Certified Digital Security (CDS) at the Advanced Level

Level 7

The first step in the Advanced standard group requires the organisation to have multi-skilled IT security staff able to audit and review barriers through testing, the deployment of Intrusion Detection/Prevention Systems, and the creation of an Incident Response Team.

Level 8

Support of the underlying security systems must be provided by the addition of encryption for both data at rest and across enterprise communications.  Administrators must hold formally recognised high-level qualifications, and normal users must undergo approved training.  Test and reference systems must be kept to permit the testing of patches and improvements.

Level 9

This ultimate level of CDS requires the organisation to subject all key systems to code review or use components and applications that have been formally evaluated; eg, Common Criteria. System configuration must be secured against alteration.