Certified Digital Security (CDS) at the Enhanced Level

Level 4

This level represents the shift to the second standards group within the CDS model. To achieve this level the organisation needs to demonstrate a working configuration control strategy for all information assets, in addition to: restriction of internet-facing services and internal servers, control of USB Devices, control of remote access and wireless connections

Level 5

Gaining level 5 requires more formal establishment of IT security roles within the workforce, with reviews of all security measures being undertaken at set intervals by formal audit (both procedural and technical). USB facilities require tighter control and management, and encryption of portable IT assets must be undertaken.

Level 6

Formally established IT security roles are dedicated solely to the organization (although outsourcing is permissible). Regular sub-contractor staff should undergo background checks. All regular and permanent communications links beyond company premises to be encrypted, and Application Layer Firewalls are employed across the enterprise.  The organisation is subject to an annual Vulnerability Analysis (VA) and the reports recommendations implemented or mitigated.