|
Certified Digital Security Level 3
The detailed guidance document (see download at the bottom of this page) explains what is required to achieve this level, a summary is below. The document is divided in to 3 sections:
Section 1 Executive Summary of the target level.
Section 2 General guidance of how to implement the security recommended at this level.
Section 3 The audit criteria (or what is required to pass the audit).
This single document contains all the information necessary to implement the security for, evidence the fact and pass the audit required to achieve CDS Validation for the site tested.
Summary
This level aims to continue building on the security procedures established in levels one and two whilst expanding the capabilities of support staff, establishing greater control of network assets and introducing physical and electronic security barriers.
To be compliant at Level 3, CDS requires the organisation is to have implemented the following:
A Software Audit requires to be conducted that will assist legal compliance and identify unnecessary or unauthorised programs.
Formal Administrator Training helps ensure that support activities are delivered correctly and from a position of knowledge rather than best intentions.
The deployment of a Stateful Firewall provides security of enterprise links to the outside world.
Secure Disposal ensures that sensitive data does not leave the organization on redundant equipment, hence the importance of only allowing organization-owned assets on the LAN.
A Business Continuity and Disaster Recovery Plan are introduced to provide organizational resilience to attack and disaster.
Physically Secure Servers and Data Stores increase the protection of sensitive information.
The Removal of Private and External Assets from the network, together with the requirement to Prevent Unauthorized Remote Access or Email Portals reduces the methods available to circumvent the physical security.
CDS Certification
CDS documents are provided to the community free of charge. Organizations are encouraged to get their work independently verified through the CDS Audit scheme from either a CDS certified auditor or a partnering organisation. See the Certification section for additional information.
This is a summary; please download the detailed guidance document below. Also listed, are any supporting documents published by CDS for this level.
Any errors, omissions, comments or questions should be sent to certifieddigitalsecurity.com.
All documentation provided is formatted as PDF and a free Adobe PDF viewer can be downloaded from this link.
|
