|
Certified Digital Security Level 5
The detailed guidance document (see download at the bottom of this page) explains what is required to achieve this level, a summary is below. The document is divided in to 3 sections:
Section 1 Executive Summary of the target level.
Section 2 General guidance of how to implement the security recommended at this level.
Section 3 The audit criteria (or what is required to pass the audit).
This single document contains all the information necessary to implement the security for, evidence the fact and pass the audit required to achieve CDS Validation for the site tested.
Summary
In continuing to improve security and resilience across the enterprise the organization needs to consider not only the technical measures but also those supporting processes which ensure that barriers and procedures are reviewed and maintained correctly, that elements of the organization away from normal premises does not put information at undue risk and USB devices are subjected to granular control.
To be compliant at Level 5, CDS requires the organisation is to have implemented the following:
Nominated IT Security Staff will ensure an organization will have a reliable group responsible for security matters as part of their duties who will understand the ethos, focus and objectives of the organization an important aspect of delivering a tailored solution.
Regular Review of Barriers by Audit allows the organization to gain confidence from their work, whilst directing focus to areas that are weaker or that represent higher risk.
An Audit will also reinforce and verify the implementation of the system Configuration Control.
Mandating Encryption of all Laptops and Securing Mobile Devices (PDAs, Mobile/Smart Phones) an organization can be confident that the loss or theft of these attractive items of equipment will only cost the replacement of the hardware, and not develop into a Public or Client Relations incident affecting confidence and stakeholder value in the organization.
Locking Down USB Ports the organization can be confident that their data is not exported or migrated without their knowledge or consent.
CDS Certification
CDS documents are provided to the community free of charge. Organizations are encouraged to get their work independently verified through the CDS Audit scheme from either a CDS certified auditor or a partnering organisation. See the Certification section for additional information.
This is a summary; please download the detailed guidance document below. Also listed, are any supporting documents published by CDS for this level.
Any errors, omissions, comments or questions should be sent to certifieddigitalsecurity.com via of web form.
All documentation provided is formatted as PDF and a free Adobe PDF viewer can be downloaded from this link.
|
