NIST CSF: DE.AE-1 Subcategory
From NIST's Cyber Security Framework (version 1):
A baseline of network operations and expected data flows for users and systems is established and managed
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Security of network services (13.1.2)
ISO 27001:2013 -
Network controls (13.1.1)
ISO 27001:2013 -
Documented operating procedures (12.1.1)
ISO 27001:2013 -
Change management (12.1.2)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Establish triggers to evaluate CSMS (4.4.3.3)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
ATT&CK ID | Title | Associated Tactics |
---|---|---|
T1484 | Domain Policy Modification | Defense Evasion, Privilege Escalation |
T1505.004 | IIS Components | Persistence |
T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |
T1003.005 | Cached Domain Credentials | Credential Access |
T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
T1137.001 | Office Template Macros | Persistence |
T1553.003 | SIP and Trust Provider Hijacking | Defense Evasion |
T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
T1602 | Data from Configuration Repository | Collection |
T1036.001 | Invalid Code Signature | Defense Evasion |
T1059.001 | PowerShell | Execution |
T1555.005 | Password Managers | Credential Access |
T1563.002 | RDP Hijacking | Lateral Movement |
T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
T1003.004 | LSA Secrets | Credential Access |
T1537 | Transfer Data to Cloud Account | Exfiltration |
T1037.005 | Startup Items | Persistence, Privilege Escalation |
T1218.013 | Mavinject | Defense Evasion |
T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
T1574.010 | Services File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
T1059.006 | Python | Execution |
T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
T1036.005 | Match Legitimate Name or Location | Defense Evasion |
T1056.002 | GUI Input Capture | Collection, Credential Access |
T1110.003 | Password Spraying | Credential Access |
T1211 | Exploitation for Defense Evasion | Defense Evasion |
T1070.002 | Clear Linux or Mac System Logs | Defense Evasion |
T1029 | Scheduled Transfer | Exfiltration |
T1055.014 | VDSO Hijacking | Defense Evasion, Privilege Escalation |
T1059.002 | AppleScript | Execution |
T1218.009 | Regsvcs/Regasm | Defense Evasion |
T1098.003 | Additional Cloud Roles | Persistence, Privilege Escalation |
T1569 | System Services | Execution |
T1552.004 | Private Keys | Credential Access |
T1205 | Traffic Signaling | Command and Control, Defense Evasion, Persistence |
T1578.001 | Create Snapshot | Defense Evasion |
T1565 | Data Manipulation | Impact |
T1558.004 | AS-REP Roasting | Credential Access |
T1055.001 | Dynamic-link Library Injection | Defense Evasion, Privilege Escalation |
T1070.008 | Clear Mailbox Data | Defense Evasion |
T1135 | Network Share Discovery | Discovery |
T1564.002 | Hidden Users | Defense Evasion |
T1602.001 | SNMP (MIB Dump) | Collection |
T1547.012 | Print Processors | Persistence, Privilege Escalation |
T1499.003 | Application Exhaustion Flood | Impact |
T1555 | Credentials from Password Stores | Credential Access |
T1055.004 | Asynchronous Procedure Call | Defense Evasion, Privilege Escalation |
T1213 | Data from Information Repositories | Collection |
T1114.003 | Email Forwarding Rule | Collection |
T1070 | Indicator Removal | Defense Evasion |
T1102.003 | One-Way Communication | Command and Control |
T1055.011 | Extra Window Memory Injection | Defense Evasion, Privilege Escalation |
T1055.005 | Thread Local Storage | Defense Evasion, Privilege Escalation |
T1552.001 | Credentials In Files | Credential Access |
T1564.004 | NTFS File Attributes | Defense Evasion |
T1566.001 | Spearphishing Attachment | Initial Access |
T1613 | Container and Resource Discovery | Discovery |
T1095 | Non-Application Layer Protocol | Command and Control |
T1078.002 | Domain Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
T1003.002 | Security Account Manager | Credential Access |
T1040 | Network Sniffing | Credential Access, Discovery |
T1132.001 | Standard Encoding | Command and Control |
T1557.003 | DHCP Spoofing | Collection, Credential Access |
T1218.001 | Compiled HTML File | Defense Evasion |
T1070.001 | Clear Windows Event Logs | Defense Evasion |
T1574.005 | Executable Installer File Permissions Weakness | Defense Evasion, Persistence, Privilege Escalation |
T1578.002 | Create Cloud Instance | Defense Evasion |
T1567 | Exfiltration Over Web Service | Exfiltration |
T1055.009 | Proc Memory | Defense Evasion, Privilege Escalation |
T1087.002 | Domain Account | Discovery |
T1213.001 | Confluence | Collection |
T1218.005 | Mshta | Defense Evasion |
T1053.002 | At | Execution, Persistence, Privilege Escalation |
T1610 | Deploy Container | Defense Evasion, Execution |
T1557 | Adversary-in-the-Middle | Collection, Credential Access |
T1025 | Data from Removable Media | Collection |
T1219 | Remote Access Software | Command and Control |
T1560 | Archive Collected Data | Collection |
T1572 | Protocol Tunneling | Command and Control |
T1574.009 | Path Interception by Unquoted Path | Defense Evasion, Persistence, Privilege Escalation |
T1553.005 | Mark-of-the-Web Bypass | Defense Evasion |
T1059.004 | Unix Shell | Execution |
T1102.002 | Bidirectional Communication | Command and Control |
T1562.002 | Disable Windows Event Logging | Defense Evasion |
T1598 | Phishing for Information | Reconnaissance |
T1566.003 | Spearphishing via Service | Initial Access |
T1562.010 | Downgrade Attack | Defense Evasion |
T1552.002 | Credentials in Registry | Credential Access |
T1003 | OS Credential Dumping | Credential Access |
T1573 | Encrypted Channel | Command and Control |
T1612 | Build Image on Host | Defense Evasion |
T1505.002 | Transport Agent | Persistence |
T1114.001 | Local Email Collection | Collection |
T1127 | Trusted Developer Utilities Proxy Execution | Defense Evasion |
T1550.003 | Pass the Ticket | Defense Evasion, Lateral Movement |
T1136.001 | Local Account | Persistence |
T1552.005 | Cloud Instance Metadata API | Credential Access |
T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
T1059.007 | JavaScript | Execution |
T1601.002 | Downgrade System Image | Defense Evasion |
T1055.002 | Portable Executable Injection | Defense Evasion, Privilege Escalation |
T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
T1571 | Non-Standard Port | Command and Control |
T1037.004 | RC Scripts | Persistence, Privilege Escalation |
T1566.002 | Spearphishing Link | Initial Access |
T1021.006 | Windows Remote Management | Lateral Movement |
T1553.004 | Install Root Certificate | Defense Evasion |
T1491 | Defacement | Impact |
T1573.001 | Symmetric Cryptography | Command and Control |
T1047 | Windows Management Instrumentation | Execution |
T1556.002 | Password Filter DLL | Credential Access, Defense Evasion, Persistence |
T1530 | Data from Cloud Storage | Collection |
T1601 | Modify System Image | Defense Evasion |
T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
T1218.012 | Verclsid | Defense Evasion |
T1222.001 | Windows File and Directory Permissions Modification | Defense Evasion |
T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
T1491.001 | Internal Defacement | Impact |
T1190 | Exploit Public-Facing Application | Initial Access |
T1072 | Software Deployment Tools | Execution, Lateral Movement |
T1037.003 | Network Logon Script | Persistence, Privilege Escalation |
T1204.003 | Malicious Image | Execution |
T1212 | Exploitation for Credential Access | Credential Access |
T1547.009 | Shortcut Modification | Persistence, Privilege Escalation |
T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
T1027.002 | Software Packing | Defense Evasion |
T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
T1071.002 | File Transfer Protocols | Command and Control |
T1499.002 | Service Exhaustion Flood | Impact |
T1011 | Exfiltration Over Other Network Medium | Exfiltration |
T1037.002 | Login Hook | Persistence, Privilege Escalation |
T1213.002 | Sharepoint | Collection |
T1568 | Dynamic Resolution | Command and Control |
T1133 | External Remote Services | Initial Access, Persistence |
T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
T1053.003 | Cron | Execution, Persistence, Privilege Escalation |
T1011.001 | Exfiltration Over Bluetooth | Exfiltration |
T1055 | Process Injection | Defense Evasion, Privilege Escalation |
T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
T1561.002 | Disk Structure Wipe | Impact |
T1003.006 | DCSync | Credential Access |
T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration |
T1562.006 | Indicator Blocking | Defense Evasion |
T1055.013 | Process Doppelgänging | Defense Evasion, Privilege Escalation |
T1569.002 | Service Execution | Execution |
T1052.001 | Exfiltration over USB | Exfiltration |
T1553.001 | Gatekeeper Bypass | Defense Evasion |
T1218 | System Binary Proxy Execution | Defense Evasion |
T1486 | Data Encrypted for Impact | Impact |
T1547.007 | Re-opened Applications | Persistence, Privilege Escalation |
T1055.008 | Ptrace System Calls | Defense Evasion, Privilege Escalation |
T1021.003 | Distributed Component Object Model | Lateral Movement |
T1574.001 | DLL Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
T1578.003 | Delete Cloud Instance | Defense Evasion |
T1485 | Data Destruction | Impact |
T1036 | Masquerading | Defense Evasion |
T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
T1574.008 | Path Interception by Search Order Hijacking | Defense Evasion, Persistence, Privilege Escalation |
T1552.006 | Group Policy Preferences | Credential Access |
T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
T1546.008 | Accessibility Features | Persistence, Privilege Escalation |
T1070.009 | Clear Persistence | Defense Evasion |
T1598.003 | Spearphishing Link | Reconnaissance |
T1528 | Steal Application Access Token | Credential Access |
T1114 | Email Collection | Collection |
T1647 | Plist File Modification | Defense Evasion |
T1110 | Brute Force | Credential Access |
T1036.007 | Double File Extension | Defense Evasion |
T1221 | Template Injection | Defense Evasion |
T1008 | Fallback Channels | Command and Control |
T1546.016 | Installer Packages | Persistence, Privilege Escalation |
T1552.003 | Bash History | Credential Access |
T1622 | Debugger Evasion | Defense Evasion, Discovery |
T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
T1204 | User Execution | Execution |
T1132.002 | Non-Standard Encoding | Command and Control |
T1059.008 | Network Device CLI | Execution |
T1210 | Exploitation of Remote Services | Lateral Movement |
T1027.007 | Dynamic API Resolution | Defense Evasion |
T1189 | Drive-by Compromise | Initial Access |
T1030 | Data Transfer Size Limits | Exfiltration |
T1001.001 | Junk Data | Command and Control |
T1222.002 | Linux and Mac File and Directory Permissions Modification | Defense Evasion |
T1136.002 | Domain Account | Persistence |
T1059.003 | Windows Command Shell | Execution |
T1499.001 | OS Exhaustion Flood | Impact |
T1053.006 | Systemd Timers | Execution, Persistence, Privilege Escalation |
T1570 | Lateral Tool Transfer | Lateral Movement |
T1220 | XSL Script Processing | Defense Evasion |
T1490 | Inhibit System Recovery | Impact |
T1598.001 | Spearphishing Service | Reconnaissance |
T1565.003 | Runtime Data Manipulation | Impact |
T1098.002 | Additional Email Delegate Permissions | Persistence, Privilege Escalation |
T1021 | Remote Services | Lateral Movement |
T1070.003 | Clear Command History | Defense Evasion |
T1489 | Service Stop | Impact |
T1505.003 | Web Shell | Persistence |
T1197 | BITS Jobs | Defense Evasion, Persistence |
T1546.003 | Windows Management Instrumentation Event Subscription | Persistence, Privilege Escalation |
T1543.002 | Systemd Service | Persistence, Privilege Escalation |
T1218.003 | CMSTP | Defense Evasion |
T1562.001 | Disable or Modify Tools | Defense Evasion |
T1499 | Endpoint Denial of Service | Impact |
T1071.001 | Web Protocols | Command and Control |
T1599.001 | Network Address Translation Traversal | Defense Evasion |
T1036.003 | Rename System Utilities | Defense Evasion |
T1564.007 | VBA Stomping | Defense Evasion |
T1539 | Steal Web Session Cookie | Credential Access |
T1555.002 | Securityd Memory | Credential Access |
T1599 | Network Boundary Bridging | Defense Evasion |
T1027 | Obfuscated Files or Information | Defense Evasion |
T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
T1602.002 | Network Device Configuration Dump | Collection |
T1055.012 | Process Hollowing | Defense Evasion, Privilege Escalation |
T1098.001 | Additional Cloud Credentials | Persistence, Privilege Escalation |
T1611 | Escape to Host | Privilege Escalation |
T1546.004 | Unix Shell Configuration Modification | Persistence, Privilege Escalation |
T1218.010 | Regsvr32 | Defense Evasion |
T1561.001 | Disk Content Wipe | Impact |
T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
T1001 | Data Obfuscation | Command and Control |
T1560.001 | Archive via Utility | Collection |
T1218.008 | Odbcconf | Defense Evasion |
T1021.004 | SSH | Lateral Movement |
T1542.005 | TFTP Boot | Defense Evasion, Persistence |
T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
T1132 | Data Encoding | Command and Control |
T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
T1003.001 | LSASS Memory | Credential Access |
T1114.002 | Remote Email Collection | Collection |
T1547.002 | Authentication Package | Persistence, Privilege Escalation |
T1546.014 | Emond | Persistence, Privilege Escalation |
T1491.002 | External Defacement | Impact |
T1110.004 | Credential Stuffing | Credential Access |
T1546.002 | Screensaver | Persistence, Privilege Escalation |
T1098 | Account Manipulation | Persistence, Privilege Escalation |
T1041 | Exfiltration Over C2 Channel | Exfiltration |
T1071 | Application Layer Protocol | Command and Control |
T1137 | Office Application Startup | Persistence |
T1566 | Phishing | Initial Access |
T1020.001 | Traffic Duplication | Exfiltration |
T1565.002 | Transmitted Data Manipulation | Impact |
T1548.003 | Sudo and Sudo Caching | Defense Evasion, Privilege Escalation |
T1127.001 | MSBuild | Defense Evasion |
T1505.005 | Terminal Services DLL | Persistence |
T1558 | Steal or Forge Kerberos Tickets | Credential Access |
T1080 | Taint Shared Content | Lateral Movement |
T1216 | System Script Proxy Execution | Defense Evasion |
T1558.002 | Silver Ticket | Credential Access |
T1559.002 | Dynamic Data Exchange | Execution |
T1563.001 | SSH Hijacking | Lateral Movement |
T1542.004 | ROMMONkit | Defense Evasion, Persistence |
T1201 | Password Policy Discovery | Discovery |
T1204.001 | Malicious Link | Execution |
T1562 | Impair Defenses | Defense Evasion |
T1547.003 | Time Providers | Persistence, Privilege Escalation |
T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
T1205.002 | Socket Filters | Command and Control, Defense Evasion, Persistence |
T1001.002 | Steganography | Command and Control |
T1136.003 | Cloud Account | Persistence |
T1185 | Browser Session Hijacking | Collection |
T1046 | Network Service Discovery | Discovery |
T1087.001 | Local Account | Discovery |
T1187 | Forced Authentication | Credential Access |
T1556.003 | Pluggable Authentication Modules | Credential Access, Defense Evasion, Persistence |
T1555.001 | Keychain | Credential Access |
T1564.006 | Run Virtual Instance | Defense Evasion |
T1505 | Server Software Component | Persistence |
T1563 | Remote Service Session Hijacking | Lateral Movement |
T1222 | File and Directory Permissions Modification | Defense Evasion |
T1071.004 | DNS | Command and Control |
T1564.009 | Resource Forking | Defense Evasion |
T1105 | Ingress Tool Transfer | Command and Control |
T1027.009 | Embedded Payloads | Defense Evasion |
T1564.010 | Process Argument Spoofing | Defense Evasion |
T1565.001 | Stored Data Manipulation | Impact |
T1204.002 | Malicious File | Execution |
T1218.002 | Control Panel | Defense Evasion |
T1573.002 | Asymmetric Cryptography | Command and Control |
T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
T1553 | Subvert Trust Controls | Defense Evasion |
T1564.008 | Email Hiding Rules | Defense Evasion |
T1021.001 | Remote Desktop Protocol | Lateral Movement |
T1574.007 | Path Interception by PATH Environment Variable | Defense Evasion, Persistence, Privilege Escalation |
T1216.001 | PubPrn | Defense Evasion |
T1547.008 | LSASS Driver | Persistence, Privilege Escalation |
T1102.001 | Dead Drop Resolver | Command and Control |
T1562.003 | Impair Command History Logging | Defense Evasion |
T1547.005 | Security Support Provider | Persistence, Privilege Escalation |
T1648 | Serverless Execution | Execution |
T1556.004 | Network Device Authentication | Credential Access, Defense Evasion, Persistence |
T1136 | Create Account | Persistence |
T1071.003 | Mail Protocols | Command and Control |
T1090.001 | Internal Proxy | Command and Control |
T1111 | Multi-Factor Authentication Interception | Credential Access |
T1104 | Multi-Stage Channels | Command and Control |
T1001.003 | Protocol Impersonation | Command and Control |
T1499.004 | Application or System Exploitation | Impact |
T1070.007 | Clear Network Connection History and Configurations | Defense Evasion |
T1555.004 | Windows Credential Manager | Credential Access |
T1559.003 | XPC Services | Execution |
T1059 | Command and Scripting Interpreter | Execution |
T1552 | Unsecured Credentials | Credential Access |
T1218.004 | InstallUtil | Defense Evasion |
T1003.003 | NTDS | Credential Access |
T1546.013 | PowerShell Profile | Persistence, Privilege Escalation |
T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
T1129 | Shared Modules | Execution |
T1106 | Native API | Execution |
T1561 | Disk Wipe | Impact |
T1176 | Browser Extensions | Persistence |
T1525 | Implant Internal Image | Persistence |
T1055.003 | Thread Execution Hijacking | Defense Evasion, Privilege Escalation |
T1119 | Automated Collection | Collection |
T1598.002 | Spearphishing Attachment | Reconnaissance |
T1548.001 | Setuid and Setgid | Defense Evasion, Privilege Escalation |
T1562.004 | Disable or Modify System Firewall | Defense Evasion |
T1548.002 | Bypass User Account Control | Defense Evasion, Privilege Escalation |
T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
T1052 | Exfiltration Over Physical Medium | Exfiltration |
T1087 | Account Discovery | Discovery |
T1568.002 | Domain Generation Algorithms | Command and Control |
T1090 | Proxy | Command and Control |
T1205.001 | Port Knocking | Command and Control, Defense Evasion, Persistence |
T1218.011 | Rundll32 | Defense Evasion |
T1027.008 | Stripped Payloads | Defense Evasion |
T1037 | Boot or Logon Initialization Scripts | Persistence, Privilege Escalation |
T1110.002 | Password Cracking | Credential Access |
T1005 | Data from Local System | Collection |
T1558.003 | Kerberoasting | Credential Access |
T1547.013 | XDG Autostart Entries | Persistence, Privilege Escalation |
T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
T1059.005 | Visual Basic | Execution |
T1218.014 | MMC | Defense Evasion |
T1559 | Inter-Process Communication | Execution |
T1078.001 | Default Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
T1021.005 | VNC | Lateral Movement |
T1601.001 | Patch System Image | Defense Evasion |
T1102 | Web Service | Command and Control |
T1203 | Exploitation for Client Execution | Execution |
T1092 | Communication Through Removable Media | Command and Control |
T1003.007 | Proc Filesystem | Credential Access |
T1110.001 | Password Guessing | Credential Access |
T1090.002 | External Proxy | Command and Control |
T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
T1554 | Compromise Client Software Binary | Persistence |
T1543.004 | Launch Daemon | Persistence, Privilege Escalation |
T1546 | Event Triggered Execution | Persistence, Privilege Escalation |
T1137.004 | Outlook Home Page | Persistence |
T1137.003 | Outlook Forms | Persistence |
T1505.001 | SQL Stored Procedures | Persistence |
T1218.007 | Msiexec | Defense Evasion |
T1137.005 | Outlook Rules | Persistence |
T1137.006 | Add-ins | Persistence |
T1137.002 | Office Test | Persistence |
T1543.003 | Windows Service | Persistence, Privilege Escalation |
T1134.005 | SID-History Injection | Defense Evasion, Privilege Escalation |
T1546.010 | AppInit DLLs | Persistence, Privilege Escalation |
T1558.001 | Golden Ticket | Credential Access |
T1559.001 | Component Object Model | Execution |
T1543.001 | Launch Agent | Persistence, Privilege Escalation |
T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
T1567.001 | Exfiltration to Code Repository | Exfiltration |
T1609 | Container Administration Command | Execution |
T1498 | Network Denial of Service | Impact |
T1090.003 | Multi-hop Proxy | Command and Control |
T1498.001 | Direct Network Flood | Impact |
T1498.002 | Reflection Amplification | Impact |
T1552.007 | Container API | Credential Access |
T1482 | Domain Trust Discovery | Discovery |
T1199 | Trusted Relationship | Initial Access |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
Control ID | Name | Description |
---|---|---|
B4.b | Secure Configuration | You securely configure the network and information systems that support the operation of essential functions. |
B3.b | Data in Transit | You have protected the transit of data important to the operation of the essential function. This includes the transfer of data to third parties. |
C1.a | Monitoring Coverage | The data sources that you include in your monitoring allow for timely identification of security events which might affect the operation of your essential function. |
A4.a | Supply Chain | The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used. |
B2.a | Identity Verification, Authentication and Authorisation | You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function. |
B4.a | Secure by Design | You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability. |