Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Classification level IV (RESTRICTED)
1. Users and terminal devices are identified and authenticated sufficiently reliably. Transferring and handling of Classified Information between Security Areas (see F-04) is possible only by using compensative arrangements approved by competent authorities.
2. Classified Information has to be handled outside Security Areas in a way where unauthorized access to Classified Information is prevented. Personnel has been trained and instructed on secure remote use and management.
3. Unless the classification level IV (RESTRICTED) Classified Information stored on electronic media (hard drives, USB-sticks etc.) has been encrypted using a method approved bycompetent authority, storage media has to stay under constant supervision.
4. Remote use or management requires that the traffic will be encrypted by using a crypto solution approved by a competent authority to the respective classification level.
5. Information stored inside the terminal device has to be protected with an encryption solution, which is secure enough for the respective classification level and approved by a competent authority. Integrity of the terminal device has to be taken care of on an
appropriate level.
Classification levels III and II: in addition to the points 1 to 5 above
6. Classified Information may not be decrypted or read while travelling or on public place.
7. Remote use or management of systems is limited to Security Areas approved by competent authorities (see F-04). Note: exception valid only for national information in
point 8:
8. Only for national information classified on level III, remote use (handling) and storage is possible outside Security Areas with a terminal device dedicated for the respective level, by taking into account that a) information has been encrypted with a crypto solution
approved by a competent authority to the respective level and b) information security
aspects concerning the terminal device have been taken care of, bearing especially in mind
that the sufficient confidentiality and integrity have been ensured with a method approved
by a competent authority.
Classification level IV (RESTRICTED)
1. Users and terminal devices are identified and authenticated sufficiently reliably. Transferring and handling of Classified Information between Security Areas (see F-04) is possible only by using compensative arrangements approved by competent authorities.
2. Classified Information has to be handled outside Security Areas in a way where unauthorized access to Classified Information is prevented. Personnel has been trained and instructed on secure remote use and management.
3. Unless the classification level IV (RESTRICTED) Classified Information stored on electronic media (hard drives, USB-sticks etc.) has been encrypted using a method approved bycompetent authority, storage media has to stay under constant supervision.
4. Remote use or management requires that the traffic will be encrypted by using a crypto solution approved by a competent authority to the respective classification level.
5. Information stored inside the terminal device has to be protected with an encryption solution, which is secure enough for the respective classification level and approved by a competent authority. Integrity of the terminal device has to be taken care of on an
appropriate level.
Classification levels III and II: in addition to the points 1 to 5 above
6. Classified Information may not be decrypted or read while travelling or on public place.
7. Remote use or management of systems is limited to Security Areas approved by competent authorities (see F-04). Note: exception valid only for national information in
point 8:
8. Only for national information classified on level III, remote use (handling) and storage is possible outside Security Areas with a terminal device dedicated for the respective level, by taking into account that a) information has been encrypted with a crypto solution
approved by a competent authority to the respective level and b) information security
aspects concerning the terminal device have been taken care of, bearing especially in mind
that the sufficient confidentiality and integrity have been ensured with a method approved
by a competent authority.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
