ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
Infrastructure Name:<insert name>Version 1 for SCIv2
2
Prepared By:<insert name>On Date:<insert date>21-Jan-19
3
Reviewed By:<insert name>On Date:<insert date>
4
5
MaturityMethods of enforcement Evidence
(Document Name and/or URL)
Version NumberDocument DateDocument Page or Section NumberComments
6
ValueS
7
Operational Security [OS]
8
OS1 - Security Person/Team3#REF!#REF!
9
OS2 - Risk Management Process2#REF!#REF!
10
OS3 - Security Plan (architecture, policies, controls) 2.02.0
11
OS3.1 - Authentication2
12
OS3.2 - Dynamic Response2
13
OS3.3 - Access Control2
14
OS3.4 - Physical and Network Security2
15
OS3.5 - Risk Mitigation2
16
OS3.6 - Confidentiality2
17
OS3.7 - Integrity and Availability22.02.0
18
OS3.8 - Disaster Recovery2
19
OS3.9 - Compliance Mechanisms2
20
OS4 - Security Patching22.02.0
21
OS4.1 - Patching Process2
22
OS4.2 - Patching Records and Communication2
23
OS5 - Vulnerability Mgmt20.00.0
24
OS5.1 - Vulnerability Process2
25
OS5.2 - Dynamic Response2
26
OS6 - Intrusion Detection0
27
OS7 - Regulate Access (including suspension)2
28
OS8 - Contact Information2
29
OS8.1 - Contact Users2
30
OS8.2 - Contact Service Providers2
31
OS9 - Policy Enforcement2
32
OS9.1 - Enforcement 2
33
OS9.2 - Escalation Procedure2
34
OS9.3 - Overriding Authority (Emergency Powers)2
35
OS10 - Security Assessment of Services (Design and Deployment)
2
36
Incident Response [IR] 1.51.5
37
IR1 - Contact Information2
38
IR1.1 - Contact Service Providers2
39
IR1.2 - Contact Communities2
40
IR2 - Incident Response Procedure3
41
IR2.1 - IR Roles & Responsibilities3
42
IR2.2 - IR Identification & Assessment3
43
IR2.3 - IR Minimizing Damage3
44
IR2.4 - IR Response & Recovery3
45
IR2.5 - IR Communication and Tracking Tools3
46
IR2.6 - IR Post-mortem Review32.02.0
47
IR3 - IR Collaboration2
48
IR3.1 - Internal Collaboration2
49
IR3.2 - External Collaboration33.03.0
50
IR3.3 - Testing capability2
51
IR4 - information Sharing Controls3
52
Traceability [TR] 2.02.0
53
TR1 - Traceability (who, what, where, when, how)2
54
TR1.1 - Production of Logs2
55
TR1.2 - Retention of Logs22.02.0
56
TR2 - Data Retention Period22.02.0
57
TR3 - Traceability Controls2
58
Participant Responsibilities [PR] 2.32.3
59
Participant Responsibilities [PRU] - Individual Users
60
PRU1 - AUP3
61
PRU1.1 - Defined Acceptable (Non-acceptable) Use3
62
PRU1.2 - User Registration3
63
PRU1.3 - Protection & Use of Credentials3
64
PRU1.4 - Data Protection & Privacy3
65
PRU1.5 - Disclaimers3
66
PRU1.6 - Liability3
67
PRU1.7 - Sanctions 2.02.0
68
PRU2 - User Awareness & Agreement2
69
PRU2.1 - User Awareness2
70
PRU2.2 - User Agreement22.02.0
71
PRU3 - Communication of extra requirements2
72
Participant Responsibilities [PRC] - Collections of Users
2.00.0
73
PRC1 - Policy Awareness2
74
PRC1.1 - Awareness2
75
PRC1.2 - Abide by22.02.0
76
PRC2 - User Registration & Management2
77
PRC2.1 - User Registration2
78
PRC2.2 - User Renewal2
79
PRC2.3 - User Suspension2
80
PRC2.4 - User Removal2
81
PRC3 - Responsibility for Actions22.02.0
82
PRC4 - User Identification - traceability22.02.0
83
PRC5 - Logs of Membership Management Actions22.02.0
84
PRC6 - Define Common Aims & Purposes3
85
Participant Responsibilities [PRS] - Service Providers22.02.0
86
PRS1 - Compliance Ensurement Procedures22.02.0
87
Data Protection [DP]33.03.0
88
DP1 - Policies for protection of personal data22.02.0
89
DP1.1 - Accounting Data22.02.0
90
DP1.2 - User Registration Data22.02.0
91
DP1.3 - Monitoring Data22.02.0
92
DP1.4 - Logging Data22.02.0
93
DP2 - Privacy Policy22.02.0
94
DP2.1 - Nature and Scope of Processing22.02.0
95
DP2.2 - User Rights (including Correction)22.02.0
96
DP2.3 - Protection against Unauthorised Disclosure22.02.0
97
Assessment Score3.54#REF!#REF!
98
Raw Score
99
Weight
100