, { "code": "Mat\u00e9riels_08", "description": "Limiter les possibilit\u00e9s de modification des mat\u00e9riels.", "importance": 0, "uuid": "9522e881-b20f-4a0e-880f-1184af84d900" }, { "code": "Mat\u00e9riels_09", "description": "[postes de travail] R\u00e9cup\u00e9rer les donn\u00e9es, \u00e0 l'exception des donn\u00e9es signal\u00e9es comme \u00e9tant priv\u00e9es ou personnelles, pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne.", "importance": 0, "uuid": "91d00285-5ac9-4bd2-9324-59c5c83dbfcc" }, { "code": "Mat\u00e9riels_10", "description": "[postes nomades] Limiter le stockage de donn\u00e9es sur les postes nomades au strict n\u00e9cessaire, et \u00e9ventuellement l'interdire lors des d\u00e9placements \u00e0 l'\u00e9tranger.", "importance": 0, "uuid": "025b80de-389e-409c-9a0a-bdc77a422839" }, { "code": "Mat\u00e9riels_11", "description": "[postes nomades] Verrouiller l'appareil au bout de quelques minutes d'inactivit\u00e9.", "importance": 0, "uuid": "8255e58d-d2e6-4fbc-929d-ee601cd26204" }, { "code": "Mat\u00e9riels_12", "description": "[supports amovibles] Limiter l'usage des supports amovibles \u00e0 ceux fournis par le service en charge de l'informatique.", "importance": 0, "uuid": "40973d0f-8960-427b-8495-7efe7d6fd15c" }, { "code": "Mat\u00e9riels_13", "description": "[supports amovibles] Interdire l'utilisation de cl\u00e9s USB \u00e0 connexion sans fil (ex : Bluetooth).", "importance": 0, "uuid": "7e5d3505-fb1a-44b0-a6f8-9ed07570c236" }, { "code": "Mat\u00e9riels_14", "description": "[supports amovibles] Interdire la connexion de cl\u00e9s USB sur des mat\u00e9riels non s\u00e9curis\u00e9s (antivirus, pare-feu, etc.).", "importance": 0, "uuid": "ff1d4a51-8e8b-4639-9ee6-cd34d65e49e9" }, { "code": "Mat\u00e9riels_15", "description": "[supports amovibles] Limiter l'utilisation des cl\u00e9s USB aux activit\u00e9s professionnelles.", "importance": 0, "uuid": "bc0a1306-882e-44d0-95a1-7f41dba8658f" }, { "code": "Mat\u00e9riels_16", "description": "[supports amovibles] D\u00e9sactiver la fonctionnalit\u00e9 d'ex\u00e9cution automatique sur tous les postes (strat\u00e9gie de groupe).", "importance": 0, "uuid": "a3f970b2-9752-4763-a82d-02c22da11eb8" }, { "code": "Mat\u00e9riels_17", "description": "[supports amovibles] Chiffrer les donn\u00e9es stock\u00e9es sur un support amovible.", "importance": 0, "uuid": "3c899fb0-9384-4b0c-a91c-1db80535fdd7" }, { "code": "Mat\u00e9riels_18", "description": "[supports amovibles] Restituer les supports amovibles d\u00e9fectueux ou plus utiles au service en charge de l'informatique.", "importance": 0, "uuid": "5c6f4802-3911-47ab-9d8b-fd482efb54d0" }, { "code": "Mat\u00e9riels_19", "description": "[supports amovibles] D\u00e9truire de mani\u00e8re s\u00e9curis\u00e9e les supports de donn\u00e9es qui sont inutiles.", "importance": 0, "uuid": "b8dba354-dec6-4364-9e35-265190329f1c" }, { "code": "Mat\u00e9riels_20", "description": "[imprimantes et copieurs multifonctions] Changer les mots de passe \"constructeur\" par d\u00e9faut.", "importance": 0, "uuid": "cefdb279-897d-4ed8-976c-9ba08750c457" }, { "code": "Mat\u00e9riels_21", "description": "[imprimantes et copieurs multifonctions] D\u00e9sactiver les interfaces r\u00e9seau inutiles.", "importance": 0, "uuid": "1af86688-591f-46bd-b08c-0198e36b3046" }, { "code": "Mat\u00e9riels_22", "description": "[imprimantes et copieurs multifonctions] D\u00e9sactiver ou supprimer les services inutiles.", "importance": 0, "uuid": "bfa1d4aa-bdc9-4036-86c7-b876e25127b1" }, { "code": "Mat\u00e9riels_23", "description": "[imprimantes et copieurs multifonctions] Chiffrer les donn\u00e9es sur le disque dur lorsque cette fonction est disponible.", "importance": 0, "uuid": "f4f8e468-bac0-40cd-9ed8-0ed5c976c523" }, { "code": "Mat\u00e9riels_24", "description": "[imprimantes et copieurs multifonctions] Limiter l'envoi de documents num\u00e9ris\u00e9s aux adresses de messagerie internes et dans certains cas limiter l'envoi de documents num\u00e9ris\u00e9s \u00e0 une seule adresse de messagerie.", "importance": 0, "uuid": "cbbadaca-2185-4c69-ab27-02d97d034043" }, { "code": "Minimisation des donn\u00e9es_01", "description": "Justifier de la collecte de chaque donn\u00e9e.", "importance": 0, "uuid": "edae0fbc-e415-4b7d-8208-b79130cfdf3b" }, { "code": "Minimisation des donn\u00e9es_02", "description": "Bien faire la distinction entre les donn\u00e9es anonymes et pseudonymes.", "importance": 0, "uuid": "f1c5c683-7025-4ba8-a3b0-4b9c7a4faf8e" }, { "code": "Minimisation des donn\u00e9es_03", "description": "\u00c9viter les champs de saisie en texte libre (ex : zones \u00ab commentaires \u00bb), en raison du risque que les utilisateurs y consignent des informations ne respectant pas les principes de minimisation. On pr\u00e9f\u00e8rera donc des champs de saisie \u00e0 base de listes d\u00e9roulantes. Si on ne peut \u00e9viter la saisie de texte libre, une sensibilisation des utilisateurs devra \u00eatre faite quant \u00e0 l'usage de ces champs, vis-\u00e0-vis des conditions g\u00e9n\u00e9rales du service et vis-\u00e0-vis de la loi (pas de propos injurieux, pas de donn\u00e9es sensibles non d\u00e9clar\u00e9es, etc.).", "importance": 0, "uuid": "b8072981-619d-46e0-8f9b-ad7e84549a6a" }, { "code": "Minimisation des donn\u00e9es_04", "description": "V\u00e9rifier que les donn\u00e9es sont ad\u00e9quates, pertinentes et non excessives au regard de la finalit\u00e9 poursuivie, et ne pas les collecter dans le cas contraire.", "importance": 0, "uuid": "2a529e83-d2ca-4147-82cf-f44f213ad29f" }, { "code": "Minimisation des donn\u00e9es_05", "description": "V\u00e9rifier que les donn\u00e9es ne font pas appara\u00eetre, directement ou indirectement, les origines raciales ou ethniques, les opinions politiques, philosophiques ou religieuses ou l'appartenance syndicale, ainsi que les donn\u00e9es relatives \u00e0 la sant\u00e9 ou \u00e0 la vie sexuelle, et ne pas les collecter dans le cas contraire \u00e0 moins d'\u00eatre dans des circonstances d'exception (consentement, int\u00e9r\u00eat public conform\u00e9ment \u00e0 l'article 9 du RGPD).", "importance": 0, "uuid": "8478c80b-1729-40d0-a4a7-315af3003c52" }, { "code": "Minimisation des donn\u00e9es_06", "description": "V\u00e9rifier que les donn\u00e9es ne sont pas relatives \u00e0 des infractions, condamnations ou mesures de s\u00fbret\u00e9, et ne pas les collecter dans le cas contraire, \u00e0 moins d'\u00eatre dans des circonstances d'exception (juridictions, auxiliaires de justice conform\u00e9ment \u00e0 l'article 10 du RGPD).", "importance": 0, "uuid": "be361b63-c23d-436e-bcca-b3e57b87fcd0" }, { "code": "Minimisation des donn\u00e9es_07", "description": "Emp\u00eacher de collecter davantage de donn\u00e9es.", "importance": 0, "uuid": "75fd0afd-a5f6-49f2-bc0f-808d75e98c27" }, { "code": "Minimisation des donn\u00e9es_08", "description": "Filtrer et retirer les donn\u00e9es inutiles.", "importance": 0, "uuid": "7f58309d-502e-43ba-a154-17b97fbe53f0" }, { "code": "Minimisation des donn\u00e9es_09", "description": "R\u00e9duire la sensibilit\u00e9 par transformation.", "importance": 0, "uuid": "706b68ba-4615-4b9d-bfef-e455d2027b57" }, { "code": "Minimisation des donn\u00e9es_10", "description": "R\u00e9duire le caract\u00e8re identifiant des donn\u00e9es.", "importance": 0, "uuid": "6e61bab7-4731-4a76-ad49-87021019a20b" }, { "code": "Minimisation des donn\u00e9es_11", "description": "R\u00e9duire l'accumulation de donn\u00e9es.", "importance": 0, "uuid": "ee0f9383-d0e4-42db-88fa-108d8f457139" }, { "code": "Minimisation des donn\u00e9es_12", "description": "Restreindre l'acc\u00e8s aux donn\u00e9es.", "importance": 0, "uuid": "76edaf87-77ad-4739-98bd-4dc95f2d22d1" }, { "code": "Minimisation des donn\u00e9es_13", "description": "Limiter l'envoi des documents \u00e9lectroniques contenant des donn\u00e9es aux personnes ayant le besoin d'en disposer dans le cadre de leur activit\u00e9.", "importance": 0, "uuid": "64eafbb1-6b71-42b1-aeab-73bf2889f2d7" }, { "code": "Minimisation des donn\u00e9es_14", "description": "Effacer de mani\u00e8re s\u00e9curis\u00e9e les donn\u00e9es qui ne sont plus utiles ou qu'une personne demande de supprimer, sur le syst\u00e8me en op\u00e9ration et sur les sauvegardes le cas \u00e9ch\u00e9ant.", "importance": 0, "uuid": "5d5c5f28-e2b3-4cd2-a608-e5e28b46673b" }, { "code": "Organisation_01", "description": "Faire d\u00e9signer par le responsable des traitements une personne en charge de l'assister dans la mise en application du r\u00e8glement g\u00e9n\u00e9ral sur la protection des donn\u00e9es (RGPD) et lui accorder les moyens n\u00e9cessaires \u00e0 l'exercice de sa mission.", "importance": 0, "uuid": "2801471c-383e-48dd-9d9a-ace88fb25b1b" }, { "code": "Organisation_02", "description": "D\u00e9finir les r\u00f4les, responsabilit\u00e9s et interactions entre toutes les parties prenantes dans le domaine de la protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "285712b1-b3a5-4d2a-95ef-762bec7c84c0" }, { "code": "Organisation_03", "description": "Cr\u00e9er un comit\u00e9 de suivi, compos\u00e9 du responsable des traitements, de la personne en charge de l'assister dans la mise en application du RGPD et des parties int\u00e9ress\u00e9es, et se r\u00e9unissant de mani\u00e8re r\u00e9guli\u00e8re (au moins une fois par an) pour fixer des objectifs et faire un point sur l'ensemble des traitements de l'organisme.", "importance": 0, "uuid": "8bbdcb67-c783-4d15-9a20-dbc3a2f87aa6" }, { "code": "Politique_01", "description": "Formaliser les \u00e9l\u00e9ments importants relatifs au domaine de la vie priv\u00e9e au sein d'une base documentaire qui constitue la politique de protection des donn\u00e9es personnelles, dans une forme adapt\u00e9e aux diff\u00e9rents contenus (risques, grands principes \u00e0 respecter, objectifs \u00e0 atteindre, r\u00e8gles \u00e0 appliquer, etc.) et aux diff\u00e9rentes cibles de communication (usagers, service en charge de l'informatique, d\u00e9cideurs, etc.).", "importance": 0, "uuid": "56085501-a07b-43c7-aafc-f0251b13c4c5" }, { "code": "Politique_02", "description": "Faire conna\u00eetre la politique de protection des donn\u00e9es personnelles aux personnes qui doivent l'appliquer.", "importance": 0, "uuid": "8a988847-bebf-460b-bf9d-5b8f3693af89" }, { "code": "Politique_03", "description": "Permettre aux personnes qui doivent appliquer la politique de protection des donn\u00e9es personnelles de demander formellement une d\u00e9rogation en cas de difficult\u00e9 de mise en oeuvre , \u00e9tudier chaque demande de d\u00e9rogation en termes d'impact sur les risques, et le cas \u00e9ch\u00e9ant, faire valider les d\u00e9rogations acceptables par le responsable de traitement et faire \u00e9voluer la politique en cons\u00e9quence.", "importance": 0, "uuid": "94ceebf9-e136-44dd-b537-b4ae81a51b81" }, { "code": "Politique_04", "description": "\u00c9tablir un plan d'action pluriannuel et suivre la mise en oeuvre la politique de protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "1fa223a3-2596-4e4d-8599-afd399f1a162" }, { "code": "Politique_05", "description": "Pr\u00e9voir les d\u00e9rogations aux r\u00e8gles de la politique de protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "119d2bda-cd01-4e82-bf1d-bb78ce8aff82" }, { "code": "Politique_06", "description": "Pr\u00e9voir de prendre en compte les difficult\u00e9s rencontr\u00e9es dans l'application de la politique de protection des donn\u00e9es personnelles.", "importance": 0, "uuid": "26076a3f-0cbb-4268-a6f0-6bbc3f64c5d6" }, { "code": "Politique_07", "description": "V\u00e9rifier la conformit\u00e9 aux r\u00e8gles de la politique de protection des donn\u00e9es personnelles et la mise en oeuvre du plan d'action de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "e5e11b5a-ceb6-4546-892c-79e78dfd5a58" }, { "code": "Politique_08", "description": "R\u00e9viser la politique de protection des donn\u00e9es personnelles de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "f996d911-1c68-43fe-95f3-b48a59fa320b" }, { "code": "Postes de travail_01", "description": "Assurer la mise \u00e0 disposition et le maintien en conditions op\u00e9rationnelles et de s\u00e9curit\u00e9 des postes de travail des utilisateurs par le service en charge de l'informatique.", "importance": 0, "uuid": "2909e89a-fb31-465b-9b4d-5b986bc60aec" }, { "code": "Postes de travail_02", "description": "Prot\u00e9ger les postes peu volumineux, donc susceptibles d'\u00eatre facilement emport\u00e9s, et notamment les ordinateurs portables, \u00e0 l'aide d'un c\u00e2ble physique de s\u00e9curit\u00e9, d\u00e8s que l'utilisateur ne se trouve pas \u00e0 proximit\u00e9 et que le local n'est pas s\u00e9curis\u00e9 physiquement.", "importance": 0, "uuid": "adafec69-16e7-4255-bc00-bb763979be75" }, { "code": "Postes de travail_03", "description": "R\u00e9cup\u00e9rer les donn\u00e9es, \u00e0 l'exception des donn\u00e9es signal\u00e9es comme priv\u00e9es ou personnelles, pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne.", "importance": 0, "uuid": "151e0fde-8c9a-4dcf-a82f-e5731c99b09c" }, { "code": "Postes de travail_04", "description": "Effacer les donn\u00e9es pr\u00e9sentes sur un poste pr\u00e9alablement \u00e0 sa r\u00e9affectation \u00e0 une autre personne ou pour les postes partag\u00e9s.", "importance": 0, "uuid": "f15f0c88-08ac-46ec-a515-7efdda82f227" }, { "code": "Postes de travail_05", "description": "Supprimer les donn\u00e9es temporaires \u00e0 chaque reconnexion des postes partag\u00e9s.", "importance": 0, "uuid": "258a18a7-39b2-4c38-aec5-94397c4270c4" }, { "code": "Postes de travail_06", "description": "En cas de compromission d'un poste, rechercher toute trace d'intrusion dans le syst\u00e8me afin de d\u00e9tecter si l'attaquant a compromis d'autres \u00e9l\u00e9ments.", "importance": 0, "uuid": "e1f84a8a-12b5-46a2-a740-4859627256f9" }, { "code": "Postes de travail_07", "description": "Tenir les syst\u00e8mes et applications \u00e0 jour (versions, correctifs de s\u00e9curit\u00e9, etc.) ou, lorsque cela est impossible (ex : application uniquement disponible sur un syst\u00e8me qui n'est plus maintenu par l'\u00e9diteur), isoler la machine et porter une attention particuli\u00e8re aux journaux.", "importance": 0, "uuid": "54947799-560e-4195-89d7-51e86787b27c" }, { "code": "Postes de travail_08", "description": "Documenter les configurations et les mettre \u00e0 jour \u00e0 chaque changement notable.", "importance": 0, "uuid": "cb57f1bb-2fdb-468e-97fb-ef1da1bb7169" }, { "code": "Postes de travail_09", "description": "Limiter les possibilit\u00e9s de d\u00e9tournements d'usages.", "importance": 0, "uuid": "6ed3b030-a0a1-4ce5-933a-03a56dd79b12" }, { "code": "Postes de travail_10", "description": "Prot\u00e9ger les acc\u00e8s logiques aux postes de travail.", "importance": 0, "uuid": "3acfe072-0563-41a7-b418-6a48008d95fe" }, { "code": "Postes de travail_11", "description": "Activer les mesures de protection offertes par le syst\u00e8me et les applications.", "importance": 0, "uuid": "5cc20ef6-edc5-4eac-927d-dcdb56fe83bb" }, { "code": "Postes de travail_12", "description": "Interdire le partage de r\u00e9pertoires ou de donn\u00e9es localement sur les postes de travail.", "importance": 0, "uuid": "b2831da7-b6b1-4c14-b23d-a3caf7f543f3" }, { "code": "Postes de travail_13", "description": "Stocker les donn\u00e9es des utilisateurs sur un espace r\u00e9seau sauvegard\u00e9 et non sur les postes de travail.", "importance": 0, "uuid": "18fe7f33-228b-4e46-b0e4-9fdc31f21c95" }, { "code": "Postes de travail_14", "description": "Dans le cas o\u00f9 des donn\u00e9es doivent \u00eatre stock\u00e9es en local sur un poste, fournir des moyens de synchronisation ou de sauvegarde aux utilisateurs et les informer sur leur utilisation.", "importance": 0, "uuid": "c2bbf9e6-0396-46c6-9a69-e537033024bc" }, { "code": "Postes de travail_15", "description": "S\u00e9curiser la configuration du navigateur Internet.", "importance": 0, "uuid": "ba8a5792-fde0-4479-b552-37496c5e1e3f" }, { "code": "Postes de travail_16", "description": "D\u00e9ployer le navigateur dont la configuration a \u00e9t\u00e9 s\u00e9curis\u00e9e sur tous postes de travail n\u00e9cessitant un acc\u00e8s \u00e0 Internet ou Intranet.", "importance": 0, "uuid": "3252b36f-e80e-4bf1-bba0-3770970abcdf" }, { "code": "Postes de travail_17", "description": "Limiter le recours \u00e0 des modules d'extension (plugins), supprimer ceux qui ne sont pas utilis\u00e9s et tenir \u00e0 jour ceux qui sont install\u00e9s.", "importance": 0, "uuid": "830cef3a-82bc-4bb2-8996-c9cc6970325f" }, { "code": "Postes de travail_18", "description": "Interdire l'ex\u00e9cution des applications t\u00e9l\u00e9charg\u00e9es ne provenant pas de sources s\u00fbres.", "importance": 0, "uuid": "3f855614-4fe1-44a2-a181-39da61d62bb7" }, { "code": "Postes de travail_19", "description": "Rechercher les vuln\u00e9rabilit\u00e9s exploitables.", "importance": 0, "uuid": "c9daaf50-fd5a-428b-bbf6-fa64c7bf4d63" }, { "code": "Postes de travail_20", "description": "Contr\u00f4ler l'int\u00e9grit\u00e9 du syst\u00e8me \u00e0 l'aide de contr\u00f4leurs d'int\u00e9grit\u00e9 (qui v\u00e9rifient l'int\u00e9grit\u00e9 de fichiers choisis).", "importance": 0, "uuid": "4516765e-5d49-4e55-9963-bda208f3e04e" }, { "code": "Postes de travail_21", "description": "S'assurer que la taille maximale des journaux d'\u00e9v\u00e8nements est suffisante, et notamment que les \u00e9v\u00e8nements les plus anciens ne sont pas supprim\u00e9s automatiquement si la taille maximale est atteinte.", "importance": 0, "uuid": "09960a7b-3352-4f9a-aeaf-6aa6661bff68" }, { "code": "Postes de travail_22", "description": "Journaliser les \u00e9v\u00e8nements relatifs aux applications, \u00e0 la s\u00e9curit\u00e9 et au syst\u00e8me.", "importance": 0, "uuid": "1ddfa74b-1c92-482f-8421-24a0d144fb68" }, { "code": "Postes de travail_23", "description": "Exporter les journaux \u00e0 l'aide des fonctionnalit\u00e9s de gestion du domaine ou via un client syslog.", "importance": 0, "uuid": "040dad6c-dfb5-429c-9404-86ad4d35dc0c" }, { "code": "Postes de travail_24", "description": "Analyser principalement les heures de connexions et d\u00e9connexions, le type de protocole utilis\u00e9 pour se connecter et le type d'utilisateur qui y a recours, l'adresse IP d'origine de la connexion, les \u00e9checs successifs de connexions, les arr\u00eats inopin\u00e9s d'applications ou de t\u00e2ches.", "importance": 0, "uuid": "b6d0b02f-b02d-45ae-af0e-8dbcbf55a299" }, { "code": "Postes de travail_25", "description": "[postes nomades] Chiffrer les donn\u00e9es stock\u00e9es sur les postes nomades.", "importance": 0, "uuid": "c8ec2ccd-aa47-446a-8f37-0dee07f847ff" }, { "code": "Postes de travail_26", "description": "[postes nomades] Limiter le stockage de donn\u00e9es sur les postes nomades au strict n\u00e9cessaire, et \u00e9ventuellement l'interdire lors de d\u00e9placement \u00e0 l'\u00e9tranger.", "importance": 0, "uuid": "396fa6c3-fc9e-4775-acdb-0305b0c74b07" }, { "code": "Postes de travail_27", "description": "[postes nomades] Assurer la disponibilit\u00e9 des donn\u00e9es stock\u00e9es sur les postes nomades.", "importance": 0, "uuid": "28f4ae7b-9118-4ec3-956c-4eab0d817e3a" }, { "code": "Postes de travail_28", "description": "[postes nomades] Purger les donn\u00e9es collect\u00e9es sur le poste nomade sit\u00f4t qu'elles ont \u00e9t\u00e9 introduites dans le syst\u00e8me d'information de l'organisme.", "importance": 0, "uuid": "0921ec99-6747-49c3-917d-a22107d02bde" }, { "code": "Postes de travail_29", "description": "[postes nomades] Positionner un filtre de confidentialit\u00e9 sur les \u00e9crans des postes nomades d\u00e8s qu'ils sont utilis\u00e9s en dehors de l'organisme.", "importance": 0, "uuid": "7669215a-04d4-41a3-b3e3-7546ec06c9f5" }, { "code": "Postes de travail_30", "description": "[t\u00e9l\u00e9phones mobiles] Configurer les t\u00e9l\u00e9phones mobiles avant d'\u00eatre livr\u00e9s aux utilisateurs.", "importance": 0, "uuid": "e5744a1e-219e-4d1c-bc38-52a053a4cbb4" }, { "code": "Postes de travail_31", "description": "[t\u00e9l\u00e9phones mobiles] Informer les utilisateurs, par exemple sous la forme d'une note accompagnant la livraison, sur l'usage du t\u00e9l\u00e9phone, des applications (ex : business mail, Exchange, etc.) et des services fournis, ainsi que sur les r\u00e8gles de s\u00e9curit\u00e9 \u00e0 respecter.", "importance": 0, "uuid": "44a79e4f-89cb-4d71-b12b-a10397e6e9ce" }, { "code": "Postes de travail_32", "description": "[serveur] Isoler le serveur du reste du r\u00e9seau dans une DMZ sp\u00e9cifique ou un VLAN, utiliser un anti-virus \u00e0 jour, un anti-spyware et un anti-spam, installer imm\u00e9diatement les mises \u00e0 jour de s\u00e9curit\u00e9 du syst\u00e8me d'exploitation, authentifier les appareils par certificat \u00e9lectronique (si possible).", "importance": 0, "uuid": "b7f28967-ed0e-44f8-b473-fad807fc46ae" }, { "code": "Postes de travail_33", "description": "[t\u00e9l\u00e9phones mobiles] S\u00e9curiser la fin de vie de l'appareil.", "importance": 0, "uuid": "b5545f2a-d6bb-4d82-924a-b1aea285ab71" }, { "code": "Qualit\u00e9 des donn\u00e9es_01", "description": "V\u00e9rifier r\u00e9guli\u00e8rement l'exactitude des donn\u00e9es personnelles de l'utilisateur.", "importance": 0, "uuid": "560cfa0d-0266-44b6-ae2f-3f3190db2974" }, { "code": "Qualit\u00e9 des donn\u00e9es_02", "description": "Inviter l'utilisateur \u00e0 contr\u00f4ler et, si n\u00e9cessaire, mettre \u00e0 jour ses donn\u00e9es r\u00e9guli\u00e8rement.", "importance": 0, "uuid": "fd6ff76b-5f45-496b-91f4-8fda6180dbab" }, { "code": "Qualit\u00e9 des donn\u00e9es_03", "description": "Assurer la tra\u00e7abilit\u00e9 de toute modification des donn\u00e9es.", "importance": 0, "uuid": "4b2d9a54-fd04-44c7-8684-7f6ad571eb0c" }, { "code": "Relations avec les tiers_01", "description": "Identifier tous les tiers qui ont ou pourraient avoir un acc\u00e8s l\u00e9gitime aux donn\u00e9es.", "importance": 0, "uuid": "5842586f-9d95-4856-806b-e7a0653aa4d8" }, { "code": "Relations avec les tiers_02", "description": "D\u00e9terminer leur r\u00f4le vis-\u00e0-vis du traitement (administrateur informatique, sous-traitant, destinataire, personnes charg\u00e9es de traiter les donn\u00e9es, tiers autoris\u00e9) en fonction des actions qu'ils vont r\u00e9aliser.", "importance": 0, "uuid": "30bc4dd1-4f85-4d46-a3d7-07c22fa33994" }, { "code": "Relations avec les tiers_03", "description": "D\u00e9terminer les responsabilit\u00e9s respectives en fonction des risques li\u00e9s \u00e0 ces donn\u00e9es.", "importance": 0, "uuid": "1d7881b1-1bb4-4c1a-b81e-1c9e145ffeba" }, { "code": "Relations avec les tiers_04", "description": "D\u00e9terminer la forme appropri\u00e9e pour fixer les droits et obligations selon la forme juridique des tiers et leur localisation g\u00e9ographique.", "importance": 0, "uuid": "840fdc25-8160-47a4-84ef-1655446d90fa" }, { "code": "Relations avec les tiers_05", "description": "Formaliser les r\u00e8gles que les personnes doivent respecter durant tout le cycle de vie de la relation li\u00e9e au traitement ou aux donn\u00e9es, selon la cat\u00e9gorie de personnes et les actions qu'elles vont r\u00e9aliser.", "importance": 0, "uuid": "95e59cec-f9f5-4bad-8dc0-d64c9fdec0bf" }, { "code": "Relations avec les tiers_06", "description": "[prestataires en interne] Appliquer aux prestataires les m\u00eames mesures que pour les salari\u00e9s de l'organisme : formation aux enjeux de la protection des donn\u00e9es personnelles, obligation de respecter les r\u00e8gles d'usage des ressources informatiques de l'organisme annex\u00e9es au r\u00e8glement int\u00e9rieur.", "importance": 0, "uuid": "b3c20465-7306-4a61-8259-b2dffdd60e8c" }, { "code": "Relations avec les tiers_07", "description": "[prestataires en interne] Fournir aux prestataires un poste de travail interne \u00e0 l'organisme ou s'assurer que l'utilisation du poste de travail fourni par leur employeur est compatible avec les objectifs de s\u00e9curit\u00e9 de l'organisme.", "importance": 0, "uuid": "b5994020-e8ca-47be-8989-3d9eebe2da75" }, { "code": "Relations avec les tiers_08", "description": "[prestataires en interne] S'assurer que les prestataires sont bien engag\u00e9s aupr\u00e8s de leur employeur par une clause de confidentialit\u00e9 applicable aux organismes clients de leur employeur.", "importance": 0, "uuid": "edfde4eb-2ff2-42c9-b8c5-655da7bc8a7b" }, { "code": "Relations avec les tiers_09", "description": "[prestataires en interne] G\u00e9rer les habilitations des prestataires de fa\u00e7on sp\u00e9cifique en leur attribuant des habilitations limit\u00e9es dans le temps prenant fin automatiquement \u00e0 la date pr\u00e9visionnelle de la fin de leur mission.", "importance": 0, "uuid": "293c76d6-319d-4dc7-b2a2-8581e19d8f6b" }, { "code": "Relations avec les tiers_10", "description": "[tiers destinataires] Encadrer contractuellement la transmission des donn\u00e9es aux tiers destinataires.", "importance": 0, "uuid": "a45771d7-4498-450d-a0cf-ff8eddf4bee2" }, { "code": "Relations avec les tiers_11", "description": "[tiers destinataires] Imposer au tiers de publier une politique de protection des donn\u00e9es personnelles couvrant les traitements aliment\u00e9s par les donn\u00e9es transmises et pr\u00e9cisant les objectifs de s\u00e9curit\u00e9 issus de la politique de s\u00e9curit\u00e9 des syst\u00e8mes d'information.", "importance": 0, "uuid": "bbf4f754-0da7-40cb-bae1-9adec9a0b23b" }, { "code": "Relations avec les tiers_12", "description": "[tiers destinataires] Si la transmission de donn\u00e9es est faite via Internet toujours, chiffrer les flux de donn\u00e9es.", "importance": 0, "uuid": "5acc6bfc-cac5-45eb-842c-204ddacc1284" }, { "code": "Relations avec les tiers_13", "description": "[tiers destinataires] Syst\u00e9matiquement, informer le tiers lorsque des personnes exercent leur droit de rectification.", "importance": 0, "uuid": "2bbae62c-5f4d-4459-b16b-c169276a5e6c" }, { "code": "Relations avec les tiers_14", "description": "[tiers autoris\u00e9s] Ne r\u00e9pondre qu'aux demandes transmises de fa\u00e7on formelle (courrier postal, fax) et r\u00e9pondre via le m\u00eame canal de communication. Ne pas prendre en compte les demandes adress\u00e9es par mail ni ne r\u00e9pondre par ce canal de communication.", "importance": 0, "uuid": "658f383e-2a21-493f-9a4a-95252ada7850" }, { "code": "Relations avec les tiers_15", "description": "[tiers autoris\u00e9s] V\u00e9rifier la base l\u00e9gale de chaque demande de communication.", "importance": 0, "uuid": "5e7263eb-cc9b-4ec4-92f5-4d1feed5430e" }, { "code": "Relations avec les tiers_16", "description": "[tiers autoris\u00e9s] Authentifier les \u00e9metteurs et ne r\u00e9pondre qu'\u00e0 eux.", "importance": 0, "uuid": "34e66e2b-f9df-4680-a833-39b436fa2a61" }, { "code": "Relations avec les tiers_17", "description": "[tiers autoris\u00e9s] R\u00e9pondre de fa\u00e7on stricte \u00e0 la demande en ne fournissant que les donn\u00e9es mentionn\u00e9es dans la demande.", "importance": 0, "uuid": "d7c17d95-b28c-4328-a1af-0336f7bcb960" }, { "code": "R\u00e9seaux_01", "description": "Maintenir \u00e0 jour une cartographie d\u00e9taill\u00e9e du r\u00e9seau.", "importance": 0, "uuid": "b38a5776-9cce-4708-a383-d0735b4acb92" }, { "code": "R\u00e9seaux_02", "description": "Recenser tous les acc\u00e8s Internet, les int\u00e9grer dans la cartographie du r\u00e9seau et s'assurer que les mesures pr\u00e9vues sont bien appliqu\u00e9es \u00e0 chacun d'entre eux.", "importance": 0, "uuid": "64d5965c-eace-4754-abe4-d17dc42f5e82" }, { "code": "R\u00e9seaux_03", "description": "Assurer la disponibilit\u00e9 des canaux informatiques.", "importance": 0, "uuid": "5d24a637-56b0-4d6a-804f-cbe63961493d" }, { "code": "R\u00e9seaux_04", "description": "Segmenter le r\u00e9seau en sous-r\u00e9seaux logiques \u00e9tanches selon les services cens\u00e9s y \u00eatre d\u00e9ploy\u00e9s.", "importance": 0, "uuid": "fc83e811-4d47-4d6b-b443-7ccc476a1b5c" }, { "code": "R\u00e9seaux_05", "description": "Interdire toute communication directe entre des postes internes et l'ext\u00e9rieur.", "importance": 0, "uuid": "c81ee7e7-1598-4544-9870-ba47ed1c293f" }, { "code": "R\u00e9seaux_06", "description": "N'utiliser que les flux explicitement autoris\u00e9s (limiter les ports de communication strictement n\u00e9cessaires au bon fonctionnement des applications install\u00e9es) \u00e0 l'aide d'un pare-feu.", "importance": 0, "uuid": "89b1ced3-1950-4629-8479-06777206146d" }, { "code": "R\u00e9seaux_07", "description": "Surveiller l'activit\u00e9 r\u00e9seau apr\u00e8s en avoir inform\u00e9 les personnes concern\u00e9es.", "importance": 0, "uuid": "52fbddde-7b73-48e4-868d-3d57973d09de" }, { "code": "R\u00e9seaux_08", "description": "Pr\u00e9voir un plan de r\u00e9ponse en cas d'intrusion majeure contenant les mesures organisationnelles et techniques pour d\u00e9limiter et circonscrire la compromission.", "importance": 0, "uuid": "f88ee60a-cf84-44ee-9f99-eca0c8dfade1" }, { "code": "R\u00e9seaux_09", "description": "Identifier les mat\u00e9riels de mani\u00e8re automatique comme moyen d'authentification des connexions \u00e0 partir de lieux et mat\u00e9riels sp\u00e9cifiques.", "importance": 0, "uuid": "947cf84f-4f95-4ae8-a493-0b23a80de7f4" }, { "code": "R\u00e9seaux_10", "description": "S\u00e9curiser les flux d'administration et restreindre, voire interdire, l'acc\u00e8s physique et logique aux ports de diagnostic et de configuration \u00e0 distance.", "importance": 0, "uuid": "a34a3b2b-2317-43f0-9061-eabdca6eaa2b" }, { "code": "R\u00e9seaux_11", "description": "Interdire le raccordement d'\u00e9quipements informatiques non ma\u00eetris\u00e9s.", "importance": 0, "uuid": "64cc6741-9a90-4a52-afe4-dd1792c9a888" }, { "code": "R\u00e9seaux_12", "description": "Transmettre les secrets garantissant la confidentialit\u00e9 de donn\u00e9es (cl\u00e9 de d\u00e9chiffrement, mot de passe, etc.) dans une transmission distincte, si possible via un canal de nature diff\u00e9rente de celui ayant servi \u00e0 la transmission des donn\u00e9es.", "importance": 0, "uuid": "f87086dc-dd46-465a-87ec-12ebfb3067bb" }, { "code": "R\u00e9seaux_13", "description": "[\u00e9quipements actifs] Utiliser le protocole SSH ou une connexion directe \u00e0 l'\u00e9quipement pour la connexion aux \u00e9quipements actifs du r\u00e9seau (pare-feu, routeurs, commutateurs) et proscrire l'utilisation du protocole Telnet sauf en cas de connexion directe.", "importance": 0, "uuid": "7a73df5f-5d1b-46c7-9d20-d0d33884f6f5" }, { "code": "R\u00e9seaux_14", "description": "[t\u00e9l\u00e9maintenance] Limiter la prise de main \u00e0 distance d'une ressource informatique locale aux agents du service en charge de l'informatique, sur les ressources informatiques de leur p\u00e9rim\u00e8tre.", "importance": 0, "uuid": "800ae6b2-04a7-4b39-a2ea-c08826d7dadf" }, { "code": "R\u00e9seaux_15", "description": "[t\u00e9l\u00e9maintenance] Identifier les utilisateurs de l'outil de prise de main \u00e0 distance de mani\u00e8re unique.", "importance": 0, "uuid": "ecc30a00-d461-4b18-a80b-9e812b2e1999" }, { "code": "R\u00e9seaux_16", "description": "[t\u00e9l\u00e9maintenance] Authentifier les utilisateurs de l'outil de prise de main \u00e0 distance au moins par un mot de passe robuste et si possible par certificat \u00e9lectronique.", "importance": 0, "uuid": "5d0c0510-e983-4c9b-839f-0e9e6abae3bb" }, { "code": "R\u00e9seaux_17", "description": "[t\u00e9l\u00e9maintenance] Journaliser les actions des utilisateurs de l'outil de prise en main \u00e0 distance.", "importance": 0, "uuid": "d9e70d17-8200-40ac-8617-f8d286699206" }, { "code": "R\u00e9seaux_18", "description": "[t\u00e9l\u00e9maintenance] S\u00e9curiser le flux d'authentification s\u00e9curis\u00e9.", "importance": 0, "uuid": "3d0ff9ec-8e07-4aeb-bdc0-70a0999799b3" }, { "code": "R\u00e9seaux_19", "description": "[t\u00e9l\u00e9maintenance] La prise de main \u00e0 distance doit \u00eatre soumise \u00e0 un accord pr\u00e9alable de l'utilisateur.", "importance": 0, "uuid": "d6b20d02-e96c-4c72-8a57-9d819af7fa9c" }, { "code": "R\u00e9seaux_20", "description": "[t\u00e9l\u00e9maintenance] Interdire la modification du param\u00e9trage de s\u00e9curit\u00e9 de l'outil et la visualisation des mots de passe ou secrets utilis\u00e9s.", "importance": 0, "uuid": "0d809dac-07f2-4a2c-ac44-8f8d89d39318" }, { "code": "R\u00e9seaux_21", "description": "[t\u00e9l\u00e9maintenance] Emp\u00eacher la r\u00e9cup\u00e9ration des secrets utilis\u00e9s pour \u00e9tablir la connexion \u00e0 partir d'un poste de travail.", "importance": 0, "uuid": "a1b10cdf-f7c2-4c31-8487-0476ffeab70e" }, { "code": "R\u00e9seaux_22", "description": "[t\u00e9l\u00e9maintenance] Chiffrer l'ensemble des flux \u00e9chang\u00e9s.", "importance": 0, "uuid": "170febf2-0cb4-43c0-9fc1-f071ee3af5ce" }, { "code": "R\u00e9seaux_23", "description": "[t\u00e9l\u00e9maintenance] L'utilisateur doit \u00eatre inform\u00e9 qu'une prise de main \u00e0 distance est en cours sur son poste de travail (par exemple \u00e0 l'aide d'une ic\u00f4ne).", "importance": 0, "uuid": "6549e197-1a10-4145-a56c-727a1396514e" }, { "code": "R\u00e9seaux_24", "description": "[postes nomades] Mettre en place une solution d'authentification forte des utilisateurs acc\u00e9dant \u00e0 distance au syst\u00e8me d'information interne (quand cela est possible).", "importance": 0, "uuid": "fd742eed-ef22-46df-844a-6a7ba475782a" }, { "code": "R\u00e9seaux_25", "description": "[postes nomades] Chiffrer les communications entre le poste nomade et le syst\u00e8me d'information interne.", "importance": 0, "uuid": "78e54808-1768-45fb-bd6a-0efd5d16dc3d" }, { "code": "R\u00e9seaux_26", "description": "[postes nomades] Installer un pare-feu local pour s\u00e9curiser les \u00e9changes r\u00e9seau entrant et sortant sur le poste de travail en situation de nomadisme, qui doit \u00eatre activ\u00e9 d\u00e8s que le poste nomade sort de l'organisme.", "importance": 0, "uuid": "befbf1d0-810d-42d7-92c3-8facadf09773" }, { "code": "R\u00e9seaux_27", "description": "[interfaces sans fil] Interdire les communications non s\u00e9curis\u00e9es.", "importance": 0, "uuid": "dc95d51c-31c7-4fdb-82d2-113afa255783" }, { "code": "R\u00e9seaux_28", "description": "[interfaces sans fil] Interdire la connexion simultan\u00e9e \u00e0 un r\u00e9seau via une interface sans fil et par l'interface Ethernet.", "importance": 0, "uuid": "d4f9a1de-088d-4be6-b609-04b0aabbb576" }, { "code": "R\u00e9seaux_29", "description": "[interfaces sans fil] D\u00e9sactiver les interfaces de connexion sans fil (Wifi, Bluetooth, infrarouge, 4G, etc.) d\u00e8s lors qu'elles ne sont pas utilis\u00e9es, de mani\u00e8re mat\u00e9rielle ou logicielle.", "importance": 0, "uuid": "b613554b-0647-428f-be99-0f5075e5ff3f" }, { "code": "R\u00e9seaux_30", "description": "[interfaces sans fil] Ma\u00eetriser les r\u00e9seaux sans fil.", "importance": 0, "uuid": "a00b62ce-cd2a-4e0e-8540-88c5ba4ef0f1" }, { "code": "R\u00e9seaux_31", "description": "[Wifi] Utiliser le protocole WPA ou WPA2 avec un mode de chiffrement AES/CCMP ou le mode \u00ab Enterprise \u00bb des protocoles WPA et WPA2 (utilisant un serveur Radius, ainsi que les sous-protocoles EAP-TLS ou PEAP).", "importance": 0, "uuid": "57904ce6-566b-4fad-8292-713119cb8128" }, { "code": "R\u00e9seaux_32", "description": "[Wifi] Interdire les r\u00e9seaux ad hoc.", "importance": 0, "uuid": "f4406404-5a76-48e0-beaf-8b18cbb9ca4f" }, { "code": "R\u00e9seaux_33", "description": "[Wifi] Utiliser et configurer un pare-feu au point d'entr\u00e9e/sortie du r\u00e9seau, afin de cloisonner les \u00e9quipements connect\u00e9s en fonction des besoins.", "importance": 0, "uuid": "c7cb8369-bbdc-4005-8232-05af4496a6bb" }, { "code": "R\u00e9seaux_34", "description": "[Bluetooth] Imposer une authentification mutuelle avec l'appareil distant.", "importance": 0, "uuid": "fa01bb34-6b29-40fa-83d6-9e22295080b0" }, { "code": "R\u00e9seaux_35", "description": "[Bluetooth] Limiter l'utilisation \u00e0 l'\u00e9change de fichiers avec des mat\u00e9riels ma\u00eetris\u00e9s par le service en charge de l'informatique.", "importance": 0, "uuid": "7284cd89-16f2-4052-bd57-1d007618e79c" }, { "code": "R\u00e9seaux_36", "description": "[Bluetooth] Chiffrer les \u00e9changes.", "importance": 0, "uuid": "3258b781-41ae-4d67-9252-880bffbfa106" }, { "code": "R\u00e9seaux_37", "description": "[infrarouge] R\u00e9aliser une authentification avant la connexion, l'\u00e9mission et la r\u00e9ception d'un fichier ou d'une commande.", "importance": 0, "uuid": "78f1e57c-e085-49c8-ad22-e3d6c5aefb18" }, { "code": "R\u00e9seaux_38", "description": "[t\u00e9l\u00e9phonie mobile] Prot\u00e9ger la carte SIM par un code PIN demand\u00e9 \u00e0 chaque utilisation.", "importance": 0, "uuid": "60f1b6fa-30bf-4f83-80f1-3ec466120a88" }, { "code": "R\u00e9seaux_39", "description": "[Internet] Utiliser le protocole TLS (HTTPS) pour assurer l'authentification des serveurs et la confidentialit\u00e9 des communications.", "importance": 0, "uuid": "d95c1909-3eae-486b-a6ec-ab5d68a7ed74" }, { "code": "R\u00e9seaux_40", "description": "[transfert de fichiers] Utiliser le protocole SFTP ou \u00e9ventuellement le protocole SCP.", "importance": 0, "uuid": "e43a6ac7-d957-49a1-852a-744c68c4db11" }, { "code": "R\u00e9seaux_41", "description": "[fax] Chiffrer les fichiers avant tout transfert dans le cas de risques \u00e9lev\u00e9s.", "importance": 0, "uuid": "b521bc9c-4b3f-4400-b03f-6aadcf506164" }, { "code": "R\u00e9seaux_42", "description": "[fax] Positionner le fax dans un local physiquement contr\u00f4l\u00e9 et accessible uniquement au personnel habilit\u00e9.", "importance": 0, "uuid": "fd283473-0995-4b6b-832f-2f3e79025cba" }, { "code": "R\u00e9seaux_43", "description": "[fax] Mettre en place un contr\u00f4le par code d'acc\u00e8s personnel pour l'impression des messages.", "importance": 0, "uuid": "a24e9bac-a46d-4b22-af48-57aed0c9d86d" }, { "code": "R\u00e9seaux_44", "description": "[fax] Faire afficher l'identit\u00e9 du fax destinataire lors de l'\u00e9mission des messages, afin d'\u00eatre assur\u00e9 de l'identit\u00e9 du destinataire.", "importance": 0, "uuid": "6d457057-5311-40dd-9b38-3e2fc5e360e1" }, { "code": "R\u00e9seaux_45", "description": "[fax] Doubler l'envoi par fax d'un envoi des documents originaux au destinataire.", "importance": 0, "uuid": "b024fea4-cecf-4839-bd8c-d817a7d2a338" }, { "code": "R\u00e9seaux_46", "description": "[fax] Pr\u00e9enregistrer dans le carnet d'adresses des fax (si cette fonctionnalit\u00e9 existe) les destinataires potentiels.", "importance": 0, "uuid": "b3f15a65-11d9-4c98-b5ee-0c1ef9cbb508" }, { "code": "R\u00e9seaux_47", "description": "[ADSL/Fibre] Recenser les points d'acc\u00e8s locaux \u00e0 Internet.", "importance": 0, "uuid": "d2b2a148-c1e2-4998-a3cc-1feae580c188" }, { "code": "R\u00e9seaux_48", "description": "[ADSL/Fibre] Isoler physiquement les points d'acc\u00e8s locaux \u00e0 Internet du r\u00e9seau interne.", "importance": 0, "uuid": "607b68a1-3304-441d-93a4-208a8cebfe84" }, { "code": "R\u00e9seaux_49", "description": "[points d'acc\u00e8s locaux] Ne les utiliser qu'en cas de besoins sp\u00e9cifiques et justifi\u00e9s (exemple : perte de disponibilit\u00e9 de l'acc\u00e8s au r\u00e9seau interurbain).", "importance": 0, "uuid": "b8259109-ec84-429f-afb6-468188291be6" }, { "code": "R\u00e9seaux_50", "description": "[points d'acc\u00e8s locaux] Ne les activer que lors de leur utilisation.", "importance": 0, "uuid": "e2a0bae7-28dc-4831-a244-a5bffc226cdf" }, { "code": "R\u00e9seaux_51", "description": "[points d'acc\u00e8s locaux] D\u00e9sactiver leur \u00e9ventuelle interface sans fil (\u00ab wifi \u00bb).", "importance": 0, "uuid": "9d3287f7-d854-4c21-9054-23a98ca574f2" }, { "code": "R\u00e9seaux_52", "description": "[email] Chiffrer les pi\u00e8ces jointes contenant des donn\u00e9es.", "importance": 0, "uuid": "0c56934f-baaa-48b5-8ad0-73de64fa063b" }, { "code": "R\u00e9seaux_53", "description": "[email] Sensibiliser les utilisateurs au fait qu'ils doivent \u00e9viter d'ouvrir des courriers \u00e9lectroniques d'origine inconnue et encore plus les pi\u00e8ces jointes \u00e0 risque (extensions .pif, .com, .bat, .exe, .vbs, .lnk, etc.) ou configurer le syst\u00e8me de telle sorte qu'il ne soit pas possible de les ouvrir.", "importance": 0, "uuid": "7c85c408-1323-4985-8f9a-bef2aec522ab" }, { "code": "R\u00e9seaux_54", "description": "[email] Sensibiliser les utilisateurs au fait qu'il convient de ne pas relayer les canulars.", "importance": 0, "uuid": "37f331a2-8f93-4a53-9323-43963bf9e26b" }, { "code": "R\u00e9seaux_55", "description": "[messagerie instantan\u00e9e] Interdire l'installation et l'utilisation de logiciels de messagerie instantan\u00e9e, et si cela est n\u00e9anmoins n\u00e9cessaire, sensibiliser les utilisateurs aux risques et bonnes pratiques \u00e0 adopter.", "importance": 0, "uuid": "132abb6c-f387-4aac-b465-019b5f510c0c" }, { "code": "Sauvegardes_01", "description": "Effectuer une sauvegarde des donn\u00e9es, qu'elles soient sous forme papier ou \u00e9lectronique, de mani\u00e8re r\u00e9guli\u00e8re, selon les besoins de disponibilit\u00e9 et d'int\u00e9grit\u00e9 des m\u00e9tiers.", "importance": 0, "uuid": "37fee388-8a21-4f4e-8419-a79218124f32" }, { "code": "Sauvegardes_02", "description": "Mettre en oeuvre des m\u00e9canismes de chiffrement du canal de transmission des donn\u00e9es dans le cas o\u00f9 la sauvegarde est automatis\u00e9e par le r\u00e9seau.", "importance": 0, "uuid": "b2932c56-37ef-4e84-9119-53503a2df913" }, { "code": "Sauvegardes_03", "description": "Prot\u00e9ger les donn\u00e9es sauvegard\u00e9es au m\u00eame niveau de s\u00e9curit\u00e9 qu'en exploitation.", "importance": 0, "uuid": "943f7bd3-2760-4c7b-99b7-404397d602fd" }, { "code": "Sauvegardes_04", "description": "Tester les sauvegardes de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "5c4e538a-e437-4a42-a1de-ff750f441313" }, { "code": "Sauvegardes_05", "description": "Tester l'int\u00e9grit\u00e9 des donn\u00e9es sauvegard\u00e9es si les besoins des m\u00e9tiers le n\u00e9cessitent.", "importance": 0, "uuid": "32f1a608-726a-41f4-b20f-be030b4d6989" }, { "code": "Sauvegardes_06", "description": "Formaliser le niveau d'engagement du service en charge de l'informatique vis-\u00e0-vis du recouvrement des informations chiffr\u00e9es en cas de perte ou d'indisponibilit\u00e9 des secrets assurant le chiffrement (mots de passe, certificats) et contr\u00f4ler r\u00e9guli\u00e8rement les proc\u00e9dures en coh\u00e9rence avec l'engagement pris.", "importance": 0, "uuid": "fb8d805a-1ceb-4c7b-ab28-f402fe453f18" }, { "code": "Sauvegardes_07", "description": "S'assurer que l'organisation, les personnels, syst\u00e8mes et locaux n\u00e9cessaires au traitement sont disponibles dans un d\u00e9lai correspondant aux besoins des m\u00e9tiers.", "importance": 0, "uuid": "03f796b3-a464-4d28-b11f-2d8cff590458" }, { "code": "Sauvegardes_08", "description": "S'assurer de la localisation g\u00e9ographique des sauvegardes, notamment v\u00e9rifier dans quel(s) pays les donn\u00e9es seront stock\u00e9es.", "importance": 0, "uuid": "e80d1526-b858-4469-bcd6-3ac308b7e8a4" }, { "code": "Sites web_01", "description": "Utiliser un certificat sign\u00e9 par une autorit\u00e9 racine de confiance \"qualifi\u00e9e\".", "importance": 0, "uuid": "ba86f498-922c-4b46-bd2c-a6e75d90aaea" }, { "code": "Sites web_02", "description": "Le chiffrement des flux doit \u00eatre garanti par TLS, d\u00e8s lors, il est n\u00e9cessaire de configurer le serveur web afin que celui-ci n'accepte que ce type de protocole (exclure notamment le protocole SSL et rendre le chiffrement obligatoire lors de la n\u00e9gociation SSL).", "importance": 0, "uuid": "54ada837-7393-4bb9-82fa-8dbabe5781e8" }, { "code": "Sites web_03", "description": "D\u00e9finissez un Content-Security-Policy n'incluant que les acteurs que vous autorisez \u00e0 d\u00e9poser des contenus sur votre site.", "importance": 0, "uuid": "df02a7d4-64a0-4424-81c5-57c407c0ce1f" }, { "code": "Sites web_04", "description": "Effectuez des audits de s\u00e9curit\u00e9 sur le site.", "importance": 0, "uuid": "839987f9-a3af-4857-8d15-97e7a7a4b3e7" }, { "code": "sources non humaines_01", "description": "Mettre en place des moyens de pr\u00e9vention, d\u00e9tection et protection contre l'incendie.", "importance": 0, "uuid": "b7f1e10b-5c50-4a94-bb06-5d94df2f7006" }, { "code": "sources non humaines_02", "description": "Mettre en place des moyens de surveillance de la temp\u00e9rature.", "importance": 0, "uuid": "2df0a1d8-498a-4f74-8ddd-e66ce95abe32" }, { "code": "sources non humaines_03", "description": "Mettre en place des moyens de surveillance et de secours de l'alimentation \u00e9lectrique.", "importance": 0, "uuid": "85e4715f-cdf5-410d-9c85-4c2bf520caba" }, { "code": "sources non humaines_04", "description": "Mettre en place des moyens de pr\u00e9vention des d\u00e9g\u00e2ts des eaux.", "importance": 0, "uuid": "1b030af3-71d2-4d38-a9c8-229cdb73e0da" }, { "code": "sources non humaines_05", "description": "S'assurer que les services essentiels (\u00e9lectricit\u00e9, eau, climatisation, etc.) sont correctement dimensionn\u00e9s pour les syst\u00e8mes pris en charge.", "importance": 0, "uuid": "0d7b594a-9f70-4757-90cd-a8929212d28a" }, { "code": "sources non humaines_06", "description": "Pr\u00e9ciser dans les contrats de maintenance des \u00e9quipements de fonctionnement des services essentiels et de s\u00e9curit\u00e9 (extincteurs, climatisation, eau, d\u00e9tection de fum\u00e9e et de chaleur, d\u00e9tection d'ouverture et d'effraction, groupe \u00e9lectrog\u00e8ne, etc.) un d\u00e9lai d'intervention adapt\u00e9 en cas de d\u00e9faillance, et les contr\u00f4ler au moins une fois par an.", "importance": 0, "uuid": "3d3db077-14c5-4dd9-9a35-a20a480f673d" }, { "code": "sources non humaines_07", "description": "En cas de fortes exigences de disponibilit\u00e9, connecter l'infrastructure de t\u00e9l\u00e9communications par au moins deux acc\u00e8s diff\u00e9rents et ind\u00e9pendants, et faire en sorte de pouvoir basculer de l'un \u00e0 l'autre tr\u00e8s rapidement. Si les besoins de disponibilit\u00e9 sont tr\u00e8s \u00e9lev\u00e9s, le recours \u00e0 un site de secours doit \u00eatre envisag\u00e9.", "importance": 0, "uuid": "6fd63d6c-8e3f-4fed-8b46-3a121cad6716" }, { "code": "Sous-traitance_01", "description": "Un contrat de sous-traitance doit \u00eatre conclu avec chacun des sous-traitants, pr\u00e9cisant l'ensemble des \u00e9l\u00e9ments pr\u00e9vus \u00e0 l'art. 28 du RGPD.", "importance": 0, "uuid": "8e8d9706-2f4e-4155-9b4e-2e518af726c8" }, { "code": "Sous-traitance_02", "description": "Encadrer la relation de sous-traitance via un contrat conclu intuitu person\u00e6.", "importance": 0, "uuid": "dc824e4f-631c-44b7-853e-c50fcc4845de" }, { "code": "Sous-traitance_03", "description": "Exiger du sous-traitant la transmission de sa Politique de S\u00e9curit\u00e9 des Syst\u00e8mes d'Information (PSSI) ainsi que de toute les preuves de ses certifications en mati\u00e8re de s\u00e9curit\u00e9 de l'information et annexer ces documents au contrat.", "importance": 0, "uuid": "c525a6b8-a186-4a5e-8ec8-ca86a37a8a83" }, { "code": "Sous-traitance_04", "description": "D\u00e9terminer et fixer contractuellement de fa\u00e7on tr\u00e8s pr\u00e9cise les op\u00e9rations que le sous-traitant sera amen\u00e9 \u00e0 effectuer sur les donn\u00e9es \u00e0 caract\u00e8re personnel.", "importance": 0, "uuid": "55238cb5-d218-4ef3-a16a-fc8950e2cb58" }, { "code": "Sous-traitance_05", "description": "D\u00e9terminer contractuellement la r\u00e9partition des responsabilit\u00e9s vis-\u00e0-vis des processus l\u00e9gaux visant \u00e0 permettre l'exercice des droits des personnes.", "importance": 0, "uuid": "e6b0068c-2d13-45d6-bdb1-f3c01492a0e5" }, { "code": "Sous-traitance_06", "description": "Interdire explicitement ou encadrer le recours \u00e0 des sous-traitants de rang 2.", "importance": 0, "uuid": "2b741baa-6527-4d1e-af57-588d3222bfc0" }, { "code": "Sous-traitance_07", "description": "Pr\u00e9ciser dans le contrat que le respect des obligations de protection des donn\u00e9es personnelles est une obligation essentielle du contrat.", "importance": 0, "uuid": "ad62edd5-a05f-47e7-bf7a-239d70c9c5fe" }, { "code": "Sous-traitance_08", "description": "[fournisseurs de services de cloud computing] Imposer au fournisseur une s\u00e9paration \u00e0 minima logique entre les donn\u00e9es de l'organisme et les donn\u00e9es de ses autres clients.", "importance": 0, "uuid": "91c09f69-641d-4a67-b280-d88bc48cc025" }, { "code": "Sous-traitance_09", "description": "[fournisseurs de services de cloud computing] D\u00e9finir tr\u00e8s pr\u00e9cis\u00e9ment les lieux dans lesquels les donn\u00e9es sont susceptibles d'\u00eatre stock\u00e9es, et les pays depuis lesquels les donn\u00e9es stock\u00e9es dans le cloud sont susceptibles d'\u00eatre accessibles.", "importance": 0, "uuid": "ec375f72-ec16-4e03-84c1-0fd1cbd2544c" }, { "code": "Supervision_01", "description": "Effectuer r\u00e9guli\u00e8rement des contr\u00f4les des traitements de donn\u00e9es afin de v\u00e9rifier leur conformit\u00e9 au RGPD ainsi que l'effectivit\u00e9 et l'ad\u00e9quation des mesures pr\u00e9vues.", "importance": 0, "uuid": "fd130562-249c-4a67-a6ac-02ece98679cb" }, { "code": "Supervision_02", "description": "Fixer des objectifs dans le domaine de la vie priv\u00e9e et des indicateurs permettant de v\u00e9rifier l'atteinte de ces objectifs.", "importance": 0, "uuid": "6d968cf0-962b-4f7c-b03d-c3abd72e5b4a" }, { "code": "Supervision_03", "description": "Faire un bilan de la protection des donn\u00e9es personnelles de mani\u00e8re r\u00e9guli\u00e8re.", "importance": 0, "uuid": "f908a54b-facf-4b53-9709-b4f2ecc00450" }, { "code": "Surveillance_01", "description": "Mettre en place une architecture de journalisation permettant de conserver une trace des \u00e9v\u00e8nements de s\u00e9curit\u00e9 et du moment o\u00f9 ils ont eu lieu.", "importance": 0, "uuid": "7db357a2-3776-44b4-a97e-b78367310ff9" }, { "code": "Surveillance_02", "description": "Choisir les \u00e9v\u00e8nements \u00e0 journaliser en fonction du contexte, des supports (postes de travail, pare-feu, \u00e9quipements r\u00e9seau, serveurs, etc.), des risques et du cadre l\u00e9gal.", "importance": 0, "uuid": "d62b121b-9365-40d8-8a56-2e2d542909ff" }, { "code": "Surveillance_03", "description": "Respecter les exigences du RGPD si les \u00e9v\u00e8nements journalis\u00e9s comprennent des donn\u00e9es \u00e0 caract\u00e8re personnel.", "importance": 0, "uuid": "336df569-2369-4397-accd-2ec1886e00aa" }, { "code": "Surveillance_04", "description": "Proc\u00e9der p\u00e9riodiquement \u00e0 l'analyse des informations journalis\u00e9es, voire mettre en place un syst\u00e8me de d\u00e9tection automatique de signaux faibles.", "importance": 0, "uuid": "2868de95-7bb9-46b7-8218-d9cc8424b72d" }, { "code": "Surveillance_05", "description": "Conserver les journaux d'\u00e9v\u00e8nements sur six mois, hors contraintes l\u00e9gales et r\u00e8glementaires particuli\u00e8res imposant des dur\u00e9es de conservation sp\u00e9cifiques.", "importance": 0, "uuid": "2452fb02-3ec7-4f44-a0c0-d31a18542ed8" }, { "code": "Surveillance_06", "description": "[pare-feu] Mettre en place une politique de filtrage interdisant toute communication directe entre des postes internes et l'ext\u00e9rieur (ne permettre les connexions que via le pare-feu) et ne laisser passer que les flux explicitement autoris\u00e9s (blocage par le pare-feu de toute connexion sauf celles identifi\u00e9es comme n\u00e9cessaires).", "importance": 0, "uuid": "4b4d6e38-4e83-4eba-903c-6bd0b21fcc3d" }, { "code": "Surveillance_07", "description": "[pare-feu] Journaliser toutes les connexions autoris\u00e9es r\u00e9ussies et toutes les tentatives de connexions rejet\u00e9es.", "importance": 0, "uuid": "1c1b2da0-1208-490a-bf54-23155d261ae9" }, { "code": "Surveillance_08", "description": "[pare-feu] Exporter les journaux par un canal s\u00e9curis\u00e9 vers un serveur d\u00e9di\u00e9.", "importance": 0, "uuid": "4b605778-2fd7-4fc7-969a-1c07218d63a9" }, { "code": "Surveillance_09", "description": "[\u00e9quipement r\u00e9seau] Journaliser l'activit\u00e9 sur chaque port d'un commutateur ou d'un routeur.", "importance": 0, "uuid": "f9934676-6196-4d87-bf84-5e0a56d8e286" }, { "code": "Surveillance_10", "description": "[\u00e9quipement r\u00e9seau] Exporter les journaux vers un serveur d\u00e9di\u00e9 \u00e0 l'aide d'un client syslog int\u00e9gr\u00e9 ou via un flux netflow.", "importance": 0, "uuid": "7916263f-fa8a-42f8-b9e1-479f5fe7365a" }, { "code": "Surveillance_11", "description": "[\u00e9quipement r\u00e9seau] Contr\u00f4ler la volum\u00e9trie en fonction des heures, ainsi que le respect des \u00e9ventuelles listes de contr\u00f4le d'acc\u00e8s (ACL : Access Control Lists) pour les routeurs.", "importance": 0, "uuid": "8f5e385a-e9c5-458e-ad24-24e26f4e5e6d" }, { "code": "Surveillance_12", "description": "[serveur] Journaliser le maximum d'informations sur les requ\u00eates effectu\u00e9es par les clients sur les serveurs web dans le but d'identifier les d\u00e9fauts de configuration, les injections de requ\u00eates SQL, etc.", "importance": 0, "uuid": "6b9f8abc-39fb-492e-bda4-0d8338cf3f46" }, { "code": "Surveillance_13", "description": "[serveur] Journaliser l'activit\u00e9 des usagers sur les serveurs proxy.", "importance": 0, "uuid": "d288aca4-c9ee-407c-881f-1a5d5609536f" }, { "code": "Surveillance_14", "description": "[serveur] Journaliser l'ensemble des requ\u00eates qui sont faites aux serveurs DNS, qu'elles soient \u00e9mises par des internautes ou par des clients du r\u00e9seau interne.", "importance": 0, "uuid": "b38b8e87-ef3d-4dac-bdb0-28e691a638e9" }, { "code": "Surveillance_15", "description": "[serveur] Journaliser les donn\u00e9es d'authentification horodat\u00e9es et la dur\u00e9e de chaque connexion sur les serveurs d'acc\u00e8s distant.", "importance": 0, "uuid": "08d11510-f718-4575-b19a-abbd372d335d" }, { "code": "Surveillance_16", "description": "[serveur] Journaliser la r\u00e9ception et la gestion des messages sur les serveurs de messagerie.", "importance": 0, "uuid": "da6e1b58-6d07-4c15-b45b-f8973043180c" }, { "code": "Tra\u00e7abilit\u00e9_01", "description": "Mettre en place un syst\u00e8me de journalisation applicative permettant de conserver une trace des acc\u00e8s et modifications de donn\u00e9es op\u00e9r\u00e9s par les utilisateurs et du moment o\u00f9 ils ont eu lieu.", "importance": 0, "uuid": "a7560e7f-76b1-4833-9b9d-ed6eea38f8a9" }, { "code": "Tra\u00e7abilit\u00e9_02", "description": "Mettre en place une authentification des utilisateurs permettant d'assurer l'imputabilit\u00e9 des \u00e9v\u00e8nements journalis\u00e9s.", "importance": 0, "uuid": "d1a26642-51f0-4dd9-8dde-3386af130a1d" }, { "code": "Tra\u00e7abilit\u00e9_03", "description": "Respecter les exigences du RGPD concernant les \u00e9v\u00e8nements journalis\u00e9s rattach\u00e9s \u00e0 un utilisateur identifi\u00e9.", "importance": 0, "uuid": "f7920955-ae16-4502-8b24-e85186c4dfc0" }, { "code": "Tra\u00e7abilit\u00e9_04", "description": "Proc\u00e9der p\u00e9riodiquement \u00e0 l'analyse des informations journalis\u00e9es, voire mettre en place un syst\u00e8me de d\u00e9tection automatique de comportements anormaux.", "importance": 0, "uuid": "b0cf4f33-d957-4e7f-b604-cc6983facce5" }, { "code": "Transferts hors UE_01", "description": "D\u00e9tailler le lieu g\u00e9ographique de stockage des diff\u00e9rentes donn\u00e9es du traitement.", "importance": 0, "uuid": "69fdb9c2-df41-49d2-840f-7926f211ae6e" }, { "code": "Transferts hors UE_02", "description": "justifier le choix d'un h\u00e9bergement \u00e9loign\u00e9 et indiquer les modalit\u00e9s d'encadrement juridique mises en oeuvre afin d'assurer une protection ad\u00e9quate aux donn\u00e9es faisant l'objet d'un transfert transfrontalier.", "importance": 0, "uuid": "a404e683-9464-4fd4-b98a-5d651684f8b5" } ], "version": 0 } 2021-04-13T13:00:22.042679+00:00 https://objects.monarc.lu/object/get/5199 CNIL [en] 2021-06-20T03:57:49.965255+00:00 MONARC { "label": "CNIL", "language": "EN", "refs": [ "https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf" ], "uuid": "b2f63ac4-c50c-43e1-8227-7078e6fcfd23", "values": [ { "code": "Anonymization_01", "description": "Determine what must be anonymized based on the context, the form in which the personal data are stored (including database fields or excerpts from texts, etc.) and the risks identified.", "importance": 0, "uuid": "a689861b-a722-4457-8171-934354562cab" }, { "code": "Anonymization_02", "description": "Permanently anonymize the data that require such anonymization based on the form of the data to be anonymized (including databases and textual records, etc.) and the risks identified.", "importance": 0, "uuid": "cbf48c2f-40e9-4c7e-8131-2393bcb591b5" }, { "code": "Anonymization_03", "description": "If such data cannot be anonymized permanently, choose tools (including partial deletion, encryption, hashing, key hashing, index, etc.) that most closely meet the functional needs.", "importance": 0, "uuid": "908a4718-c979-46d4-8d78-1a01d789a9e4" }, { "code": "Archiving_01", "description": "Confirm that the archive management processes are defined.", "importance": 0, "uuid": "d2693f41-f525-47da-85ed-5649770be40b" }, { "code": "Archiving_02", "description": "Confirm that the archiving roles are identified.", "importance": 0, "uuid": "f8637d15-df22-470c-8a11-c26487193ce5" }, { "code": "Archiving_03", "description": "Confirm that the measures can ensure, if necessary, the identification and authentication of the origin of the archives, integrity, intelligibility, readability, availability and accessibility of the archives, how long the archives must be kept and the traceability of the operations carried out on the archives (including transfer, consultation, migration, deletion, etc.) and take additional measures if this is not the case.", "importance": 0, "uuid": "0ad651e5-8fa6-40d9-81a6-747c203f7f13" }, { "code": "Archiving_04", "description": "Determine the methods for protecting the confidentiality of the archived personal data based on the risks identified.", "importance": 0, "uuid": "5171d119-7ab3-41f5-8789-1b16f4c14c40" }, { "code": "Archiving_05", "description": "Confirm that the archive authorities have an archiving policy.", "importance": 0, "uuid": "5dc180e8-3e00-42e7-9e60-bcbd8f9bd483" }, { "code": "Archiving_06", "description": "Confirm that a declaration of archiving practices exists.", "importance": 0, "uuid": "13b7897c-b7a1-4941-892e-abe056f12c05" }, { "code": "Backups_01", "description": "Back up the personal data regularly, whether they are on paper or in electronic form, based on the businesses' availability and integrity requirements.", "importance": 0, "uuid": "bb7cd7b2-4ea0-47a3-a607-e4f25c628698" }, { "code": "Backups_02", "description": "Implement mechanisms for encrypting the data transmission channel if the network's backup is automated.", "importance": 0, "uuid": "47ac599e-904b-45c4-9be8-035a75deac14" }, { "code": "Backups_03", "description": "Protect backed-up personal data with the same level of security as that used in operations.", "importance": 0, "uuid": "1b99ebd6-776f-4a4b-9e21-117349e5526f" }, { "code": "Backups_04", "description": "Test the backups regularly.", "importance": 0, "uuid": "49c46d91-36aa-469f-a743-77a4a35bdfef" }, { "code": "Backups_05", "description": "Test the integrity of the backed-up personal data if the businesses' requirements so require.", "importance": 0, "uuid": "2d890d10-9bf3-4a18-b59a-f2275e43d3de" }, { "code": "Backups_06", "description": "Formally document the level of commitment of the IT department regarding the recovery of encrypted information in the event of loss or unavailability of the secrets ensuring the encryption (including passwords and certificates) and regularly check the procedures associated with that commitment.", "importance": 0, "uuid": "3ad1a54b-58fa-4524-b857-6ede9d683ea0" }, { "code": "Backups_07", "description": "Ensure that the organization, staff, systems and premises necessary to carry out the processing are available within a timeframe that corresponds to the needs of the businesses.", "importance": 0, "uuid": "fdd84eeb-d249-4d82-a7ca-2edb149dad91" }, { "code": "Backups_08", "description": "Confirm the geographic location of the backups and, specifically, in which country (countries) the data are stored.", "importance": 0, "uuid": "05ca0450-a6c3-4e3b-9d85-3052442fb9af" }, { "code": "Basis_01", "description": "Determine and justify the lawfulness criterion applicable to the data processing.", "importance": 0, "uuid": "3e967274-f715-44f3-8a95-b1bc30604448" }, { "code": "Consent_01", "description": "Determine and justify the practical means to be implemented to obtain the consent of the data subjects or justify when they are impossible to implement.", "importance": 0, "uuid": "7cbad538-4ced-4b90-9563-52bd4620204a" }, { "code": "Consent_02", "description": "Ensure that consent is obtained before any processing begins.", "importance": 0, "uuid": "da02a7bf-64ed-4491-b6f9-0f8531479aaf" }, { "code": "Consent_03", "description": "Ensure that consent is obtained freely.", "importance": 0, "uuid": "8a1f9342-372e-4aa1-bfb8-36475bf41ddf" }, { "code": "Consent_04", "description": "Ensure that the consent is obtained in an informed, transparent manner in terms of the purposes of the processing.", "importance": 0, "uuid": "772ea30e-dcd3-4055-9c52-85aab209968b" }, { "code": "Consent_05", "description": "Ensure that consent is obtained for a specific purpose.", "importance": 0, "uuid": "643af31e-c023-4eed-8b54-0b9203a5f54b" }, { "code": "Consent_06", "description": "When procurement is involved, set out each party's obligations in an explicit written agreement accepted by both parties.", "importance": 0, "uuid": "c7f946f4-e289-4d25-bea6-514efffb3030" }, { "code": "Consent_07", "description": "Obtain the parents' consent for minors under 13 years of age.", "importance": 0, "uuid": "9f8ff069-e841-480b-8710-896978389fae" }, { "code": "Consent_08", "description": "Obtain the informed, express consent of data subjects prior to initiating the processing, unless the processing relies on a different legal basis or if the law prohibits collecting or processing personal data.", "importance": 0, "uuid": "5617d7b1-85e7-4441-9f8d-d08b8f02341b" }, { "code": "Consent_09", "description": "[collecting personal data via a website] Provide a form with boxes that must be checked and that are not checked by default (\"opt-in\" approach).", "importance": 0, "uuid": "82d00a60-b4de-4579-aea1-3ce851e58170" }, { "code": "Consent_10", "description": "[collecting personal data via cookies] If a cookie is not strictly necessary to provide the service that the user has expressly requested, obtain the Internet user's consent (e.g. via a banner at the top of a web page), a consent request zone overlaid on the page or boxes that must be checked when subscribing to a service online) after informing the user and before storing the cookie.", "importance": 0, "uuid": "980f2357-982c-4005-8391-05376c6f0461" }, { "code": "Consent_11", "description": "[collecting data via a mobile app] Obtain the user's consent when the mobile app or device is first activated.", "importance": 0, "uuid": "727c77de-66f2-4b06-a0d3-a5cd3afc7aff" }, { "code": "Consent_12", "description": "[collecting data via a mobile app] Offer consent segmented per data category or processing type, particularly by distinguishing data sharing with other users or third-party companies.", "importance": 0, "uuid": "4f5abefd-28fa-46de-8d3b-9e1c271f6b51" }, { "code": "Consent_13", "description": "[geolocation via a smartphone] Enable users to refuse to allow an application to systematically geolocate them.", "importance": 0, "uuid": "75fffbe7-7dd5-46c4-aada-1263f4a172af" }, { "code": "Consent_14", "description": "[geolocation via a smartphone] Allow users to choose which application may use geolocation.", "importance": 0, "uuid": "781d3830-d98a-44e8-844f-3826c63258b3" }, { "code": "Consent_15", "description": "[geolocation via a smartphone] Allow users to choose the persons authorized to access their geolocation information and at what level of detail.", "importance": 0, "uuid": "3df7a076-588f-49ae-9fb5-11e9abea46dd" }, { "code": "Consent_16", "description": "[targeted advertising] Provide users with simple, no-cost methods to accept or refuse advertising based on their navigation behavior and to choose the targeted advertising they would like to receive based on their interests.", "importance": 0, "uuid": "4aede15b-d689-4561-b73f-f875c82b0a4e" }, { "code": "Consent_17", "description": "[research using identifiable biological samples] If the samples are preserved for further processing that is different from the initial processing, also be sure to obtain the data subject's express, informed consent to said other processing.", "importance": 0, "uuid": "7ab2bc36-35db-4dac-84c3-9a9192cbf909" }, { "code": "Data minimization_01", "description": "Justify the collection of each piece of data.", "importance": 0, "uuid": "ff1d6815-b9f2-4ad9-bce4-e76774473d5b" }, { "code": "Data minimization_02", "description": "Clearly distinguish between anonymous and pseudonymous data.", "importance": 0, "uuid": "cf7c23d2-26e5-4d7d-bbaa-55e314f49c80" }, { "code": "Data minimization_03", "description": "Avoid free-form text fields (of the \"comments\" space type), because of the risk that users note down information that does not comply with the minimization principles there. Preference should therefore be given to scroll-down list type fields. If free- form text fields cannot be avoided, users' awareness must be raised in how to use such fields, with regard to the standard terms & conditions for service and the law (no offensive words, no undeclared sensitive data, etc.).", "importance": 0, "uuid": "90a44773-3816-4d4c-9e42-ce744ed70216" }, { "code": "Data minimization_04", "description": "Confirm that the personal data are adequate, relevant and not excessive with regard to the intended purpose; otherwise, do not collect the data.", "importance": 0, "uuid": "ba66d448-9b7d-45d6-8cf1-0b425a5e38d2" }, { "code": "Data minimization_05", "description": "Confirm that the personal data do not reveal (directly or indirectly) racial or ethnic origin, political, philosophical or religious views, trade union membership, health information or information on an individual's sex life and do not collect them if they do, except under exceptional circumstances (for example, with consent, in the public interest or pursuant to Article 9 of the GDPR).", "importance": 0, "uuid": "da32671d-3bc5-4446-83a4-48ca0c13e0a7" }, { "code": "Data minimization_06", "description": "Confirm that the personal data do not relate to offences, criminal convictions or security measures and do not collect them if they do, except under exceptional circumstances (for example, in dealing with the courts or court officers pursuant to Article 10 of the GDPR).", "importance": 0, "uuid": "0ee55672-327d-438f-8335-9d8f78ed6cd2" }, { "code": "Data minimization_07", "description": "Prevent the collection of additional personal data.", "importance": 0, "uuid": "fd2e985f-c782-4f1e-94ba-f8320cfc25d2" }, { "code": "Data minimization_08", "description": "Filter and remove unnecessary data.", "importance": 0, "uuid": "c759faba-276a-4451-a471-95ceb4b9c223" }, { "code": "Data minimization_09", "description": "Reduce sensitivity via conversion.", "importance": 0, "uuid": "164186d3-ddfc-4515-aab0-0a7124997210" }, { "code": "Data minimization_10", "description": "Reduce the identifying characteristics of data.", "importance": 0, "uuid": "baa2c6e2-308f-4b50-88ca-75f7f3758fc7" }, { "code": "Data minimization_11", "description": "Reduce data accumulation.", "importance": 0, "uuid": "9a0821c6-224e-47cf-bdd3-48cc1e4bb3c9" }, { "code": "Data minimization_12", "description": "Restrict access to data.", "importance": 0, "uuid": "9be8c793-8696-448c-b4fb-6d190d8555d4" }, { "code": "Data minimization_13", "description": "Restrict the transmission of electronic documents containing personal data to the individuals who need them in connection with their work.", "importance": 0, "uuid": "27568f00-0271-4c31-82ec-6adc48d1e4c1" }, { "code": "Data minimization_14", "description": "Securely delete personal data that are no longer necessary or that a subject requests be deleted from the system in operation or from backups where applicable.", "importance": 0, "uuid": "eb37f1b9-4976-4dd4-bdb4-f4543c944229" }, { "code": "Data partitioning_01", "description": "Identify the sole data necessary to each business process.", "importance": 0, "uuid": "91bfc9aa-b44a-41ab-bd74-d8820e7bf8a5" }, { "code": "Data partitioning_02", "description": "Separate the data useful to each process in logical fashion.", "importance": 0, "uuid": "8a690f8c-64bf-4b15-a62c-b871f6a53395" }, { "code": "Data partitioning_03", "description": "Regularly confirm that personal data are partitioned effectively and that recipients and interconnections have not been added.", "importance": 0, "uuid": "f566c1c7-822f-4b49-9a32-119f655d00ef" }, { "code": "Data quality_01", "description": "Regular checks of the accuracy of the user's personal data.", "importance": 0, "uuid": "f73c8a25-bfbb-44a1-928d-2b2bc26f7c20" }, { "code": "Data quality_02", "description": "Ask the user to check and, where necessary, update his or her data at regular intervals.", "importance": 0, "uuid": "6fd0a2b5-70a0-460b-860e-4cc495bd76cc" }, { "code": "Data quality_03", "description": "Ensure the traceability of any data changes.", "importance": 0, "uuid": "698c5493-1b87-4c61-9291-0a775060f3a5" }, { "code": "Encryption_01", "description": "Determine what should be encrypted (including an entire hard disk, a partition, a container, certain files, data from a database or a communications channel, etc.) based on the form in which data is stored, the risks identified and the performance required.", "importance": 0, "uuid": "80861066-d211-4a65-be96-e5f6f2e51868" }, { "code": "Encryption_02", "description": "Choose the type of encryption (symmetric or asymmetric) based on the context and the risks identified.", "importance": 0, "uuid": "e305b46a-4e52-4b0e-91dd-f8134854e38f" }, { "code": "Encryption_03", "description": "Adopt encryption solutions based on public algorithms known to be strong.", "importance": 0, "uuid": "f30b73cb-bd98-4e47-b62b-ba175a2cfb69" }, { "code": "Encryption_04", "description": "Establish measures to ensure the availability, integrity and confidentiality of the information necessary to recover lost secrets (including administrator passwords and a recovery CD, etc.).", "importance": 0, "uuid": "474fd10b-8fb9-4939-ab3c-ead2d8c6eb38" }, { "code": "Encryption_05", "description": "Only use a key for a single purpose.", "importance": 0, "uuid": "6b169b08-e70c-4449-930a-6391b9c25176" }, { "code": "Encryption_06", "description": "Formally document the key management system.", "importance": 0, "uuid": "2b2780eb-06d0-4093-a233-a42affd4e64b" }, { "code": "Encryption_07", "description": "Choose a mechanism recognized by the appropriate organizations and that provides security proof.", "importance": 0, "uuid": "8d1c9da7-abe2-412f-a17e-c2fdea323fc7" }, { "code": "Encryption_08", "description": "Establish mechanisms for verifying the electronic certificates.", "importance": 0, "uuid": "4548272b-3cd5-437c-aaae-0d2212cb9681" }, { "code": "Encryption_09", "description": "Protect the security of key generation and use consistent with their level in the key hierarchy.", "importance": 0, "uuid": "94a30b9d-8146-4463-8bc9-d4eefc447cc2" }, { "code": "Encryption_10", "description": "[workstations] Choose systems that do not store keys on the equipment that will be encrypted unless this implements a secure storage device (such as a TPM chip for laptops).", "importance": 0, "uuid": "d538629f-03a2-4192-860f-76c0ab1e64c3" }, { "code": "Encryption_11", "description": "[workstations] Encrypt the data at operating system level (encryption of a partition, directory or file) or using specialized software (encryption of a container).", "importance": 0, "uuid": "11d2ba45-f4e0-4859-a978-b47a78e31e2d" }, { "code": "Encryption_12", "description": "[databases] Based on the risks identified, encrypt the storage area (at the level of the hardware, operating system or database) so as to provide protection from physical theft, of the piece of data itself (encryption by application), with a view to guaranteeing the confidentiality of certain data as regards the administrators themselves. In the event of partitioned IT teams, database encryption can make data accessible only to database administrators, to the exclusion of system administrators.", "importance": 0, "uuid": "1cd4480b-3e0e-4822-9dfe-2ad7d79d188d" }, { "code": "Encryption_13", "description": "[email] Encrypt the stored files or the email attachments.", "importance": 0, "uuid": "9a104879-17fa-4603-8e35-f58ad23473dd" }, { "code": "Encryption_14", "description": "[email] Encrypt email messages.", "importance": 0, "uuid": "cbd64008-b687-490b-a204-06993f64d537" }, { "code": "Encryption_15", "description": "[networks] Encrypt the communications channel between an authenticated server and a remote client.", "importance": 0, "uuid": "dcfcf16e-908d-421d-8394-a45f02c88b5f" }, { "code": "Environmental_01", "description": "Store dangerous products (including inflammable, combustible, corrosive, explosive, aerosol and wet items) in appropriate storage areas and at a safe distance from the areas where personal data are processed.", "importance": 0, "uuid": "eba95781-d206-4855-853d-7fe76e551bc0" }, { "code": "Environmental_02", "description": "Avoid dangerous geographic areas (flood zones, areas near airports, chemical industry facilities, earthquake zones and volcanic zones, etc.).", "importance": 0, "uuid": "07af685d-5f82-48f2-9bf1-eacbd7c6e239" }, { "code": "Environmental_03", "description": "Do not store data in a foreign country without guarantees that can ensure an appropriate level of data protection.", "importance": 0, "uuid": "9df5f05c-26dc-42f6-adcf-657a53848a65" }, { "code": "Hardware_01", "description": "Maintain an up-to-date inventory of IT resources used.", "importance": 0, "uuid": "ae2d2a74-d55f-4da6-86dc-7fd61bf9d536" }, { "code": "Hardware_02", "description": "Partition off the organization's resources in the event of shared premises.", "importance": 0, "uuid": "d4a9d060-c84d-4edc-a601-06be90154512" }, { "code": "Hardware_03", "description": "Block access to personal data stored on discarded IT resources.", "importance": 0, "uuid": "bd107e40-4118-41d0-bbb9-3281154d3f97" }, { "code": "Hardware_04", "description": "Set up physical redundancy of storage units using RAID or an equivalent technology.", "importance": 0, "uuid": "61e6b947-8823-4542-a507-a062a9c883d5" }, { "code": "Hardware_05", "description": "Make sure that the sizes of storage and processing capacities, as well as the conditions of use, are compatible with the intended use of hardware, particularly in terms of location, humidity and temperature.", "importance": 0, "uuid": "5c5c2c6c-1642-484e-8516-47c3bc5176a2" }, { "code": "Hardware_06", "description": "Make sure that the power supplies of most critical hardware are protected from voltage variations and are backed up, or at least allow such hardware to be shut down normally.", "importance": 0, "uuid": "f28dd275-f6dd-42c1-a43d-1de66a86fed5" }, { "code": "Hardware_07", "description": "Protect access to hardware that is sensitive or of high market value.", "importance": 0, "uuid": "e64f2f6c-b462-4598-adae-28deebe06b16" }, { "code": "Hardware_08", "description": "Limit the possibilities of hardware alteration", "importance": 0, "uuid": "ef06c517-ac35-4e18-ba7f-3664d60420b9" }, { "code": "Hardware_09", "description": "[workstations] Retrieve data, except for data defined as private or personal, from workstations before they are assigned to other persons.", "importance": 0, "uuid": "c7ac7e92-0578-4579-adc2-dc13409f6e9d" }, { "code": "Hardware_10", "description": "[mobile devices] Limit the amount of personal data stored on mobile devices to the strict minimum, and prohibit such storage during travel abroad if needs be.", "importance": 0, "uuid": "3d7fe818-5b01-4928-bb97-222697aa367b" }, { "code": "Hardware_11", "description": "[mobile devices] Configure devices so that they lock after a few minutes of inactivity.", "importance": 0, "uuid": "c9f7a9a6-5e64-463f-b041-ef3013d543dd" }, { "code": "Hardware_12", "description": "[removable storage devices] Limit the use of removable storage devices to those provided by the IT department.", "importance": 0, "uuid": "94f90dd1-bc14-40cd-88f4-6222ef2441cf" }, { "code": "Hardware_13", "description": "[removable storage devices] Prohibit the use of wireless USB flash drives (e.g.: Bluetooth).", "importance": 0, "uuid": "022c09ba-3275-43bb-87c7-a1370a534d4d" }, { "code": "Hardware_14", "description": "[removable storage devices] Prohibit the use of USB flash drives on hardware that is not secure (antivirus, firewall, etc.).", "importance": 0, "uuid": "1aa1e4fc-de28-4123-9ffe-950d9116e9ae" }, { "code": "Hardware_15", "description": "[removable storage devices] Restrict the use of USB flash drives to work-related purposes.", "importance": 0, "uuid": "7ff93175-c45f-4573-866c-843fa93f5609" }, { "code": "Hardware_16", "description": "[removable storage devices] Disable the autorun functionality on all workstations (group strategy).", "importance": 0, "uuid": "90e4d611-b595-40f0-963c-abc571001408" }, { "code": "Hardware_17", "description": "[removable storage devices] Encrypt personal data stored on removable storage devices.", "importance": 0, "uuid": "f3725d8d-eb72-4b93-8a5d-331b137b4c93" }, { "code": "Hardware_18", "description": "[removable storage devices] Return removable storage devices that are either defective or no longer necessary, to the IT department.", "importance": 0, "uuid": "3bf45eda-a432-43b7-a983-e0dfdb18bdbf" }, { "code": "Hardware_19", "description": "[removable storage devices] Securely destroy unnecessary personal data storage devices.", "importance": 0, "uuid": "34981e25-763b-4337-b041-e05ef82b820d" }, { "code": "Hardware_20", "description": "[multifunction printers and copiers] Change \"manufacturer\" default passwords.", "importance": 0, "uuid": "f3bc733e-1b69-4f0c-93a7-72365c10591d" }, { "code": "Hardware_21", "description": "[multifunction printers and copiers] Disable unnecessary network interfaces.", "importance": 0, "uuid": "77d2099a-ddc0-46d9-b29d-d54c60b36ece" }, { "code": "Hardware_22", "description": "[multifunction printers and copiers] Disable or delete unnecessary services.", "importance": 0, "uuid": "c9cb46a4-696e-47e6-b047-de4042900586" }, { "code": "Hardware_23", "description": "[multifunction printers and copiers] Encrypt data stored on hard disks wherever possible.", "importance": 0, "uuid": "fead86d0-b8b9-45be-9499-7b3c92083dcf" }, { "code": "Hardware_24", "description": "[multifunction printers and copiers] Restrict the sending of electronic documents to internal email addresses and, in certain cases, restrict the sending of electronic documents to a single email address.", "importance": 0, "uuid": "5ac8ca33-5366-48ff-a7b3-5d4b70d9e05f" }, { "code": "Information for the data subjects_01", "description": "Determine and justify the practical means that will be implemented to inform the data subjects, or justify when they are impossible to implement.", "importance": 0, "uuid": "41c3e30b-3e14-4f9c-a03e-14481ecd8db7" }, { "code": "Information for the data subjects_02", "description": "Ensure that the notification is complete, clear and appropriate to the target audience based on the nature of the personal data and the practical means chosen.", "importance": 0, "uuid": "b1a8f108-26ab-40dd-8b69-80f2b2380fb0" }, { "code": "Information for the data subjects_03", "description": "Ensure that the notification is provided by the time the data are collected.", "importance": 0, "uuid": "3fe0606e-2a86-4afb-9d73-b72bc90c9012" }, { "code": "Information for the data subjects_04", "description": "Ensure that the data cannot be collected without providing this information.", "importance": 0, "uuid": "cd6b1192-ed8b-48f1-99bd-dd0486d07744" }, { "code": "Information for the data subjects_05", "description": "If possible, provide a means by which to show that notification was provided.", "importance": 0, "uuid": "0457059d-5f55-4a61-998a-e7ca1f690bad" }, { "code": "Information for the data subjects_06", "description": "[employees of an organization] Obtain the prior opinion of the staff representative organizations in the cases set forth in Labor Code.", "importance": 0, "uuid": "2191cdbc-f411-41c6-8b77-baa0c2fdafd9" }, { "code": "Information for the data subjects_07", "description": "[employees of an organization] Use the method that is most appropriate to the organization.", "importance": 0, "uuid": "191d466a-3d41-4883-ab9b-f85788e6ce85" }, { "code": "Information for the data subjects_08", "description": "[collecting personal data via a website] Provide direct or easily accessible information for Internet users.", "importance": 0, "uuid": "6406b9ab-72d4-4473-879c-2aa2d630f457" }, { "code": "Information for the data subjects_09", "description": "[collecting data via a mobile app] Provide direct or easily accessible information for users.", "importance": 0, "uuid": "13aa56e4-2f0c-4439-bdae-8e6fe2420fed" }, { "code": "Information for the data subjects_10", "description": "[collecting data via a mobile app] Inform the user if the app is likely to access the device's identifiers, by specifying whether these identifiers are communicated to third parties.", "importance": 0, "uuid": "537329de-73ae-49ec-8a91-97a5f0e2d667" }, { "code": "Information for the data subjects_11", "description": "[collecting data via a mobile app] Inform the user if the app is likely to run in the background.", "importance": 0, "uuid": "865b7fe1-779f-4410-a9a1-b54dfc205081" }, { "code": "Information for the data subjects_12", "description": "[collecting data via a mobile app] Present the protections for accessing the device to the user.", "importance": 0, "uuid": "f4523be3-7ffc-46d9-b6e9-27ec09507091" }, { "code": "Information for the data subjects_13", "description": "[collecting personal data by telephone] Issue an automatic message before the conversation begins with information on subjects' rights, the reason for recording the conversation (for training purposes or to monitor service quality), if necessary, and an opportunity to object to recording (on legitimate grounds).", "importance": 0, "uuid": "1d7dcc08-df36-4fd4-9cad-9a6567852aad" }, { "code": "Information for the data subjects_14", "description": "[collecting personal data by telephone] Set up means for authenticating the caller (e.g.: via information that is known only to the organization and data subject).", "importance": 0, "uuid": "30d53d6e-c454-483d-bcd6-db29d6f48bd3" }, { "code": "Information for the data subjects_15", "description": "[collecting data via a form] Place the appropriate notice on the form in a typeface identical to the rest of the document.", "importance": 0, "uuid": "b65b69c8-4bef-4165-8462-0e1eae30969a" }, { "code": "Information for the data subjects_16", "description": "[targeted advertising] Make the information available to Internet users in visible, legible form.", "importance": 0, "uuid": "a29cf640-fc41-45e8-9582-465181e2028a" }, { "code": "Information for the data subjects_17", "description": "[targeted advertising] Inform Internet users about the various forms of targeted advertising they are likely to see via the service they are accessing and the various procedures used, the categories of information processed to adapt the advertising content and, as needed, the information that is not gathered and how they may agree to the display of behavioral or personalized advertising. Notification must be provided and consent obtained before any information is stored or before accessing information already stored in the terminal equipment.", "importance": 0, "uuid": "dc20eeec-47fd-4f4f-914a-ff2a81e43a59" }, { "code": "Information for the data subjects_18", "description": "[updating existing processing] Provide specific notification about new forms of processing (for example, new purposes or new recipients).", "importance": 0, "uuid": "1a5ebce9-7783-4e5a-9f15-6d4130ed84c4" }, { "code": "Integrity monitoring_01", "description": "Identify the data that must be monitored for integrity based on the risks identified.", "importance": 0, "uuid": "81096f3d-434f-4ca6-b263-6402645f3a35" }, { "code": "Integrity monitoring_02", "description": "Choose a method for monitoring their integrity based on the context, the risks assessed and the robustness required.", "importance": 0, "uuid": "1ebe2b48-44a6-4976-9f1a-86ae43656806" }, { "code": "Integrity monitoring_03", "description": "Determine when the function is to be applied and when the integrity monitoring should be performed based on implementation of the business process.", "importance": 0, "uuid": "70393b55-d5b1-46f9-bb75-dff01c045a30" }, { "code": "Integrity monitoring_04", "description": "When the data are sent to a database, analytical measures must be set up to prevent scripting or SQL injection attacks.", "importance": 0, "uuid": "aebd360b-cd9a-4a10-8116-e752edf8f3ff" }, { "code": "Integrity monitoring_05", "description": "Choose a hash mechanism recognized by the appropriate organizations and that provides security proof.", "importance": 0, "uuid": "abd478b5-b3e6-4f59-9499-c6e059e37baf" }, { "code": "Integrity monitoring_06", "description": "Adopt electronic signature solutions based on public algorithms known to be strong.", "importance": 0, "uuid": "f8939c47-62ad-4e9a-a7f2-c9de2732e655" }, { "code": "Logical access_01", "description": "Manage users' profiles by separating tasks and areas of responsibility (preferably in centralized fashion) to limit access to personal data exclusively to authorized users by applying need-to-know and least-privilege principles.", "importance": 0, "uuid": "1aedf963-d4c1-4858-aa6a-83f1172295ca" }, { "code": "Logical access_02", "description": "Identify every person with legitimate access to personal data (employees, contracting parties and other third parties) by a unique identifier.", "importance": 0, "uuid": "1cf018d8-33e0-4f03-b87e-d0ecf15b8668" }, { "code": "Logical access_03", "description": "If the use of generic or shared identifiers cannot be avoided, obtain validation from top management and implement methods for tracing the use of this kind of identifier.", "importance": 0, "uuid": "24b38f5e-a0a2-41b4-94d4-04ebe1d73f16" }, { "code": "Logical access_04", "description": "Limit access to the tools and administration interfaces to authorized persons.", "importance": 0, "uuid": "7940afda-6f90-43ce-93de-9e13c2b388db" }, { "code": "Logical access_05", "description": "Limit the use of accounts that provide elevated privileges to operations that require them.", "importance": 0, "uuid": "a9a8432a-73d4-4f0d-8184-c8847a571cb4" }, { "code": "Logical access_06", "description": "Limit the use of \"administrator\" accounts to the IT department and to administration actions that require them.", "importance": 0, "uuid": "4d6297a1-0193-41d3-8868-37efa49c968b" }, { "code": "Logical access_07", "description": "Every account, particularly if it has elevated privileges (for example, an administrator account), must have its own password.", "importance": 0, "uuid": "ddb71c7d-1e28-4592-b033-f05e1403077e" }, { "code": "Logical access_08", "description": "Log information connected to the use of privileges.", "importance": 0, "uuid": "3c9ad118-203a-4e8f-906b-7508506aacba" }, { "code": "Logical access_09", "description": "Conduct an annual review of privileges to identify and delete unused accounts and to realign the privileges with each user's functions.", "importance": 0, "uuid": "810ce7c4-c1f2-46d1-a87d-da0e06f10684" }, { "code": "Logical access_10", "description": "Withdraw the rights of employees, contracting parties and other third parties when they are no longer authorized to access a premises or a resource or when their employment contract ends, and adjust the rights in the event of a job transfer.For individuals with a temporary account (including interns and service providers), configure an expiration date when the account is established.", "importance": 0, "uuid": "3ff50b19-8155-4e23-aba6-a6538b4d71f0" }, { "code": "Logical access_11", "description": "Choose an authentication method to open sessions that is appropriate to the context, the risk level and the robustness expected.", "importance": 0, "uuid": "ac78bbf8-87a7-48ae-8630-568011da98df" }, { "code": "Logical access_12", "description": "Prohibit the passwords used from appearing unencrypted in programs, files, scripts, traces or log files or on the screen when they are entered.", "importance": 0, "uuid": "9fc35976-da32-43f0-afae-f1045efac451" }, { "code": "Logical access_13", "description": "Determine the actions to be taken in the event of a failed authentication.", "importance": 0, "uuid": "b7911bea-4083-4e81-ba64-f9b114c13b2f" }, { "code": "Logical access_14", "description": "Limit authentication by identifiers and passwords to the workstation access control (unlocking only).", "importance": 0, "uuid": "dd4cf1bf-f164-4f4d-a0c2-8826d3e6ea77" }, { "code": "Logical access_15", "description": "Authenticate the workstation with the remote information system (servers) using cryptographic mechanisms.", "importance": 0, "uuid": "5663e669-0760-416b-90ef-5e81c909318a" }, { "code": "Logical access_16", "description": "Adopt a password policy, implement it and monitor it automatically to the extent that applications and resources allow, and inform users about it.", "importance": 0, "uuid": "27d1daee-57b8-4b19-be2a-66e11b3c61b7" }, { "code": "Logical access_17", "description": "Adopt a specific password policy for administrators, implement it and monitor it automatically to the extent that the applications and resources allow, and inform administrators of it.", "importance": 0, "uuid": "bdbf127d-b63f-402a-8897-da74fa058598" }, { "code": "Logical access_18", "description": "Immediately change default passwords after installing an application or a system.", "importance": 0, "uuid": "86066bc7-c9fe-4825-904c-98569deb4d93" }, { "code": "Logical access_19", "description": "Create an initial unique random password for each user account, transmit it securely to the user, for example by using two separate channels (paper and others) or a scratch-off field, and require that it be changed when the first connection is made and when the user receives a new password (for example, if the old password is forgotten).", "importance": 0, "uuid": "6d751f03-c787-492f-9118-fb7d2da905fb" }, { "code": "Logical access_20", "description": "Store the authentication information (including passwords for accessing information systems and private keys linked to electronic certificates) so that it is accessible only to authorized users.", "importance": 0, "uuid": "1aea53f6-194e-40ae-8cc1-c165e01575a6" }, { "code": "Logical access_21", "description": "If many passwords or secrets (including private keys and certificates) must be used, implement a centralized authentication solution using OTPs or secure vaults.", "importance": 0, "uuid": "7d2dc652-2129-4e3e-a828-eb5c12e91fad" }, { "code": "Maintenance_01", "description": "Establish a procurement contract to govern maintenance operations when they are carried out by service providers.", "importance": 0, "uuid": "4d5e5e9c-cba4-4204-a996-de155230d9b6" }, { "code": "Maintenance_02", "description": "Record all maintenance operations in a logbook.", "importance": 0, "uuid": "af3621e5-6901-471d-9367-4f56d41feaff" }, { "code": "Maintenance_03", "description": "Govern remote maintenance operations.", "importance": 0, "uuid": "6ce0b616-a0b7-4434-b106-a2ad1aaaf142" }, { "code": "Maintenance_04", "description": "Encrypt or erase data contained on hardware (desktop computers or laptops, servers, etc.) that are sent for external maintenance. If this is not possible, remove the equipment storage devices before dispatch to maintenance or manage maintenance internally.", "importance": 0, "uuid": "6b6ca736-930c-44f9-a751-a688fd5163f2" }, { "code": "Maintenance_05", "description": "[workstations] During maintenance operations that require remote access to a workstation, only perform the operation after obtaining the user's agreement, and indicate to the latter on the screen if the access is effective.", "importance": 0, "uuid": "bd928759-84d2-4469-8946-b3dbfad554a5" }, { "code": "Maintenance_06", "description": "[workstations] When a maintenance operation requires physical intervention on a workstation containing sensitive data, delete the data during the maintenance.", "importance": 0, "uuid": "2d9e26f1-0652-41bd-9f1d-7098aa35ef14" }, { "code": "Maintenance_07", "description": "[smartphone] Configure telephones before delivering them to users.", "importance": 0, "uuid": "1f89e0d0-ca12-43eb-8816-49032071bba0" }, { "code": "Maintenance_08", "description": "[smartphone] Inform users, such as in a memo provided at delivery, about how to use their phone, the applications installed on it (e.g. Business Mail, Exchange, etc.), the services provided, and the security rules to be followed.", "importance": 0, "uuid": "2c7aafdb-82b9-498e-833f-c1d1d53c8eeb" }, { "code": "Maintenance_09", "description": "[storage devices] Erase all contents securely or physically destroy storage devices that are discarded.", "importance": 0, "uuid": "f07bb13a-7363-42ab-a90f-ed746612f2ed" }, { "code": "Maintenance_10", "description": "[storage devices] During maintenance operations that require remote access to a workstation, only perform the operation after obtaining the user's agreement.", "importance": 0, "uuid": "46ff3960-e7fb-4696-b4b5-ba9dadafef13" }, { "code": "Maintenance_11", "description": "[multifunction printers and copiers] If maintenance is performed by a third party, set up measures to block access to personal data.", "importance": 0, "uuid": "0a3f6ab5-1481-4341-bfab-c87bd7a228fd" }, { "code": "Maintenance_12", "description": "[multifunction printers and copiers] If a locally networked multifunction printer or copier is maintained remotely by a third party, take specific measures to protect access to this equipment.", "importance": 0, "uuid": "7145ea83-4e8c-4cd2-b4b3-33971db52618" }, { "code": "Maintenance_13", "description": "[multifunction printers and copiers] Block access to personal data stored on discarded multifunction printers or copiers.", "importance": 0, "uuid": "e0064066-b27a-40a1-9b4b-fb5ed06b3896" }, { "code": "Malware_01", "description": "Install an antivirus application on servers and workstations and configure it.", "importance": 0, "uuid": "65114d0a-e751-4b45-934f-0e1706d1954c" }, { "code": "Malware_02", "description": "Update the antivirus software.", "importance": 0, "uuid": "5011211c-ac04-40c7-90c2-f562d3284ee0" }, { "code": "Malware_03", "description": "Implement filtering measures that can filter network inflows and outflows (including firewalls and proxies).", "importance": 0, "uuid": "29496756-8f16-4422-9836-dc8bd7745af9" }, { "code": "Malware_04", "description": "Transfer antivirus security events to a centralized server for statistical analysis and ex post management of problems (to detect an infected server or a virus that has been detected and not eradicated by the antivirus application, etc.).", "importance": 0, "uuid": "41c92fbf-3051-4a25-a1bb-991ef2fe0b8b" }, { "code": "Malware_05", "description": "Install an anti-spyware program on the workstations, configure it and keep it up-to- date.", "importance": 0, "uuid": "2a24a644-282c-4894-9229-31dd0dcfff56" }, { "code": "Management of incidents and data breaches_01", "description": "Define the roles and responsibilities of the stakeholders, as well as procedures for providing feedback and responses in the event of a personal data breach.", "importance": 0, "uuid": "de0f99e6-3155-4c00-b236-5b5ee808bbd0" }, { "code": "Management of incidents and data breaches_02", "description": "Establish a directory of individuals responsible for managing personal data breaches.", "importance": 0, "uuid": "bf83096f-1f4a-41aa-ab7b-f74c9611edb9" }, { "code": "Management of incidents and data breaches_03", "description": "Develop a response plan in the event of a personal data breach for each high risk, update it and test it periodically.", "importance": 0, "uuid": "9e2deca0-636b-48ef-a730-f658625a6645" }, { "code": "Management of incidents and data breaches_04", "description": "Categorize the personal data breaches based on their impact on data subjects' privacy.", "importance": 0, "uuid": "fd5f40a6-766d-44a1-b5f3-ad3d733c2d08" }, { "code": "Management of incidents and data breaches_05", "description": "Handle the incidents based on their categorization (event, incident, damaging event or crisis.).", "importance": 0, "uuid": "8aae7bf3-966e-4948-8709-72df31e775c2" }, { "code": "Management of incidents and data breaches_06", "description": "Keep up-to-date documentation on data breaches.", "importance": 0, "uuid": "fd65829e-e1e4-441e-80ae-0a8bfc4c3139" }, { "code": "Management of incidents and data breaches_07", "description": "Analyze the possibility of improving the security measures based on the personal data breaches that have occurred.", "importance": 0, "uuid": "7a89917d-7dce-42c4-84dc-84d8bdad5d2e" }, { "code": "Networks_01", "description": "Keep up-to-date a detailed map of the network.", "importance": 0, "uuid": "ce24b7a9-b37c-478c-9998-90632c530a6a" }, { "code": "Networks_02", "description": "Make an inventory of all Internet access points and add them to the network map, make sure that measures put in place are enforced at each access point.", "importance": 0, "uuid": "60cb8791-6373-4e0c-9869-fbfb8c9d9882" }, { "code": "Networks_03", "description": "Ensure the availability of computer communications networks.", "importance": 0, "uuid": "2d883236-aa41-47ff-b49f-7da0f12c5d37" }, { "code": "Networks_04", "description": "Segment the network into impenetrable logical subnets based on the services intended to be deployed.", "importance": 0, "uuid": "7507e56f-24f9-4c08-9362-40e3a4ffb193" }, { "code": "Networks_05", "description": "Prohibit all direct communication between internal workstations and external networks.", "importance": 0, "uuid": "e835c995-7944-4046-8f73-395f1d0601e6" }, { "code": "Networks_06", "description": "Only use connections that are explicitly allowed (restrict absolutely necessary communication ports to the proper execution of installed applications) by a firewall.", "importance": 0, "uuid": "3c73630e-ec15-4323-92a1-bf5dc390d692" }, { "code": "Networks_07", "description": "Monitor network activity after informing data subjects of such monitoring.", "importance": 0, "uuid": "591fd1ac-fc95-4277-907d-68f114f09862" }, { "code": "Networks_08", "description": "Set up a major intrusion response plan with organizational and technical measures for identifying and containing compromises.", "importance": 0, "uuid": "271513a6-75d7-44ee-9331-f4b6f1e09f26" }, { "code": "Networks_09", "description": "Automatically identify hardware as a means of authenticating connections from specific locations and hardware.", "importance": 0, "uuid": "5a634931-316e-49e4-9e55-e4f167ec3f9c" }, { "code": "Networks_10", "description": "Secure management traffic and restrict or prohibit physical and logical access to remote diagnostic and configuration ports.", "importance": 0, "uuid": "d1150e3f-8480-45bf-96cb-720c5f8ff3d7" }, { "code": "Networks_11", "description": "Prohibit the connection of uncontrolled hardware.", "importance": 0, "uuid": "530c47bc-d615-45ce-9895-046e5169d6c1" }, { "code": "Networks_12", "description": "Transmit secret information guaranteeing the confidentiality of personal data (decryption key, password, etc.) in a separate transmission using, where possible, a channel different from that used to transmit data.", "importance": 0, "uuid": "4909075a-3ccd-4b55-bf06-16d292736a41" }, { "code": "Networks_13", "description": "[active network hardware] Use the SSH protocol or a direct hardware connection for connecting to active network hardware (firewall, routers, switches) and prohibit the use of the Telnet protocol except for direct connections.", "importance": 0, "uuid": "1b072b0d-6b8f-4edb-9e0f-be780020b985" }, { "code": "Networks_14", "description": "[remote-administration tools] Restrict the remote administration of local IT resources to IT department staff and to IT resources within the limits of their duties.", "importance": 0, "uuid": "09d79fda-1949-4f39-a5dc-a6c2bf9dd052" }, { "code": "Networks_15", "description": "[remote-administration tools] Uniquely identify users of remote-administration tools.", "importance": 0, "uuid": "eb4da876-2842-40f1-b2d5-3d238176c8dd" }, { "code": "Networks_16", "description": "[remote-administration tools] Authenticate users of remote-administration tools with at least a robust password and, where possible, a digital certificate.", "importance": 0, "uuid": "7cfd31d6-4f3e-409e-8a35-93f99653a822" }, { "code": "Networks_17", "description": "[remote-administration tools] Keep a log of the activity of users of remote-administration tools.", "importance": 0, "uuid": "138ee3bc-171c-4084-9ae9-5a6816b31044" }, { "code": "Networks_18", "description": "[remote-administration tools] Secure the secure authentication flow.", "importance": 0, "uuid": "005c6c29-079b-4802-954d-cb2fac3055a8" }, { "code": "Networks_19", "description": "[remote-administration tools] Remote administration must be covered by prior agreement on the part of the user.", "importance": 0, "uuid": "04afbb2f-8830-4b8a-8298-b7c5a40f2143" }, { "code": "Networks_20", "description": "[remote-administration tools] Prohibit changes to the tool's security settings and the viewing of passwords or secret information used.", "importance": 0, "uuid": "49218fd1-80f0-4242-a481-9ef57205abbb" }, { "code": "Networks_21", "description": "[remote-administration tools] Block the retrieval of secret information for the purposes of establishing a connection from a workstation.", "importance": 0, "uuid": "f6cceae4-a755-44cf-9742-98c8551a9a0b" }, { "code": "Networks_22", "description": "[remote-administration tools] Encrypt all traffic flows.", "importance": 0, "uuid": "1aa37c6a-20e4-4423-a9cc-bb07ab7bc1c5" }, { "code": "Networks_23", "description": "[remote-administration tools] The user must be informed that remote administration is under way on his/her workstation (for example via an icon).", "importance": 0, "uuid": "76acdf16-872a-4fae-84f3-1b962de9b521" }, { "code": "Networks_24", "description": "[mobile or remote devices] Set up a strong solution for authenticating users who access internal information systems (when this is possible).", "importance": 0, "uuid": "9830b820-50b1-4ec2-ba3a-36aedc6d7123" }, { "code": "Networks_25", "description": "[mobile or remote devices] Encrypt communications between mobile devices and internal information systems.", "importance": 0, "uuid": "566e4419-d66d-4742-aff6-ec82328e75a9" }, { "code": "Networks_26", "description": "[mobile or remote devices] Install a firewall to protect network traffic to and from mobile devices. This firewall must be enabled as soon as a mobile device leaves the organization's premises.", "importance": 0, "uuid": "2918ca8c-11e7-4a36-9d04-8e992764eb2e" }, { "code": "Networks_27", "description": "[wireless interfaces] Prohibit non-secure communications for connections via wireless interfaces.", "importance": 0, "uuid": "efb6ed9b-a3f1-4440-95d6-b714d8b05c81" }, { "code": "Networks_28", "description": "[wireless interfaces] Prohibit simultaneous network connections via a wireless interface and the Ethernet interface.", "importance": 0, "uuid": "6cbd4df9-8d32-4120-b4c4-53a5b7ee9c2f" }, { "code": "Networks_29", "description": "[wireless interfaces] Disable unused wireless connection interfaces (Wi-Fi, Bluetooth, infrared, 4G, etc.) on hardware and software.", "importance": 0, "uuid": "568092c7-943f-4202-9686-6f745cf3b514" }, { "code": "Networks_30", "description": "[wireless interfaces] Control wireless networks.", "importance": 0, "uuid": "ec7afbcd-496b-4d6d-a168-6c96947fe3eb" }, { "code": "Networks_31", "description": "[Wifi] Use the WPA or WPA2 protocol with AES-CCMP encryption or the \"Enterprise\" mode of the WPA and WPA2 protocols (using a RADIUS server as well as the EAP- TLS or PEAP subprotocols).", "importance": 0, "uuid": "7c223c18-678f-4c3d-be0e-643eb66eddb5" }, { "code": "Networks_32", "description": "[Wifi] Prohibit ad-hoc networks.", "importance": 0, "uuid": "c0fab12f-6d49-415b-a1d9-289fe8c81e4b" }, { "code": "Networks_33", "description": "[Wifi] Use and configure a firewall at network entry and exit points in order to partition off connected hardware as needed.", "importance": 0, "uuid": "bd03815c-8243-4ea7-af45-a805eda8691f" }, { "code": "Networks_34", "description": "[Bluetooth] Impose mutual authentication with remote devices.", "importance": 0, "uuid": "511b5ca4-89c6-4383-858c-d45133a0a778" }, { "code": "Networks_35", "description": "[Bluetooth] Restrict usage to file sharing with hardware controlled by the IT department.", "importance": 0, "uuid": "8e0244ad-ce81-4c00-be5a-6f8e0eb8ab53" }, { "code": "Networks_36", "description": "[Bluetooth] Encrypt sharing traffic.", "importance": 0, "uuid": "d4d34379-d6f7-4dca-b465-8f47fed709a7" }, { "code": "Networks_37", "description": "[infrared] Perform authentication prior to establishing connections and sending/receiving files or commands.", "importance": 0, "uuid": "a08e87a9-84b6-48cc-a735-dd9f1d29e835" }, { "code": "Networks_38", "description": "[mobile telephony networks] Protect SIM cards with PINs that must be entered each time a device is used.", "importance": 0, "uuid": "588f6c93-b675-4f82-9494-da2984833a13" }, { "code": "Networks_39", "description": "[Web browsing] Use the SSL protocol (HTTPS) to ensure server authentication and confidentiality of communications.", "importance": 0, "uuid": "0960767a-3798-42d2-9766-8a544d6454aa" }, { "code": "Networks_40", "description": "[file transfers] Use the SFTP protocol or possibly the SCP protocol.", "importance": 0, "uuid": "3ab07920-30d5-4368-b5b7-96c085dfa4b9" }, { "code": "Networks_41", "description": "[fax machines] Place fax machines in a physically secure room only accessible by authorized personnel.", "importance": 0, "uuid": "aeca1cdd-0dba-4a08-86a9-199d0dc1a44c" }, { "code": "Networks_42", "description": "[fax machines] Set up a personal access code system for the printing of messages.", "importance": 0, "uuid": "45b46846-ae73-4f1e-ad1f-56085fa7f0c7" }, { "code": "Networks_43", "description": "[fax machines] When sending faxes, have the identity of the destination fax displayed so that the recipient's identity may be checked.", "importance": 0, "uuid": "392f2a2d-b717-4230-9d65-feb6f8f3c0e9" }, { "code": "Networks_44", "description": "[fax machines] When sending faxes, have the identity of the destination fax displayed so that the recipient's identity may be checked.", "importance": 0, "uuid": "847559d4-6855-475d-8099-28dfcf8c6a53" }, { "code": "Networks_45", "description": "[fax machines] Follow up each fax by sending the originals to the recipient.", "importance": 0, "uuid": "9dc411bc-b69e-4413-8191-882b5cb070b6" }, { "code": "Networks_46", "description": "[fax machines] Pre-enter the numbers of potential recipients in the fax machine's built-in phone book (where available).", "importance": 0, "uuid": "5a66bc71-a621-4eee-b9af-5bdaae2fc18b" }, { "code": "Networks_47", "description": "[ADSL/Fiber] Make an inventory of the local Internet access points.", "importance": 0, "uuid": "f5c1911b-6dec-45da-a702-656048918d03" }, { "code": "Networks_48", "description": "[ADSL/Fiber] Physically isolate the local Internet access points from the internal network.", "importance": 0, "uuid": "f135d1b6-595d-4b6f-9129-654ad0131024" }, { "code": "Networks_49", "description": "[local access points] Only use them for specific legitimate needs (e.g. loss of availability of access to the direct distance dialing network).", "importance": 0, "uuid": "6fa31f5c-5905-4849-ac5a-f6e5679d3eaf" }, { "code": "Networks_50", "description": "[local access points] Enable them only when they are used.", "importance": 0, "uuid": "fd7e5584-6f01-4d2a-8428-51efe44ba9ad" }, { "code": "Networks_51", "description": "[local access points] Disable their wireless interface (Wi-Fi) if they have one.", "importance": 0, "uuid": "62ee5964-4a5e-4bf6-8d8d-54d73f283a4d" }, { "code": "Networks_52", "description": "[email] Encrypt attachments containing personal data.", "importance": 0, "uuid": "69e8a5ad-1b0d-4544-8d98-2c4a57aeb5bb" }, { "code": "Networks_53", "description": "[email] Make users aware that they must avoid opening email of unknown origin, and especially risky attachments (with extensions such as .pif, .com, .bat, .exe, .vbs, and .lnk), or configure the system so that it is impossible to open them.", "importance": 0, "uuid": "3cf88fb5-6356-4b3e-a291-e2228852ac45" }, { "code": "Networks_54", "description": "[email] Make users aware that they should not pass on hoaxes, etc.", "importance": 0, "uuid": "acdc4e21-c206-495f-a618-c16cc0ea5325" }, { "code": "Networks_55", "description": "[instant messaging] Prohibit the installation and use of instant messaging software. If such software is necessary, inform users about the risks involved and the good practices to follow.", "importance": 0, "uuid": "387e8c03-52ed-4f29-854f-7c77a9a36ea9" }, { "code": "Non-human risk sources_01", "description": "Establish fire prevention, detection and protection systems.", "importance": 0, "uuid": "e9a6a6c2-36d4-43e2-97d7-a758160ae171" }, { "code": "Non-human risk sources_02", "description": "Install temperature monitoring systems.", "importance": 0, "uuid": "91cfea4c-20b0-4be1-aeea-ec68b813ffcc" }, { "code": "Non-human risk sources_03", "description": "Establish a power supply monitoring and relief system.", "importance": 0, "uuid": "fddb164a-8cd8-4c88-9865-eb09e168eae6" }, { "code": "Non-human risk sources_04", "description": "Install systems to prevent water damage.", "importance": 0, "uuid": "83c2a188-77b1-4a96-857d-39c5d2c9d147" }, { "code": "Non-human risk sources_05", "description": "Ensure that the essential services (including power, water and air conditioning) are sized appropriately based on the systems they support.", "importance": 0, "uuid": "443af974-738a-474f-994e-a8555d57eb35" }, { "code": "Non-human risk sources_06", "description": "Specify an appropriate response time, in the event of failure, in maintenance contracts covering the equipment used in the operation of essential and security services (including extinguishers, air conditioners, water, smoke and heat detectors, opening and unauthorized entry detection and generator) and check the equipment at least annually.", "importance": 0, "uuid": "67ce43a0-8ed7-4ab2-9343-de474df5d54d" }, { "code": "Non-human risk sources_07", "description": "In the case of high availability requirements, connect the telecommunications infrastructure via at least two different, independent access points and ensure that they can switch from one to the other very quickly. If availability needs are very high, consider a backup site.", "importance": 0, "uuid": "a7ddedda-ca2a-4fc8-9a27-f414f06ff038" }, { "code": "Operating security_01", "description": "Document the operating procedures, update them and make them available to all users concerned (every action on the system, whether it involves administration operations or the use of an application, must be explained in the users' reference documents).", "importance": 0, "uuid": "0c906d42-562d-4d6c-817d-c237697026c7" }, { "code": "Operating security_02", "description": "Maintain an up-to-date inventory of the software and hardware used in operation.", "importance": 0, "uuid": "971e238f-6539-4309-9fbd-bbe551184a3d" }, { "code": "Operating security_03", "description": "Conduct monitoring of vulnerabilities discovered in the software (including firmware) used in operation, and correct them at the earliest possible opportunity.", "importance": 0, "uuid": "a58cb9b6-3c4b-4718-ad26-96971c6e8da2" }, { "code": "Operating security_04", "description": "Maintain an up-to-date inventory of the software and hardware used in operation.", "importance": 0, "uuid": "59afc518-72aa-4698-a8dd-d414e90416c2" }, { "code": "Operating security_05", "description": "Prohibit the use of production servers (database servers, Web servers, messaging server, etc.) for other purposes than those initially intended", "importance": 0, "uuid": "4b1d4939-dcf8-4449-bffb-7ecf309593e6" }, { "code": "Operating security_06", "description": "Use data storage units that use physical redundancy mechanisms (such as RAID), or mechanisms for duplicating data between several servers and/or sites.", "importance": 0, "uuid": "e310d89d-cb9f-4a4f-9478-f0214fd81bf6" }, { "code": "Operating security_07", "description": "Check that the size of storage and computing capacities is sufficient for allowing the processing to operate correctly \u2013 even during activity peaks.", "importance": 0, "uuid": "1e14c624-18e7-4db4-b7d0-67f3c5a94c64" }, { "code": "Operating security_08", "description": "Check that the physical hosting conditions (temperature, humidity, energy supply, etc.) are compatible with the intended use of hardware, and include backup mechanisms (inverter and/or backup supply and/or generator).", "importance": 0, "uuid": "4ce6491a-dfb5-4a39-b09c-e229f4d4a3ab" }, { "code": "Operating security_09", "description": "Limit access to hardware that is sensitive and/or of high market value.", "importance": 0, "uuid": "0f707a1a-3beb-4c0c-8662-7dfd7c9fd437" }, { "code": "Operating security_10", "description": "Limit the possibilities of hardware alteration.", "importance": 0, "uuid": "001e35ba-544b-43a1-a94e-3cc3aecde0c5" }, { "code": "Operating security_11", "description": "Provide for an Activity Recovery Plan (PRA) or Activity Continuity Plan (PCA), based on the availability objectives of the processing carried out.", "importance": 0, "uuid": "2f02df3f-b652-449f-9e47-018baa1b4a7e" }, { "code": "Operating security_12", "description": "Set up a security incident management procedure allowing such incidents to be detected, recorded, described and resolved.", "importance": 0, "uuid": "97d227c8-215b-4b24-a858-f0e181476b03" }, { "code": "Organization_01", "description": "Have the data controller appoint an assistant to help them enforce the General Data Protection Regulation (GDPR) and provide such assistant with the means to perform their duties.", "importance": 0, "uuid": "e296be10-3b93-4ed0-bbb2-3e84e330f639" }, { "code": "Organization_02", "description": "Define the roles, responsibilities and interactions between all data protection stakeholders.", "importance": 0, "uuid": "83f5e4ad-f20e-4bbc-8912-56923387da9b" }, { "code": "Organization_03", "description": "Set up a monitoring committee formed of the data controller, the person in charge of assisting the controller in enforcing compliance with the GDPR and the stakeholders. This committee must meet regularly (at least once a year) to set objectives and review the organization's entire range of processing operations.", "importance": 0, "uuid": "82b6cd19-b2e2-405e-9728-a7bd7251ac6f" }, { "code": "Paper document_01", "description": "Include a visible, explicit reference on each page of the documents that include sensitive personal data.", "importance": 0, "uuid": "d41faa6b-99bd-4b71-9bec-66a2d5334c95" }, { "code": "Paper document_02", "description": "Include a visible, explicit reference in the business applications that provide access to personal data.", "importance": 0, "uuid": "38b3b764-c6b1-447a-81aa-90ba5fb02472" }, { "code": "Paper document_03", "description": "Choose paper formats and printing methods that are suitable to the storage conditions (storage duration, ambient humidity, etc.).", "importance": 0, "uuid": "43021e79-ec81-4867-8bc4-55bc5330a32b" }, { "code": "Paper document_04", "description": "Retrieve printed documents containing personal data immediately after they are printed or, where possible, carry out secure printing.", "importance": 0, "uuid": "6e1ba563-e4ff-452b-b793-34b6c42c3837" }, { "code": "Paper document_05", "description": "Restrict the distribution of paper documents containing personal data to individuals who require them for work-related purposes.", "importance": 0, "uuid": "c9e78377-c4ef-49e6-937b-6d3720206b38" }, { "code": "Paper document_06", "description": "Store paper documents containing personal data in a secure cabinet.", "importance": 0, "uuid": "b3cd646a-9ee6-4e60-bb21-74c086e1a89a" }, { "code": "Paper document_07", "description": "Destroy, using a shredder of the appropriate certification level, paper documents that are no longer necessary and which contain personal data.", "importance": 0, "uuid": "1c5b07c9-70c4-44b7-9d23-0d5112589210" }, { "code": "Paper document_08", "description": "Only send paper documents containing personal data that are necessary for processing.", "importance": 0, "uuid": "9d218324-5fec-4547-a1bc-502b3ba86905" }, { "code": "Paper document_09", "description": "Keep close track of the circulation of paper documents containing personal data.", "importance": 0, "uuid": "d2b72130-8771-49a7-aa39-eb9e3c3abe43" }, { "code": "Paper document_10", "description": "Choose a transmission channel that is suited to the risks and frequency of transmission.", "importance": 0, "uuid": "97f4548c-8a5a-4128-848f-5c44b886adf1" }, { "code": "Paper document_11", "description": "Improve trust in companies used to deliver paper documents containing personal data.", "importance": 0, "uuid": "c9004d16-3c95-4491-a581-e8493e5ac7bb" }, { "code": "Paper document_12", "description": "Protect paper documents containing personal data.", "importance": 0, "uuid": "b20a6adb-cb65-4dca-9401-fe0f08f67b18" }, { "code": "Physical access_01", "description": "Categorize areas of the buildings by risk.", "importance": 0, "uuid": "c50ec4bf-c87b-450f-99d3-7444767bb529" }, { "code": "Physical access_02", "description": "Maintain an up-to-date list of individuals (including visitors, employees, authorized employees, trainees and service providers) who are authorized to enter each area.", "importance": 0, "uuid": "c688ba0f-d671-4718-ba97-6bfbc999257a" }, { "code": "Physical access_03", "description": "Select methods for authenticating employees that are proportional to the risks associated with each area.", "importance": 0, "uuid": "c71ee1c8-164c-4aff-9796-412f2018ef81" }, { "code": "Physical access_04", "description": "Select visitor authentication methods (for example, persons coming to attend a meeting, external service providers or auditors) proportional to the risks associated with each area.", "importance": 0, "uuid": "3d8139f7-6e50-4613-b17e-d54c00188544" }, { "code": "Physical access_05", "description": "Define actions to take if authentication fails (identity cannot be confirmed or lack of authorization to enter a security area).", "importance": 0, "uuid": "19de6071-7aa0-4c45-bee8-563c7c6446e2" }, { "code": "Physical access_06", "description": "Keep a record of access granted after notifying the data subjects.", "importance": 0, "uuid": "a482d122-b761-403f-b916-7757918cfb45" }, { "code": "Physical access_07", "description": "Visitors needing to access premises outside public reception areas should be escorted (from the time they arrive, during their visit and until they exit the premises) by a member of the organization.", "importance": 0, "uuid": "be8b8190-8b98-45c1-8f72-4d1a565b1a5c" }, { "code": "Physical access_08", "description": "Protect the most sensitive areas in proportion to the risks.", "importance": 0, "uuid": "19576116-27b2-4eda-ad2f-c0ffdc51f09b" }, { "code": "Physical access_09", "description": "Install a warning system in the event of unauthorized entry.", "importance": 0, "uuid": "764b70e6-79be-4338-8a85-df02a0845424" }, { "code": "Physical access_10", "description": "Establish a system to slow individuals who may have penetrated an area they are prohibited from entering and a system for intervening in such situations to ensure intervention before the unauthorized persons can leave the area.", "importance": 0, "uuid": "6935ed7e-c2ff-41e1-84f0-abb94789e6c6" }, { "code": "Policy_01", "description": "Set out important aspects relating to data protection within a documentary base making up the data protection policy and in a form suited to each type of content (risks, key principles to be followed, target objectives, rules to be applied, etc.) and each communication target (users, IT department, policymakers, etc.).", "importance": 0, "uuid": "3044ec83-7f6c-4f36-9b41-fd8f4148f0db" }, { "code": "Policy_02", "description": "Distribute the data protection policy to those in charge of enforcing it.", "importance": 0, "uuid": "5c8cfba8-eaaf-49d4-a8c2-eb80e38bedf3" }, { "code": "Policy_03", "description": "Allow individuals in charge of enforcing the data protection policy to formally request exceptions in the event of implementation difficulties, review the impacts of all exception requests on the related risks and, where applicable, have acceptable exceptions approved by the data controller and amend the data protection policy accordingly.", "importance": 0, "uuid": "0cfa2120-97ad-4553-9634-eb882d082611" }, { "code": "Policy_04", "description": "Establish a multi-annual action plan and monitor implementation of data protection policy.", "importance": 0, "uuid": "f5325095-e849-4311-929f-4f98b1a3f6b9" }, { "code": "Policy_05", "description": "Allow for exceptions to the data protection policy.", "importance": 0, "uuid": "265e4f9a-c3fa-45a4-bb88-329c9842a610" }, { "code": "Policy_06", "description": "Anticipate how to take into account difficulties in enforcing the data protection policy.", "importance": 0, "uuid": "7da96d90-bb4b-4a7a-843d-d34404a6af91" }, { "code": "Policy_07", "description": "Regularly check compliance with the rules of the data protection policy and the implementation of the action plan.", "importance": 0, "uuid": "860682f8-a917-436b-8c3b-e1204cef9c88" }, { "code": "Policy_08", "description": "Regularly revise the data protection policy.", "importance": 0, "uuid": "9bc3437a-1156-41bc-a5a7-7f227acecb9c" }, { "code": "Prior formalities_01", "description": "Check that the data processing does indeed comply with the declared purpose.", "importance": 0, "uuid": "e35056d7-f710-494a-b88d-b889cca71b24" }, { "code": "Prior formalities_02", "description": "Perform a Privacy Impact Assessment (PIA) and have it validated.", "importance": 0, "uuid": "a68526c7-2924-4d5b-8e3c-46e4ff4e661a" }, { "code": "Prior formalities_03", "description": "Consult the supervisory authority if the residual risks are high, pursuant to Article 36 of the General Data Protection Regulation (GDPR).", "importance": 0, "uuid": "2cfe236e-a265-4ad6-b465-3f1c54e4b583" }, { "code": "Prior formalities_04", "description": "Carry out the other sectoral and contractual formalities applicable to the processing (e.g. formalities associated with other codes and regulations, contract with an external data source, etc.)", "importance": 0, "uuid": "5f305f28-fae7-427e-a438-2a94270a8eed" }, { "code": "Processors_01", "description": "A procurement contract must be signed with each processor, setting out all of the points stipulated in Art. 28 of the GDPR.", "importance": 0, "uuid": "56e18e09-aba6-45e7-bcad-b6e095d3c109" }, { "code": "Processors_02", "description": "Regulate the procurement relations via a contract signed intuitu person\u00e6.", "importance": 0, "uuid": "7368415c-5c8e-4388-8f37-e0a12b42e27c" }, { "code": "Processors_03", "description": "Require the processor to forward its Information Systems Security Policy (PSSI) along with all supporting documents of its information security certifications and append said documents to the contract.", "importance": 0, "uuid": "1ae3cecb-b8c2-4513-8a7e-87ef4737b586" }, { "code": "Processors_04", "description": "Precisely determine and set, on a contractual basis, the operations that the processor will be required to carry out on personal data.", "importance": 0, "uuid": "c923a487-93d3-4ad7-a0a9-a379b586903f" }, { "code": "Processors_05", "description": "Determine, on a contractual basis, the division of responsibility regarding the legal processes aimed at allowing the data subjects to exercise their rights.", "importance": 0, "uuid": "df423c35-2f36-4da7-8b9b-45c420faede5" }, { "code": "Processors_06", "description": "Explicitly prohibit or regulate use of tier-2 processors.", "importance": 0, "uuid": "f2c8f0fd-8e8c-4977-9b6a-3935cfcbfe5c" }, { "code": "Processors_07", "description": "Clarify in the contract that compliance with the data protection obligations is a binding requirement of the contract.", "importance": 0, "uuid": "117e287b-32ca-47b9-8fb5-bf5ec461b9c8" }, { "code": "Processors_08", "description": "[providers of cloud computing services] Require the provider to apply at least logical separation between the organization's data and the data of its other clients.", "importance": 0, "uuid": "d508b338-1c29-4d0f-815c-f8724b16817d" }, { "code": "Processors_09", "description": "[providers of cloud computing services] Very clearly define the locations in which the data are likely to be stored, and the countries from which the data stored in the cloud are likely to be accessible.", "importance": 0, "uuid": "b2b88c80-8c5e-47e7-bf45-03a92fcaa049" }, { "code": "Project management_01", "description": "Use a risk management approach as soon as a service is devised or an application designed.", "importance": 0, "uuid": "0943a203-920c-4869-a562-c739bd1f14c1" }, { "code": "Project management_02", "description": "Favor the use of trusted names in ISS and data protection (procedures, products, management systems, organizations, individuals, etc.).", "importance": 0, "uuid": "66063408-245e-4027-a2bc-86f360996e2a" }, { "code": "Project management_03", "description": "Favor the use of recognized and proven guidelines.", "importance": 0, "uuid": "b5c8636e-490e-4989-89d5-9816c36ed059" }, { "code": "Project management_04", "description": "Carry out supervisory authority formalities before launching new processing operations.", "importance": 0, "uuid": "a5225278-26a4-4920-abe0-5256c40435d7" }, { "code": "Project management_05", "description": "[software acquisitions] Make sure that developers and maintainers have sufficient resources to perform their tasks.", "importance": 0, "uuid": "0e76309c-a1e9-4361-bd60-fe30cad19371" }, { "code": "Project management_06", "description": "[software acquisitions] Favor interoperable and user-friendly applications.", "importance": 0, "uuid": "d344ad67-fe91-477a-b150-87d78e59f02f" }, { "code": "Project management_07", "description": "[software acquisitions] Carry out IT developments in an IT environment distinct from the running environment.", "importance": 0, "uuid": "c25ecdc1-1eff-4101-af9b-34d31c5a1f2c" }, { "code": "Project management_08", "description": "[software acquisitions] Protect the availability, integrity and, where necessary, confidentiality of source codes.", "importance": 0, "uuid": "68d3ef08-0b9a-4341-a335-afb27e80021a" }, { "code": "Project management_09", "description": "[software acquisitions] Impose data entry and recording formats that minimize the amount of data collected.", "importance": 0, "uuid": "ea1e195a-de83-4e5b-97f3-d5d7c74dddf3" }, { "code": "Project management_10", "description": "[software acquisitions] Make sure that data formats are compatible with the implementation of a storage duration.", "importance": 0, "uuid": "f0a432b1-5c69-4a69-950f-b2e37bc3963f" }, { "code": "Project management_11", "description": "[software acquisitions] Integrate access control to data by user categories during development.", "importance": 0, "uuid": "c06e557e-2436-4b3d-8fa0-552d184f69f9" }, { "code": "Project management_12", "description": "[software acquisitions] Avoid using free-form text fields. If such fields are required, the following wording must either appear as a watermark or disappear once a user starts typing inside the field: \"Individuals have a right of access to the information about them entered in this field. The information you enter in this field must be RELEVANT to the context. Such information must neither include any subjective opinions nor reveal \"either directly or indirectly, an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or any information relating to said individual's health or sex life\".", "importance": 0, "uuid": "5f06b644-3743-486c-8431-1bac8186c729" }, { "code": "Project management_13", "description": "[software acquisitions] Prohibit the use of actual data prior to the implementation, and anonymize them where necessary.", "importance": 0, "uuid": "ccbce76a-86fe-4cce-a46b-bab851fcbf78" }, { "code": "Project management_14", "description": "[software acquisitions] Make sure that software runs correctly and as specified during acceptance testing.", "importance": 0, "uuid": "0c846c96-c091-4e40-a9d8-bec9828fd839" }, { "code": "Purpose_01", "description": "Describe the data processing purposes in detail and justify their legitimacy.", "importance": 0, "uuid": "0af91e8e-6412-4ec2-86f0-d00b4f1c83dc" }, { "code": "Purpose_02", "description": "Explain the purposes of sharing with third parties as well as the data processing purposes for improving the service.", "importance": 0, "uuid": "c9133806-5bfe-4c1b-85cf-7717b7316936" }, { "code": "Purpose_03", "description": "Explain the specific conditions under which the processing will take place, particularly by clarifying data matching where applicable.", "importance": 0, "uuid": "325f56ec-a483-4ee3-8b70-1a36e8218ad2" }, { "code": "Relations with third parties_01", "description": "Identify all third parties who have or could have legitimate access to personal data.", "importance": 0, "uuid": "70118f99-45c3-4068-aac2-0970b75078a3" }, { "code": "Relations with third parties_02", "description": "Determine their role in the processing (including IT administrators, processors, recipients, persons responsible for processing data and authorized third parties) based on the actions they will perform.", "importance": 0, "uuid": "e67de690-620b-4dfc-84b9-f1b41789ebae" }, { "code": "Relations with third parties_03", "description": "Determine the respective responsibilities based on the risks connected to the personal data.", "importance": 0, "uuid": "8fbc269e-b6bc-4fcb-99a9-d3e01b2dbd11" }, { "code": "Relations with third parties_04", "description": "Determine the appropriate form for establishing rights and obligations based on the third parties' legal structure and their geographic location.", "importance": 0, "uuid": "affffb06-4f24-4609-b02c-dc94f9eef84d" }, { "code": "Relations with third parties_05", "description": "Formally document the rules that persons must comply with throughout the life cycle of the relationship related to the processing or the personal data, based on the person's category and the actions that he/she will perform.", "importance": 0, "uuid": "bc2c32c5-0d94-470c-965b-1362354d0170" }, { "code": "Relations with third parties_06", "description": "[internal service providers] Apply to said service providers the same measures as for the organization's employees: training in data protection issues, requirement to comply with the rules for using the organization's IT resources, appended to the rules of procedure.", "importance": 0, "uuid": "addc6cd5-341c-4e65-9f97-80363edc2d23" }, { "code": "Relations with third parties_07", "description": "[internal service providers] Provide said service providers with a workstation inside the organization or check that use of the workstation supplied by their employer is compatible with the organization's security objectives.", "importance": 0, "uuid": "4188ca8c-6e9d-47f3-afb2-14f6524f1d69" }, { "code": "Relations with third parties_08", "description": "[internal service providers] Make sure said service providers are properly bound with their employer by a confidentiality clause applicable to their employer's client organizations.", "importance": 0, "uuid": "5a653d24-a00c-47e9-9df8-c5da8f03fa59" }, { "code": "Relations with third parties_09", "description": "[internal service providers] Manage clearance authorizations for such service providers specifically by granting time-bound authorizations that automatically end on the provisional end date for their assignment.", "importance": 0, "uuid": "cb8a4285-4740-43dd-ad88-3fec51d119de" }, { "code": "Relations with third parties_10", "description": "[third-party recipients] Govern the transmission of data to said third-parties via a contract setting out.", "importance": 0, "uuid": "9e9a5a6c-fc2d-4248-afe3-30457f3c8718" }, { "code": "Relations with third parties_11", "description": "[third-party recipients] Require the third party to publish a privacy protection policy covering the processing making use of the data transmitted and outlining the security objectives pursuant to the IT system security policy.", "importance": 0, "uuid": "2ebe062a-a1f9-432c-9b15-4c44c1e121e6" }, { "code": "Relations with third parties_12", "description": "[third-party recipients] If data are transmitted via the Internet, always encrypt the data flows.", "importance": 0, "uuid": "ecfa059a-ce80-46b6-80a3-49d09eefff9b" }, { "code": "Relations with third parties_13", "description": "[third-party recipients] Systematically inform the third party when the data subjects exercise their right to rectification.", "importance": 0, "uuid": "71b7fe30-963e-4ff8-9744-0fd5b34747c7" }, { "code": "Relations with third parties_14", "description": "[authorized third parties] Only reply to requests that are officially sent (by mail or fax) and reply using the same communications channel. Do not take account of requests sent by email and do not reply using this communications channel.", "importance": 0, "uuid": "f50afe3d-22eb-453b-9c0f-3a8209ee42d0" }, { "code": "Relations with third parties_15", "description": "[authorized third parties] Check the legal basis of each request for communication.", "importance": 0, "uuid": "8cdc1082-78c0-4064-8ee0-2f43560f2a4f" }, { "code": "Relations with third parties_16", "description": "[authorized third parties] Authenticate the parties submitting the requests and only reply to them.", "importance": 0, "uuid": "4235ff42-c907-4089-9b07-1443ee2cbbb2" }, { "code": "Relations with third parties_17", "description": "[authorized third parties] Reply strictly to the request by only supplying the data asked for in the request.", "importance": 0, "uuid": "39a72d0c-9c2e-43ee-8725-478cd01397e4" }, { "code": "Right of access and data portability_01", "description": "Determine the practical means that will be implemented to allow the exercise of the right of access. Individuals must be able to exercise this right as quickly as possible, within two months without exception (one month under the GDPR) for data, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and they must not incur expenses that exceed copying costs.", "importance": 0, "uuid": "676fcbe6-c3f9-45a5-8338-4cbfa5a8d1b7" }, { "code": "Right of access and data portability_02", "description": "Ensure that the right of access can always be exercised.", "importance": 0, "uuid": "e95147b7-c5ea-478b-9a58-1ff58779a065" }, { "code": "Right of access and data portability_03", "description": "Confirm that requests to exercise the right of access submitted on-site provide the identity of the individuals submitting requests and the identity of the individuals they may appoint as their representative.", "importance": 0, "uuid": "c10b1012-d440-426d-919e-4314090bb711" }, { "code": "Right of access and data portability_04", "description": "Confirm that requests to exercise the right of access submitted by regular mail are signed and accompanied by a photocopy of a piece of identification (which should not be retained unless proof must be kept) and that they specify a reply-to address.", "importance": 0, "uuid": "4a6e08eb-25a3-4705-87a6-00ae4dc26e0d" }, { "code": "Right of access and data portability_05", "description": "Confirm that requests to exercise the right of access submitted by email (using an encrypted channel if transmitted via the Internet) are accompanied by a digitized piece of identification (which should not be retained unless proof must be kept and, in that case, in black and white, low definition and as an encrypted file).", "importance": 0, "uuid": "d2f46aae-123a-4047-be3d-9c77d1b1cfe0" }, { "code": "Right of access and data portability_06", "description": "Ensure that all information that data subjects may request can be provided while still protecting the personal data of third parties.", "importance": 0, "uuid": "7a3dd186-475f-471d-9f5b-702cdf2aaed0" }, { "code": "Right of access and data portability_07", "description": "[medical files] Provide the information within eight days following the request and within two months if the information is more than five years old (as of the date on which the medical information was assembled).", "importance": 0, "uuid": "b0308ad7-11e9-440a-8a19-234b47f54bb9" }, { "code": "Right of access and data portability_08", "description": "[medical files] Allow those who hold parental rights (for minors) and legal representatives (for individuals subject to guardianship) to exercise the right of access.", "importance": 0, "uuid": "51777d5c-5290-4861-ada7-4b1fadac38a4" }, { "code": "Rights to rectification and erasure_01", "description": "Determine the practical means that will be implemented to permit the exercise of the right to rectification. Individuals must be able to exercise this right as quickly as possible, within two months without exception, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and must not involve any cost to them.", "importance": 0, "uuid": "3e5aca0a-a8eb-4005-b549-e14091d02295" }, { "code": "Rights to rectification and erasure_02", "description": "Ensure that the right to rectification may always be exercised.", "importance": 0, "uuid": "820e628b-f40d-4454-87b1-eb33e2c4cf7e" }, { "code": "Rights to rectification and erasure_03", "description": "Ensure that the right to rectification may always be exercised.", "importance": 0, "uuid": "2ae0587e-65dc-4c2a-9e02-557642a9ffce" }, { "code": "Rights to rectification and erasure_04", "description": "Ensure that the identity of individuals submitting requests will be verified.", "importance": 0, "uuid": "749726d9-1fad-4f68-97f9-9a9d6d3b7701" }, { "code": "Rights to rectification and erasure_05", "description": "Ensure that the accuracy of the corrections requested will be verified.", "importance": 0, "uuid": "3f2092db-7b8b-47b4-a1e3-5ad2e03c2b99" }, { "code": "Rights to rectification and erasure_06", "description": "Ensure that the data to be deleted are properly erased.", "importance": 0, "uuid": "443cde40-ee08-4089-b4d0-239af70e728f" }, { "code": "Rights to rectification and erasure_07", "description": "Ensure that the individuals submitting requests receive confirmation.", "importance": 0, "uuid": "89f0882c-0b65-47c9-85dd-c6a675ec890e" }, { "code": "Rights to rectification and erasure_08", "description": "Ensure that the third parties to whom the data may have been sent are informed of the corrections made.", "importance": 0, "uuid": "4dd00be3-f30a-4401-8bb8-475e79bf21d7" }, { "code": "Rights to rectification and erasure_09", "description": "Upon receiving an erasure request, inform the user if the personal data are going to be kept all the same (technical requirements, legal obligations.)", "importance": 0, "uuid": "fa8b29ba-bef5-484f-90ec-60dd75ea91bf" }, { "code": "Rights to rectification and erasure_10", "description": "Implementing the right to be forgotten for minors.", "importance": 0, "uuid": "8222db32-6b4d-4b60-b70b-422764a49dc5" }, { "code": "Rights to rectification and erasure_11", "description": "[online targeted advertising] Provide a way for individuals to access the areas of interest in their profile and a way to modify them. The individual's identity may be authenticated based on the information used to access his or her account or on the cookie (or equivalent) on his or her computer.", "importance": 0, "uuid": "68485fa9-6933-4444-81e8-91690350a102" }, { "code": "Rights to restriction and to object_01", "description": "Determine the practical means that will be implemented to allow individuals to exercise the right to object. Individuals must be able to exercise this right as quickly as possible, within two months without exception, in a form similar to the form used for the processing (by regular mail and/or by email). In addition, the process must not discourage the data subjects and must not involve any cost to them.", "importance": 0, "uuid": "7a35cf66-ace9-44fc-ae3d-4cbacab0d099" }, { "code": "Rights to restriction and to object_02", "description": "Ensure that the right to object may always be exercised and that the personal data collected and processed actually allow the exercise of the right to object.", "importance": 0, "uuid": "9ef3e939-b392-4567-9253-36e67d0657a1" }, { "code": "Rights to restriction and to object_03", "description": "Ensure that \"the interested party is able to express his or her choice prior to the final validation of his or her responses\".", "importance": 0, "uuid": "8f61de26-82bc-40bb-bbe7-b2205e26a885" }, { "code": "Rights to restriction and to object_04", "description": "Confirm that requests to exercise the right to object submitted on-site provide for verification of the identity of the individuals submitting requests and the identity of the individuals they may appoint as their representative.", "importance": 0, "uuid": "595a5219-5458-4c44-8593-0dd33334c199" }, { "code": "Rights to restriction and to object_05", "description": "Confirm that requests to exercise the right to object submitted by regular mail are signed and accompanied by a photocopy of a piece of identification (which should not be retained unless proof must be kept) and that they specify a reply-to address.", "importance": 0, "uuid": "5c557a20-1b92-4182-8712-b81b469ccd27" }, { "code": "Rights to restriction and to object_06", "description": "Confirm that requests to exercise the right to object submitted by email (using an encrypted channel if transmitted via the Internet) include a digitized piece of identification (which should not be retained unless proof must be kept and, in that case, in black and white, low definition and as an encrypted file).", "importance": 0, "uuid": "bb7a66aa-2629-4922-bb39-ea134171eea8" }, { "code": "Rights to restriction and to object_07", "description": "Ensure that individuals exercising their right to object provide legitimate grounds and that those grounds are evaluated (except in the case of marketing and processing for the purpose of health research, which provides the individual a discretionary right to object).", "importance": 0, "uuid": "97c2d533-638f-4b8a-974b-74d767f11301" }, { "code": "Rights to restriction and to object_08", "description": "Ensure that all recipients of the processing are notified of the objections submitted by the data subjects.", "importance": 0, "uuid": "e2421127-348a-4457-b196-1e7d88c67e82" }, { "code": "Rights to restriction and to object_09", "description": "[processing via telephone] Provide a mechanism allowing data subjects to express their objection by telephone.", "importance": 0, "uuid": "b53d86b0-4b43-45e2-bc95-d38f27521377" }, { "code": "Rights to restriction and to object_10", "description": "[processing via electronic form] Create an easily accessible form with opt-out boxes to check or allow the user to unsubscribe from a service (delete an account).", "importance": 0, "uuid": "a5742264-b164-426c-be4f-a8a2030e4768" }, { "code": "Rights to restriction and to object_11", "description": "[processing via email] Ensure that the sender of the messages is clearly identified.", "importance": 0, "uuid": "2b0fb90e-89d0-4030-b177-3bb617a63893" }, { "code": "Rights to restriction and to object_12", "description": "[processing via email] Ensure that the body of the messages relates to the subject of the messages.", "importance": 0, "uuid": "8d9c1918-8b86-47b3-a9f7-d7d78fe9c3fb" }, { "code": "Rights to restriction and to object_13", "description": "[processing via email] Allow recipients to object by responding to the message or by clicking on a link. Individuals should not be required to identify themselves to unsubscribe.", "importance": 0, "uuid": "cb78228a-4041-44a8-a689-bf6578874463" }, { "code": "Rights to restriction and to object_14", "description": "[processing via a connected object or mobile app] Existence of \"Privacy\" settings in mobile apps.", "importance": 0, "uuid": "6bb37898-960e-4ca7-98e7-95e81e4bddd3" }, { "code": "Rights to restriction and to object_15", "description": "[processing via a connected object or mobile app] Allow the mobile app user to object to the collection of special data.", "importance": 0, "uuid": "7459271b-d172-4ad6-81da-cb209817a995" }, { "code": "Rights to restriction and to object_16", "description": "[processing via a connected object or mobile app] Take underage users into account.", "importance": 0, "uuid": "44daf7b1-6e18-4b46-a66c-f79b94e4cfe2" }, { "code": "Rights to restriction and to object_17", "description": "[processing via a connected object or mobile app] Properly stop any collection of data where the user withdraws his/her consent.", "importance": 0, "uuid": "145b5b1e-fadd-46ee-942a-645112753615" }, { "code": "Risk management_01", "description": "List the personal data processing operations, whether automated or otherwise, the data processed (e.g. client files, contracts) and the supporting assets on which they rely.", "importance": 0, "uuid": "fe95ad70-790a-456e-a46e-1585608fe899" }, { "code": "Risk management_02", "description": "Assess the way in which the fundamental principles (information, consent, right of access, etc.) are respected.", "importance": 0, "uuid": "814d402c-daf5-4f3b-88e7-82cfc5f7b1c9" }, { "code": "Risk management_03", "description": "Assess the risks of each processing.", "importance": 0, "uuid": "c70188fa-c058-415e-a704-5f089a20faec" }, { "code": "Risk management_04", "description": "Implement and check the planned measures. Where the existing and planned measures are considered appropriate for guaranteeing the right level of security in light of the risks, their application and monitoring must be ensured.", "importance": 0, "uuid": "f5f11b9a-a9f1-4836-8da4-a3a7ef479e93" }, { "code": "Risk management_05", "description": "Make sure a security audit is carried out periodically \u2013 annually where possible. Each audit must be accompanied by an action plan, the implementation of which should be monitored at the highest level.", "importance": 0, "uuid": "9335ac84-9854-4c75-8841-c059c9e9ed6a" }, { "code": "Risk management_06", "description": "Update the map periodically and at each major change.", "importance": 0, "uuid": "09c8fe47-6d8e-4130-b6f4-98127bfe2eb2" }, { "code": "Staff management_01", "description": "Make sure that individuals who have access to personal data and the processing of such data are qualified for their jobs.", "importance": 0, "uuid": "7f6b0b2f-b85a-4b3d-a7ab-69d4d1a08f4d" }, { "code": "Staff management_02", "description": "Make sure that the working conditions of individuals with access to personal data and the processing of such data are satisfactory.", "importance": 0, "uuid": "c80aacb6-80d5-4222-92b7-d7482e0da130" }, { "code": "Staff management_03", "description": "Raise the awareness of individuals with access to personal data and the processing of such data about the risks associated with exploitation of their vulnerabilities.", "importance": 0, "uuid": "2aaa85f4-a8a1-4d03-940c-fed3552a5943" }, { "code": "Storage durations_01", "description": "Define, for each data category, storage durations that are time-limited and appropriate to the purpose of the processing and/or legal requirements.", "importance": 0, "uuid": "9364fb43-09ae-42e0-b273-8b2b0ff24d39" }, { "code": "Storage durations_02", "description": "Check that the processing enables the end of the storage duration to be detected (set up an automatic mechanism based on the date on which the data are created or last used).", "importance": 0, "uuid": "2d0ddcc8-aca7-4833-b10a-1ce35039f496" }, { "code": "Storage durations_03", "description": "Confirm that the processing allows the deletion of personal data when the storage duration expires and that the method chosen to delete them is appropriate to the risks to privacy of the data subjects.", "importance": 0, "uuid": "fb34159c-869f-47fd-afdb-07d7c5c6add6" }, { "code": "Storage durations_04", "description": "Once the storage duration has expired, subject to intermediate archiving of the necessary data, delete the data with immediate effect.", "importance": 0, "uuid": "e662c3c9-6b20-48fc-afbf-4940f89193a6" }, { "code": "Supervision_01", "description": "Regularly inspect personal data processing operations to ensure that they comply with GDPR as well as the effectiveness and appropriateness of planned measures.", "importance": 0, "uuid": "ab36dcfc-8acd-4ef4-9670-0951f2d038b4" }, { "code": "Supervision_02", "description": "Set data protection objectives in the field of privacy and define indicators for determining whether these objectives are met.", "importance": 0, "uuid": "46bac0c0-104c-498f-bb3e-af702c95c734" }, { "code": "Supervision_03", "description": "Regularly assess data protection.", "importance": 0, "uuid": "93b8e97a-f1bb-4962-a3e2-c78138ff0c93" }, { "code": "Surveillance_01", "description": "Set up a logging architecture that retains a record of security incidents and the time they occurred.", "importance": 0, "uuid": "5480b920-a87a-4e8d-903c-4e2b959a0749" }, { "code": "Surveillance_02", "description": "Select the incidents to be logged based on the context, supporting assets (including workstations, firewall, network equipment and servers), risks and legal framework.", "importance": 0, "uuid": "1e9bfd52-15f3-4d71-aded-d530a582999f" }, { "code": "Surveillance_03", "description": "Comply with the requirements of GDPR if the logged events include personal data.", "importance": 0, "uuid": "1c5e91ea-3a5e-4e49-a151-2d221f650842" }, { "code": "Surveillance_04", "description": "Conduct periodic analyses of the logged information, and if needs be establish a system that detects weak signals automatically.", "importance": 0, "uuid": "36c52a02-e84b-4850-aef7-6643002bbe07" }, { "code": "Surveillance_05", "description": "Retain the incident logs for six months unless legal and regulatory restrictions require specific storage durations.", "importance": 0, "uuid": "860a6f94-976b-4761-985c-c3a4d220be70" }, { "code": "Surveillance_06", "description": "[firewall] Establish a filtering policy that prohibits any direct communication between the internal workstations and the exterior (permit connections only via the firewall) and allow only those flows that are explicitly authorized (firewall blockage of all connections except those identified as necessary).", "importance": 0, "uuid": "b0998e5c-5e6f-4f1a-97f0-4997f2b1a8f2" }, { "code": "Surveillance_07", "description": "[firewall] Log all successful authorized connections and all rejected attempts to connect.", "importance": 0, "uuid": "bbaedcb2-560f-43a1-a28b-3a3fb9a77181" }, { "code": "Surveillance_08", "description": "[firewall] Export the logs via a secure channel to a dedicated server.", "importance": 0, "uuid": "6ef6c9a0-bcab-4aa5-9fe6-e848a88ad46a" }, { "code": "Surveillance_09", "description": "[network equipment] Log the activity on each port of a switch or a router.", "importance": 0, "uuid": "c0cd756e-dc5a-4cf7-aa43-da45f3fcbd60" }, { "code": "Surveillance_10", "description": "[network equipment] Export the logs to a dedicated server using an integrated client syslog or via a netflow.", "importance": 0, "uuid": "c2e4f784-1347-499f-a76d-180a78756afd" }, { "code": "Surveillance_11", "description": "[network equipment] Monitor the volume based on times and monitor compliance with any access control lists (ACL) for the routers.", "importance": 0, "uuid": "90a8ee4a-7138-44e2-a52d-a55ddeaf0b15" }, { "code": "Surveillance_12", "description": "[server] Log as much information as possible regarding client requests on the web servers to identify configuration defects and injections of SQL queries.", "importance": 0, "uuid": "e1b1359e-d937-4028-a6a2-1d3da2c2c44a" }, { "code": "Surveillance_13", "description": "[server] Log users' activity on the proxy servers.", "importance": 0, "uuid": "657c1b9d-6675-40b5-9a6d-5f29e4d12d7c" }, { "code": "Surveillance_14", "description": "[server] Log all queries made to the DNS servers, whether issued by Internet users or internal network clients.", "importance": 0, "uuid": "89954a92-cae7-4685-8ec1-552af649cc8f" }, { "code": "Surveillance_15", "description": "[server] Log the time- and date-stamped authentication data and the length of each connection on the remote access servers.", "importance": 0, "uuid": "43f776b1-40c5-4c10-b220-306e85583ac7" }, { "code": "Surveillance_16", "description": "[server] Log the reception and management of messages on the messaging servers.", "importance": 0, "uuid": "ebda03ad-7d72-45ab-8c85-f71b89ed797e" }, { "code": "Traceability_01", "description": "Depending on the country in question, justify the choice of remote hosting and indicate the legal supervision arrangements implemented in order to ensure adequate protection of the data which are subject to a cross-border transfer.", "importance": 0, "uuid": "c124943d-08c4-45b2-97ce-17eeff247a10" }, { "code": "Traceability_02", "description": "Set up user authentication making it possible to attribute the logged incidents.", "importance": 0, "uuid": "94de88c6-f55d-451b-a844-4c97bc3b677c" }, { "code": "Traceability_03", "description": "Comply with the requirements of GDPR as regards logged events attached to an identified user.", "importance": 0, "uuid": "e0e84602-ed80-4927-bd9e-cc4fc032869c" }, { "code": "Traceability_04", "description": "Conduct periodic analyses of the logged information and, if needs be, establish a system that detects abnormal activity automatically.", "importance": 0, "uuid": "04f41149-f24e-4120-aa99-78c0e30448c6" }, { "code": "Transfer outside EU_01", "description": "State the geographic storage location for the different types of processing data.", "importance": 0, "uuid": "9f6b1062-13cd-4ecb-a43c-bcbab3655af6" }, { "code": "Transfer outside EU_02", "description": "Depending on the country in question, justify the choice of remote hosting and indicate the legal supervision arrangements implemented in order to ensure adequate protection of the data which are subject to a cross-border transfer.", "importance": 0, "uuid": "94e7783a-5e67-45a6-a439-01f0492fdc1e" }, { "code": "Website_01", "description": "Use a certificate signed by an \"approved\" trusted root authority.", "importance": 0, "uuid": "d49de769-1ea6-4046-a829-5e1990c6042f" }, { "code": "Website_02", "description": "Traffic encryption must be guaranteed by TLS; then, it is necessary to configure the web server so that this only accepts this type of protocol (particularly exclude the SSL protocol and render encryption compulsory during SSL negotiations)", "importance": 0, "uuid": "d8f38e66-61a1-4033-b530-3cef1ec16aed" }, { "code": "Website_03", "description": "Define a Content-Security-Policy only including stakeholders whom you authorize to place content on your website.", "importance": 0, "uuid": "2e7e68ce-861c-417a-893e-5034dcb9f559" }, { "code": "Website_04", "description": "Conduct on-site security audits.", "importance": 0, "uuid": "ffca4dc3-0dff-4c78-95bd-0aca191f8f23" }, { "code": "Workstations_01", "description": "Ensure that the IT department provides users with workstations that are kept secure and in working order.", "importance": 0, "uuid": "b1fcea2c-d822-4ccf-9fb2-ba401a747610" }, { "code": "Workstations_02", "description": "Small workstations, especially laptops, can be easily stolen. They must therefore be equipped with anti-theft cables whenever their users are not nearby and the premises are not protected by physical security measures.", "importance": 0, "uuid": "6b75e464-9a3f-4e3f-8605-e6bf06e320df" }, { "code": "Workstations_03", "description": "Retrieve data, except for data defined as private or personal, from workstations before they are assigned to other persons.", "importance": 0, "uuid": "dd87892a-27d0-4680-be98-aa1d9372c722" }, { "code": "Workstations_04", "description": "Erase data from workstations before assigning them to other persons or if such workstations are shared.", "importance": 0, "uuid": "82ed5d4a-9600-407e-898e-eac4c2936f4f" }, { "code": "Workstations_05", "description": "Delete temporary data each time a person logs onto a shared workstation.", "importance": 0, "uuid": "c15b93e3-9ef1-4efb-a5f6-018c1d176b53" }, { "code": "Workstations_06", "description": "If a workstation becomes compromised, inspect the system for all signs of intrusion in order to determine whether other information has been compromised by the attacker.", "importance": 0, "uuid": "5b1d0450-a746-4688-97f5-08b1283c1db4" }, { "code": "Workstations_07", "description": "Maintain systems and applications up-to-date (versions, security patches, etc.) or, where this is not possible (e.g. applications available only on a system that is no longer supported by the software company), isolate the machine and closely monitor the logs.", "importance": 0, "uuid": "a50db22c-4108-4c18-8209-d860708f07a0" }, { "code": "Workstations_08", "description": "Document configurations and update them whenever major changes are made.", "importance": 0, "uuid": "caec7b23-f185-4bac-ac21-275f8c109b52" }, { "code": "Workstations_09", "description": "Reduce the possibilities of misuse.", "importance": 0, "uuid": "7002e5b3-1696-4cbb-b698-8e019bb3b0ef" }, { "code": "Workstations_10", "description": "Protect workstations access.", "importance": 0, "uuid": "5e0092bc-7eb8-4599-8a0a-728aa7e224cf" }, { "code": "Workstations_11", "description": "Enable protection measures afforded by the system and the applications.", "importance": 0, "uuid": "390ad031-333f-4449-bf96-5aa2b34f02ac" }, { "code": "Workstations_12", "description": "Prohibit local sharing of directories or data on workstations.", "importance": 0, "uuid": "7b5ff016-d3fc-4468-88a0-8a73cb5e153c" }, { "code": "Workstations_13", "description": "Store user data on a backed-up network space, not on workstations.", "importance": 0, "uuid": "9dc44b61-d124-47f5-a272-25023edea841" }, { "code": "Workstations_14", "description": "If data must be stored on a local workstation, provide users with means of synchronization or backup and inform them how to use these means.", "importance": 0, "uuid": "130bf4ae-d3f4-4409-96a1-0d91c37f261e" }, { "code": "Workstations_15", "description": "Secure the configuration of Web browsers.", "importance": 0, "uuid": "6481e72d-5c49-40a0-bedb-452ac59836ff" }, { "code": "Workstations_16", "description": "Deploy a secure browser on all servers that are to be used to access the Internet or an intranet.", "importance": 0, "uuid": "72bf8a1c-b98c-476d-8d6a-4feb688d8e70" }, { "code": "Workstations_17", "description": "Limit the number of plugins, remove any that are not used, regularly update those that are left installed.", "importance": 0, "uuid": "319fcc62-4d32-4903-9ba1-aef7d58c0900" }, { "code": "Workstations_18", "description": "Prohibit the use of downloaded applications that are not from safe sources.", "importance": 0, "uuid": "df180601-4736-4f3f-a3ff-aee76f31a5ea" }, { "code": "Workstations_19", "description": "Search for exploitable vulnerabilities.", "importance": 0, "uuid": "1399ed3f-423f-4a7f-8143-646477f3bb22" }, { "code": "Workstations_20", "description": "Check system integrity using integrity checkers (which check the integrity of selected files).", "importance": 0, "uuid": "87b654c1-47a5-4c35-848b-f53a8404907a" }, { "code": "Workstations_21", "description": "Confirm that the maximum size of the incident logs is adequate and, in particular, that the oldest incidents are not automatically deleted if the maximum size is reached.", "importance": 0, "uuid": "f36a4d0b-ba0b-4c36-bca6-39f5ee193e1d" }, { "code": "Workstations_22", "description": "Log application, security and system-related incidents.", "importance": 0, "uuid": "02cc65ae-2522-4ebf-97a0-4f3d3230736e" }, { "code": "Workstations_23", "description": "Export the logs using domain management functionalities or via a client syslog.", "importance": 0, "uuid": "c74af249-f469-40e3-bee4-631299caf240" }, { "code": "Workstations_24", "description": "Analyze primarily the connection and disconnection times, the type of protocol used to connect and the type of user who uses it, the original IP connection address, successive connection failures and unplanned interruptions of applications or tasks.", "importance": 0, "uuid": "3a08d397-5234-43c4-bef4-74c23bd83bab" }, { "code": "Workstations_25", "description": "[mobile devices] Encrypt personal data stored on mobile devices.", "importance": 0, "uuid": "3c61efd4-f671-49ac-8137-e942341c0d75" }, { "code": "Workstations_26", "description": "[mobile devices] Limit the amount of personal data stored on mobile devices to the strict minimum, and prohibit such storage during travel abroad if needs be.", "importance": 0, "uuid": "1e3d14e1-2acd-4510-9428-52222cb5366e" }, { "code": "Workstations_27", "description": "[mobile devices] Ensure the availability of personal data stored on mobile devices.", "importance": 0, "uuid": "afd91008-7339-4160-8193-998cc570f2e5" }, { "code": "Workstations_28", "description": "[mobile devices] Erase personal data from mobile devices as soon as such data is entered in the organization's information system.", "importance": 0, "uuid": "07b2d2df-e1b9-4752-9be9-aab849ac6bda" }, { "code": "Workstations_29", "description": "[mobile devices] Place privacy filters on mobile devices whenever they are used outside the organization.", "importance": 0, "uuid": "55607dc8-949c-4d95-a216-f602a0d61958" }, { "code": "Workstations_30", "description": "[smartphones] Configure smartphones before delivering them to users.", "importance": 0, "uuid": "b84dfff8-2705-4b25-8fc7-eea8b61f9af4" }, { "code": "Workstations_31", "description": "[smartphones] Inform users, such as in a memo provided at delivery, about how to use their phone, the applications installed on it (e.g. Business Mail, Exchange, etc.), the services provided, and the security rules to be followed.", "importance": 0, "uuid": "96e207b0-160a-4d9f-818c-5a6098b88685" }, { "code": "Workstations_32", "description": "[server] Isolate the server from the rest of the network in a specific DMZ or VLAN, use up-to-date virus, spyware and spam protection, immediately install operating system security updates, authenticate devices with digital certificates (where possible), etc.", "importance": 0, "uuid": "df5cfbbc-c589-49ac-ac0c-4eafe4e815ee" }, { "code": "Workstations_33", "description": "[smartphones] Secure phones at the end of their life cycle.", "importance": 0, "uuid": "28662b29-7c3b-43cd-8ba8-952298ae3a8f" } ], "version": 1 } 2021-04-13T13:03:22.339585+00:00 https://objects.monarc.lu/object/get/5122 COVID-19 2021-06-20T03:57:49.965077+00:00 MONARC { "a": true, "c": false, "code": "COVID-19", "description": "Corona virus", "i": false, "label": "Corona virus", "language": "EN", "theme": "Loss of essential services", "uuid": "1d5d4e81-1b8a-46eb-a00f-6c6d35ef816d" } 2021-04-13T13:06:49.310656+00:00 https://objects.monarc.lu/object/get/5203 Coronavirus: COVID-19 2021-06-20T03:57:49.964805+00:00 MONARC { "authors": [ "The MONARC project" ], "label": "Preventive measures to avoid the contanination and to lower the impact of a contamination of an employee with COVID-19", "language": "EN", "refs": [ "https://gouvernement.lu/coronavirus" ], "uuid": "8e0715b2-192e-4535-b0cb-d62f71e33ce1", "values": [ { "code": "COVID-19_Rec-1", "description": "Wash your hands regularly and properly.", "importance": 3, "uuid": "43a89c13-8660-4ee4-83e5-98fda07031cf" }, { "code": "COVID-19_Rec-2", "description": "Do you cough or sneeze? Do it in a tissue or in the crease of the elbow. Throw the tissue in a bin with a lid.", "importance": 3, "uuid": "6031a6a6-f840-4e9a-8487-c8ac7d63db9f" }, { "code": "COVID-19_Rec-3", "description": "Avoid shaking hands or kissing.", "importance": 3, "uuid": "9dc7bc8f-5433-4518-8261-a00ec0c8fd6a" }, { "code": "COVID-19_Rec-4", "description": "Avoid close contact with sick people (keep a distance of at least 2 meters).", "importance": 3, "uuid": "5e9f15cb-cf84-44b7-8388-d7c063e45eff" }, { "code": "COVID-19_Rec-5", "description": "Stay home if you are sick. Don't go to work!", "importance": 3, "uuid": "b505aa3e-369f-49e4-b65a-3a8c0f2d3ce2" }, { "code": "COVID-19_Rec-6", "description": "Avoid touching your face with your hands as much as possible.", "importance": 3, "uuid": "880e6e99-c4a1-4f5f-82f8-41c6609a7ff1" }, { "code": "COVID-19_Rec-7", "description": "Keep up-to-date documentation of workflows.", "importance": 3, "uuid": "67bbd888-c5d7-4ccb-804a-befee66eea49" }, { "code": "COVID-19_Rec-8", "description": "Regularly train employees in order to prevent single point of failure.", "importance": 3, "uuid": "69fd1d1c-c848-4c0b-b3d9-92e9b03984a4" } ], "version": 1 } 2021-04-13T13:07:02.477106+00:00 https://objects.monarc.lu/object/get/5200 Preventive Measure 2021-06-20T03:57:49.963591+00:00 MISP { "authors": [ "Various" ], "label": "Preventive Measure", "uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65", "values": [ { "code": "Backup and Restore Process", "description": "Make sure to have adequate backup processes on place and frequently test a restore of these backups.(Schr\u00f6dinger's backup - it is both existent and non-existent until you've tried a restore", "importance": 0, "uuid": "5f942376-ea5b-4b23-9c26-81d3aeba7fb4" }, { "code": "Block Macros", "description": "Disable macros in Office files downloaded from the Internet. This can be configured to work in two different modes:A.) Open downloaded documents in 'Protected View'B.) Open downloaded documents and block all macros", "importance": 0, "uuid": "79563662-8d92-4fd1-929a-9b8926a62685" }, { "code": "Disable WSH", "description": "Disable Windows Script Host", "importance": 0, "uuid": "e6df1619-f8b3-476c-b5cf-22b4c9e9dd7f" }, { "code": "Filter Attachments Level 1", "description": "Filter the following attachments on your mail gateway:.ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .ht, .hta, .inf, .ins, .isp, .jar, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .ocx, .pcd, .ps1, .reg, .scr, .sct, .shs, .svg, .url, .vb, .vbe, .vbs, .wbk, .wsc, .ws, .wsf, .wsh, .exe, .pif, .pub", "importance": 0, "uuid": "7055b72b-b113-4f93-8387-e6f58ce5fc92" }, { "code": "Filter Attachments Level 2", "description": "Filter the following attachments on your mail gateway:(Filter expression of Level 1 plus) .doc, .xls, .rtf, .docm, .xlsm, .pptm", "importance": 0, "uuid": "8c9bbbf5-a321-4eb1-8c03-a399a9687687" }, { "code": "Restrict program execution", "description": "Block all program executions from the %LocalAppData% and %AppData% folder", "importance": 0, "uuid": "6a234b1d-8e86-49c4-91d6-cc3be3d04f74" }, { "code": "Show File Extensions", "description": "Set the registry key \"HideFileExt\" to 0 in order to show all file extensions, even of known file types. This helps avoiding cloaking tricks that use double extensions. (e.g. \"not_a_virus.pdf.exe\")", "importance": 0, "uuid": "5b911d46-66c8-4180-ab97-663a0868264e" }, { "code": "Enforce UAC Prompt", "description": "Enforce administrative users to confirm an action that requires elevated rights", "importance": 0, "uuid": "3f8c55db-611e-4831-b624-f9cbdc3b0e11" }, { "code": "Remove Admin Privileges", "description": "Remove and restrict administrative rights whenever possible. Malware can only modify files that users have write access to.", "importance": 0, "uuid": "168f94d3-4ffc-4ea6-8f2e-8ba699f0fef6" }, { "code": "Restrict Workstation Communication", "description": "Activate the Windows Firewall to restrict workstation to workstation communication", "importance": 0, "uuid": "fb25c345-0cee-4ae7-ab31-c1c801cde1c2" }, { "code": "Sandboxing Email Input", "description": "Using sandbox that opens email attachments and removes attachments based on behavior analysis", "importance": 0, "uuid": "7960740f-71a5-42db-8a1a-1c7ccbf83349" }, { "code": "Execution Prevention", "description": "Software that allows to control the execution of processes - sometimes integrated in Antivirus softwareFree: AntiHook, ProcessGuard, System Safety Monitor", "importance": 0, "uuid": "bfda0c9e-1303-4861-b028-e0506dd8861c" }, { "code": "Change Default \"Open With\" to Notepad", "description": "Force extensions primarily used for infections to open up in Notepad rather than Windows Script Host or Internet Explorer", "importance": 0, "uuid": "3b7bc1b2-e04f-4492-b3b1-87bb6701635b" }, { "code": "File Screening", "description": "Server-side file screening with the help of File Server Resource Manager", "importance": 0, "uuid": "79769940-7cd2-4aaa-80da-b90c0372b898" }, { "code": "Restrict program execution #2", "description": "Block program executions (AppLocker)", "importance": 0, "uuid": "feb6cddb-4182-4515-94dc-0eadffcdc098" }, { "code": "EMET", "description": "Detect and block exploitation techniques", "importance": 0, "uuid": "5f0a749f-88f2-4e6e-8fd8-46307f8439f6" }, { "code": "Sysmon", "description": "Detect Ransomware in an early stage with new Sysmon 5 File/Registry monitoring", "importance": 0, "uuid": "1b1e5664-4250-459b-adbb-f0b33f64bf7e" }, { "code": "Blacklist-phone-numbers", "description": "Filter the numbers at phone routing level including PABX", "importance": 0, "uuid": "123e20c5-8f44-4de5-a183-6890788e5a81" }, { "code": "ACL", "description": "Restrict access to shares users should not be allowed to write to", "importance": 0, "uuid": "3e7a7fb5-8db2-4033-8f4f-d76721819765" } ], "version": 3 } 2021-04-13T13:08:05.850559+00:00 https://objects.monarc.lu/object/get/5204 MITRE ATT&CK - Mobile Mitigations 2021-06-20T03:57:49.963287+00:00 MONARC { "authors": [ "MITRE ATT&CK\u00ae" ], "label": "MITRE ATT&CK - Mobile Mitigations", "language": "EN", "refs": [ "https://attack.mitre.org/mitigations/mobile/" ], "uuid": "f3caa83b-28fb-49fd-b7ad-6e4cd1aaad07", "values": [ { "code": "M1013 - Application Developer Guidance", "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.", "importance": 0, "uuid": "90624dfc-21b6-4172-8848-a4042860656b" }, { "code": "M1005 - Application Vetting", "description": "Enterprises can vet applications for exploitable vulnerabilities or unwanted (privacy-invasive or malicious) behaviors. Enterprises can inspect applications themselves or use a third-party service.", "importance": 0, "uuid": "7fd9df45-7351-420c-8116-57d48fa23c40" }, { "code": "M1002 - Attestation", "description": "Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.", "importance": 0, "uuid": "5617161e-a40d-461a-ae8e-6a0650392e3a" }, { "code": "M1007 - Caution with Device Administrator Access", "description": "Warn device users not to accept requests to grant Device Administrator access to applications without good reason.", "importance": 0, "uuid": "63138250-3821-45f3-a820-55d0ffa30367" }, { "code": "M1010 - Deploy Compromised Device Detection Method", "description": "A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.", "importance": 0, "uuid": "6501d616-1a60-4b38-a40a-847ad5d28058" }, { "code": "M1009 - Encrypt Network Traffic", "description": "Application developers should encrypt all of their application network traffic using the Transport Layer Security (TLS) protocol to ensure protection of sensitive data and deter network-based attacks. If desired, application developers could perform message-based encryption of data before passing it for TLS encryption.", "importance": 0, "uuid": "c591b8fd-5f57-4064-b5c5-f0acd38ae41f" }, { "code": "M1012 - Enterprise Policy", "description": "An enterprise mobility management (EMM), also known as mobile device management (MDM), system can be used to provision policies to mobile devices to control aspects of their allowed behavior.", "importance": 0, "uuid": "b141135f-2c2f-4588-9d4c-6c7abd243e23" }, { "code": "M1014 - Interconnection Filtering", "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests.", "importance": 0, "uuid": "6066f816-7914-4228-96b6-155f4501d70c" }, { "code": "M1003 - Lock Bootloader", "description": "On devices that provide the capability to unlock the bootloader (hence allowing any operating system code to be flashed onto the device), perform periodic checks to ensure that the bootloader is locked.", "importance": 0, "uuid": "148c35e1-7837-42a2-9884-4e475a48e6a3" }, { "code": "M1001 - Security Updates", "description": "Install security updates in response to discovered vulnerabilities.", "importance": 0, "uuid": "057adb3d-1eeb-4f04-a9c6-c08b514bc785" }, { "code": "M1004 - System Partition Integrity", "description": "Ensure that Android devices being used include and enable the Verified Boot capability, which cryptographically ensures the integrity of the system partition.", "importance": 0, "uuid": "daa42611-836d-464e-aab5-80d41da314cf" }, { "code": "M1006 - Use Recent OS Version", "description": "New mobile operating system versions bring not only patches against discovered vulnerabilities but also often bring security architecture improvements that provide resilience against potential vulnerabilities or weaknesses that have not yet been discovered. They may also bring improvements that block use of observed adversary techniques.", "importance": 0, "uuid": "f4bbe273-dc6c-4b5d-8c66-286effded2c7" }, { "code": "M1011 - User Guidance", "description": "Describes any guidance or training given to users to set particular configuration settings or avoid specific potentially risky behaviors.", "importance": 0, "uuid": "8f023e31-b83d-4323-ba0e-888ec025b35f" } ], "version": 6.3 } 2021-04-13T13:09:24.093861+00:00 https://objects.monarc.lu/object/get/5205 MITRE ATT&CK - Enterprise Mitigations 2021-06-20T03:57:49.961854+00:00 MONARC { "authors": [ "MITRE ATT&CK\u00ae" ], "label": "MITRE ATT&CK - Enterprise Mitigations", "language": "EN", "refs": [ "https://attack.mitre.org/mitigations/enterprise/" ], "uuid": "355a1506-4d46-4ace-a044-234ba5cc00e4", "values": [ { "code": "M1036 - Account Use Policies", "description": "Configure features related to account use like login attempt lockouts, specific login times, etc.", "importance": 0, "uuid": "5fc7d0fc-e28d-4f7a-a403-7e7bdda88e0d" }, { "code": "M1015 - Active Directory Configuration", "description": "Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.", "importance": 0, "uuid": "4aa9409f-bf4c-43c4-985b-a1435854c378" }, { "code": "M1049 - Antivirus/Antimalware", "description": "Use signatures or heuristics to detect malicious software.", "importance": 0, "uuid": "26347771-8c53-40f8-8416-de6ebce40d52" }, { "code": "M1013 - Application Developer Guidance", "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.", "importance": 0, "uuid": "a45f1b4e-169a-4ce9-b1a8-aa3a06eda460" }, { "code": "M1048 - Application Isolation and Sandboxing", "description": "Restrict execution of code to a virtual environment on or in transit to an endpoint system.", "importance": 0, "uuid": "b01fca12-12d0-498b-a2ea-d6d526094393" }, { "code": "M1047 - Audit", "description": "Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.", "importance": 0, "uuid": "fe0afbce-14d2-4fc0-b9d9-0ded2d2d46bf" }, { "code": "M1040 - Behavior Prevention on Endpoint", "description": "Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.", "importance": 0, "uuid": "2d4bd512-601b-428d-8c96-93eb0f8ab270" }, { "code": "M1046 - Boot Integrity", "description": "Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.", "importance": 0, "uuid": "7b98e144-2052-4365-a644-e439dd0b50f3" }, { "code": "M1045 - Code Signing", "description": "Enforce binary and application integrity with digital signature verification to prevent untrusted code from executing.", "importance": 0, "uuid": "b1bf2dc7-78a8-42d5-8912-3aff922f2c53" }, { "code": "M1043 - Credential Access Protection", "description": "Use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping.", "importance": 0, "uuid": "645905d3-2e47-45e8-b61d-35ee230d162c" }, { "code": "M1053 - Data Backup", "description": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.", "importance": 0, "uuid": "f687063a-4811-4782-9e6d-47368554818c" }, { "code": "M1042 - Disable or Remove Feature or Program", "description": "Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.", "importance": 0, "uuid": "479cf2d6-6772-4b07-9e3d-748c3c64acdd" }, { "code": "M1055 - Do Not Mitigate", "description": "This category is to associate techniques that mitigation might increase risk of compromise and therefore mitigation is not recommended.", "importance": 0, "uuid": "a5927ec6-60da-4367-8e4e-a6db261c2433" }, { "code": "M1041 - Encrypt Sensitive Information", "description": "Protect sensitive information with strong encryption.", "importance": 0, "uuid": "5c4c5b69-fc94-4922-b9a3-c7a621faaca8" }, { "code": "M1039 - Environment Variable Permissions", "description": "Prevent modification of environment variables by unauthorized users and groups.", "importance": 0, "uuid": "2ffd3b45-aa5f-4363-a6e9-c9c8dec111b6" }, { "code": "M1038 - Execution Prevention", "description": "Block execution of code on a system through application whitelisting, blacklisting, and/or script blocking.", "importance": 0, "uuid": "4d4ea32d-ec56-4eba-b22a-0ef3a1946a21" }, { "code": "M1050 - Exploit Protection", "description": "Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.", "importance": 0, "uuid": "25a8c89c-382f-4431-87ea-3b886e07c1ab" }, { "code": "M1037 - Filter Network Traffic", "description": "Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.", "importance": 0, "uuid": "c50e3dd7-d87b-498c-892c-d0683c38b1e1" }, { "code": "M1035 - Limit Access to Resource Over Network", "description": "Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc.", "importance": 0, "uuid": "bb516ce1-5241-428b-ad41-ef292ef4b691" }, { "code": "M1034 - Limit Hardware Installation", "description": "Block users or groups from installing or using unapproved hardware on systems, including USB devices.", "importance": 0, "uuid": "ac4469fb-cfa0-4979-8a0e-d5137e1cf750" }, { "code": "M1033 - Limit Software Installation", "description": "Block users or groups from installing unapproved software.", "importance": 0, "uuid": "cdddeaa0-0ff7-4dda-8d8d-2836bd65862f" }, { "code": "M1032 - Multi-factor Authentication", "description": "Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.", "importance": 0, "uuid": "65bcbe9f-e7cb-4262-b5d4-dddc79bb4740" }, { "code": "M1031 - Network Intrusion Prevention", "description": "Use intrusion detection signatures to block traffic at network boundaries.", "importance": 0, "uuid": "cd1c61bb-0655-4d10-93a8-4f19fe409802" }, { "code": "M1030 - Network Segmentation", "description": "Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network.", "importance": 0, "uuid": "992b2dff-d6d5-4af8-adf6-e05a21c48fcb" }, { "code": "M1028 - Operating System Configuration", "description": "Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques.", "importance": 0, "uuid": "33242a01-d66e-4361-9cd0-6c84e5ed405a" }, { "code": "M1027 - Password Policies", "description": "Set and enforce secure password policies for accounts.", "importance": 0, "uuid": "87f7ae7d-d7af-40e5-8e26-ed046e49ecec" }, { "code": "M1026 - Privileged Account Management", "description": "Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root.", "importance": 0, "uuid": "237dc8eb-d3e8-4561-80c9-d6c10f3101dd" }, { "code": "M1025 - Privileged Process Integrity", "description": "Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures.", "importance": 0, "uuid": "4f82cb16-f43a-4032-bebb-63e901dc669d" }, { "code": "M1029 - Remote Data Storage", "description": "Use remote security log and sensitive file storage where access can be controlled better to prevent exposure of intrusion detection log data or sensitive information.", "importance": 0, "uuid": "cb442fee-310a-4bd4-a5ac-0607a1132d80" }, { "code": "M1022 - Restrict File and Directory Permissions", "description": "Restrict access by setting directory and file permissions that are not specific to users or privileged accounts.", "importance": 0, "uuid": "556d2fa4-ec80-4012-8d42-cf2aa003883c" }, { "code": "M1044 - Restrict Library Loading", "description": "Prevent abuse of library loading mechanisms in the operating system and software to load untrusted code by configuring appropriate library loading mechanisms and investigating potential vulnerable software.", "importance": 0, "uuid": "81ff3e62-c8a5-437d-90af-a90a77a7240b" }, { "code": "M1024 - Restrict Registry Permissions", "description": "Restrict the ability to modify certain hives or keys in the Windows Registry.", "importance": 0, "uuid": "4a464358-5cb8-471b-8f42-b222cff6ee23" }, { "code": "M1021 - Restrict Web-Based Content", "description": "Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.", "importance": 0, "uuid": "0874d800-bded-4bd1-a5a8-d68f83db734e" }, { "code": "M1054 - Software Configuration", "description": "Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.", "importance": 0, "uuid": "7a99e33f-0fb4-487a-b965-f19d7c6d0977" }, { "code": "M1020 - SSL/TLS Inspection", "description": "Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.", "importance": 0, "uuid": "e4cf1546-a2cb-4d8d-8bd2-a88bd60b2fb4" }, { "code": "M1019 - Threat Intelligence Program", "description": "A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities to mitigate risk.", "importance": 0, "uuid": "1af3aa74-5d49-4285-a9d1-a15cc9fb84b9" }, { "code": "M1051 - Update Software", "description": "Perform regular software updates to mitigate exploitation risk.", "importance": 0, "uuid": "541d848f-2672-42f6-be1c-6b1b0f76100e" }, { "code": "M1052 - User Account Control", "description": "Configure Windows User Account Control to mitigate risk of adversaries obtaining elevated process access.", "importance": 0, "uuid": "3d3be1de-7d06-4f89-a8a5-c73e06384f4d" }, { "code": "M1018 - User Account Management", "description": "Manage the creation, modification, use, and permissions associated to user accounts.", "importance": 0, "uuid": "8d1fcda5-0e35-43c8-aab5-2b2bebf97c4c" }, { "code": "M1017 - User Training", "description": "Train users to to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.", "importance": 0, "uuid": "9e318f0b-0864-4150-a50c-6e1118dd69e7" }, { "code": "M1016 - Vulnerability Scanning", "description": "Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.", "importance": 0, "uuid": "406160f2-9c33-44c2-b1d2-852478fe050d" } ], "version": 6.3 } 2021-04-13T13:10:22.882035+00:00 https://objects.monarc.lu/object/get/5206 Data 2021-06-20T03:57:49.960203+00:00 Various contributors { "object": { "asset": { "amvs": [], "asset": { "code": "INFO", "description": "Sensitive or essential information", "label": "Information", "language": "EN", "type": "Primary", "uuid": "d2023ca5-44d1-11e9-a78c-0800277f0571", "version": 1 }, "measures": [], "threats": [], "vuls": [] }, "children": [], "object": { "label": "Electronic data to protect", "language": "EN", "name": "Data", "scope": "local", "uuid": "96e69fc9-513c-11e9-ac8c-0800277f0571", "version": 1 }, "rolfRisks": [], "rolfTags": [] } } 2021-05-19T09:59:43.016318+00:00