diff --git a/config/caf_text.yml b/config/caf_text.yml index de1a5f2..9156825 100644 --- a/config/caf_text.yml +++ b/config/caf_text.yml @@ -643,28 +643,29 @@ objectives: - sub-principle: name: B5.b Design for Resilience description: You design the network and information systems supporting your essential function(s) to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated. - subprincipleitemgroup: - kind: Not - condition: At least one - subprincipleitem: - - Network and information systems supporting the operation of your essential function(s) are not appropriately segregated. - - Internet services, such as browsing and email, are accessible from network and information systems supporting the essential function(s). - - You do not understand or lack plans to mitigate all resource limitations that could adversely affect your essential function(s). - subprincipleitemgroup: - kind: Partially - condition: All - subprincipleitem: - - Network and information systems supporting the operation of your essential function(s) are logically separated from your business systems (e.g. they reside on the same network as the rest of the organisation but within a DMZ). - - Internet services are not accessible from network and information systems supporting the essential function(s). - - Resource limitations (e.g. network bandwidth, single network paths) have been identified but not fully mitigated. - subprincipleitemgroup: - kind: Achieved - condition: All - subprincipleitem: - - Network and information systems supporting the operation of your essential function(s) are segregated from other business and external systems by appropriate technical and physical means (e.g. separate network and system infrastructure with independent user administration). Internet services are not accessible from network and information systems supporting the essential function(s). - - You have identified and mitigated all resource limitations (e.g. bandwidth limitations and single network paths). - - You have identified and mitigated any geographical constraints or weaknesses. (e.g. systems that your essential function(s) depends upon are replicated in another location, important network connectivity has alternative physical paths and service providers). - - You review and update assessments of dependencies, resource and geographical limitations and mitigations when necessary. + subprincipleitemgroups: + - subprincipleitemgroup: + kind: Not + condition: At least one + subprincipleitem: + - Network and information systems supporting the operation of your essential function(s) are not appropriately segregated. + - Internet services, such as browsing and email, are accessible from network and information systems supporting the essential function(s). + - You do not understand or lack plans to mitigate all resource limitations that could adversely affect your essential function(s). + - subprincipleitemgroup: + kind: Partially + condition: All + subprincipleitem: + - Network and information systems supporting the operation of your essential function(s) are logically separated from your business systems (e.g. they reside on the same network as the rest of the organisation but within a DMZ). + - Internet services are not accessible from network and information systems supporting the essential function(s). + - Resource limitations (e.g. network bandwidth, single network paths) have been identified but not fully mitigated. + - subprincipleitemgroup: + kind: Achieved + condition: All + subprincipleitem: + - Network and information systems supporting the operation of your essential function(s) are segregated from other business and external systems by appropriate technical and physical means (e.g. separate network and system infrastructure with independent user administration). Internet services are not accessible from network and information systems supporting the essential function(s). + - You have identified and mitigated all resource limitations (e.g. bandwidth limitations and single network paths). + - You have identified and mitigated any geographical constraints or weaknesses. (e.g. systems that your essential function(s) depends upon are replicated in another location, important network connectivity has alternative physical paths and service providers). + - You review and update assessments of dependencies, resource and geographical limitations and mitigations when necessary. - sub-principle: name: B5.c Backups description: You hold accessible and secured current backups of data and information needed to recover operation of your essential function(s).