|
Certified Digital Security Level 4
The detailed guidance document (see download at the bottom of this page) explains what is required to achieve this level, a summary is below. The document is divided in to 3 sections:
Section 1 Executive Summary of the target level.
Section 2 General guidance of how to implement the security recommended at this level.
Section 3 The audit criteria (or what is required to pass the audit).
This single document contains all the information necessary to implement the security for, evidence the fact and pass the audit required to achieve CDS Validation for the site tested.
Summary
Level 4 represents the first of the Enhanced CDS Levels; here the focus switches to controls that are more technical.
To be compliant at Level 4, CDS requires the organisation is to have implemented the following:
Hardening the Public Facing Servers the organization reduces the attack surface and potentially vulnerable software. Replicating the Lock Down process on the Internal Servers will reduce the risk of an internal attacker being able to take control of servers and the data or resources they control.
Controlling Remote Access and blocking users from connecting personal or external systems by VPN to the corporate LAN, the export of data risk is significantly reduced.
Adopting Increased Levels of System Logging, the organization is better able to identify and stop attackers whilst providing greater post incident information for analysis.
Configuration Control will ensure this effort is maintained and sustained, by keeping the systems in the known state.
Implementing a Risk Register will allow management and technical staff to share visibility of the risks one group is managing and the other group is defending against. It is intended that this will allow the organization to communicate better the importance and criticality of the IT Systems to the organization.
USB Auditing will deter users from using non-approved or external USB Devices in the organization, reducing both data leakage risks and USB based attacks.
Mandating the use of WPA and WPA2 ensures that the highest level of Wi-Fi encryption is implemented, protecting the network from eavesdropping and attack.
CDS Certification
CDS documents are provided to the community free of charge. Organizations are encouraged to get their work independently verified through the CDS Audit scheme from either a CDS certified auditor or a partnering organisation. See the Certification section for additional information.
This is a summary; please download the detailed guidance document below. Also listed, are any supporting documents published by CDS for this level.
Any errors, omissions, comments or questions should be sent to certifieddigitalsecurity.com via of web form.
All documentation provided is formatted as PDF and a free Adobe PDF viewer can be downloaded from this link.
|
