jezcaudle/rails-caf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

caf_text was valid YAML but not valid for parsing - it is now!!

Browse Source
This commit is contained in:
Jez Caudle 2024-10-11 14:39:09 +01:00
parent 94fa2f5767
commit b725d2dd74
1 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
config/caf_text.yml
View File

@ -643,28 +643,29 @@ objectives:
- sub-principle: - sub-principle:
name: B5.b Design for Resilience name: B5.b Design for Resilience
description: You design the network and information systems supporting your essential function(s) to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated. description: You design the network and information systems supporting your essential function(s) to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated.
subprincipleitemgroup: subprincipleitemgroups:
kind: Not - subprincipleitemgroup:
condition: At least one kind: Not
subprincipleitem: condition: At least one
- Network and information systems supporting the operation of your essential function(s) are not appropriately segregated. subprincipleitem:
- Internet services, such as browsing and email, are accessible from network and information systems supporting the essential function(s). - Network and information systems supporting the operation of your essential function(s) are not appropriately segregated.
- You do not understand or lack plans to mitigate all resource limitations that could adversely affect your essential function(s). - Internet services, such as browsing and email, are accessible from network and information systems supporting the essential function(s).
subprincipleitemgroup: - You do not understand or lack plans to mitigate all resource limitations that could adversely affect your essential function(s).
kind: Partially - subprincipleitemgroup:
condition: All kind: Partially
subprincipleitem: condition: All
- Network and information systems supporting the operation of your essential function(s) are logically separated from your business systems (e.g. they reside on the same network as the rest of the organisation but within a DMZ). subprincipleitem:
- Internet services are not accessible from network and information systems supporting the essential function(s). - Network and information systems supporting the operation of your essential function(s) are logically separated from your business systems (e.g. they reside on the same network as the rest of the organisation but within a DMZ).
- Resource limitations (e.g. network bandwidth, single network paths) have been identified but not fully mitigated. - Internet services are not accessible from network and information systems supporting the essential function(s).
subprincipleitemgroup: - Resource limitations (e.g. network bandwidth, single network paths) have been identified but not fully mitigated.
kind: Achieved - subprincipleitemgroup:
condition: All kind: Achieved
subprincipleitem: condition: All
- Network and information systems supporting the operation of your essential function(s) are segregated from other business and external systems by appropriate technical and physical means (e.g. separate network and system infrastructure with independent user administration). Internet services are not accessible from network and information systems supporting the essential function(s). subprincipleitem:
- You have identified and mitigated all resource limitations (e.g. bandwidth limitations and single network paths). - Network and information systems supporting the operation of your essential function(s) are segregated from other business and external systems by appropriate technical and physical means (e.g. separate network and system infrastructure with independent user administration). Internet services are not accessible from network and information systems supporting the essential function(s).
- You have identified and mitigated any geographical constraints or weaknesses. (e.g. systems that your essential function(s) depends upon are replicated in another location, important network connectivity has alternative physical paths and service providers). - You have identified and mitigated all resource limitations (e.g. bandwidth limitations and single network paths).
- You review and update assessments of dependencies, resource and geographical limitations and mitigations when necessary. - You have identified and mitigated any geographical constraints or weaknesses. (e.g. systems that your essential function(s) depends upon are replicated in another location, important network connectivity has alternative physical paths and service providers).
- You review and update assessments of dependencies, resource and geographical limitations and mitigations when necessary.
- sub-principle: - sub-principle:
name: B5.c Backups name: B5.c Backups
description: You hold accessible and secured current backups of data and information needed to recover operation of your essential function(s). description: You hold accessible and secured current backups of data and information needed to recover operation of your essential function(s).