Объединенная экспертная группа по инициативе преобразования



страница29/48
Дата09.05.2018
Размер6.15 Mb.
1   ...   25   26   27   28   29   30   31   32   ...   48


ТАБЛИЦА D-18: МЕРЫ БЕЗОПАСНОСТИ ЗАЩИТЫ СИСТЕМ И КОММУНИКАЦИЙ - СВОДКА

CNTL

NO.

control name

Control Enhancement Name

withdrawn

assurance

control baselines

low

mod

high

SC-1

System and Communications Protection Policy and Procedures




x

x

x

x

SC-2

Application Partitioning




x




x

x

SC-2(1)

application partitioning | interfaces for non-privileged users




x










SC-3

Security Function Isolation




x







x

SC-3(1)

security function isolation | hardware separation




x










SC-3(2)

security function isolation | access / flow control functions




x










SC-3(3)

security function isolation | minimize nonsecurity functionality




x










SC-3(4)

security function isolation | module coupling and cohesiveness




x










SC-3(5)

security function isolation | layered structures




x










SC-4

Information in Shared Resources










x

x

SC-4(1)

information in shared resources | security levels

x

Incorporated into SC-4.

SC-4(2)

information in shared resources | periods processing
















SC-5

Denial of Service Protection







x

x

x

SC-5(1)

denial of service protection | restrict internal users
















SC-5(2)

denial of service protection | excess capacity / bandwidth / redundancy
















SC-5(3)

denial of service protection | detection / monitoring
















SC-6

Resource Availability




x










SC-7

Boundary Protection







x

x

x

SC-7(1)

boundary protection | physically separated subnetworks

x

Incorporated into SC-7.

SC-7(2)

boundary protection | public access

x

Incorporated into SC-7.

SC-7(3)

boundary protection | access points










x

x

SC-7(4)

boundary protection | external telecommunications services










x

x

SC-7(5)

boundary protection | deny by default / allow by exception










x

x

SC-7(6)

boundary protection | response to recognized failures

x

Incorporated into SC-7(18).

SC-7(7)

boundary protection | prevent split tunneling for remote devices










x

x

SC-7(8)

boundary protection | route traffic to authenticated proxy servers













x

SC-7(9)

boundary protection | restrict threatening outgoing communications traffic
















SC-7(10)

boundary protection | prevent unauthorized exfiltration
















SC-7(11)

boundary protection | restrict incoming communications traffic
















SC-7(12)

boundary protection | host-based protection
















SC-7(13)

boundary protection | isolation of security tools / mechanisms / support components
















SC-7(14)

boundary protection | protects against unauthorized physical connections
















SC-7(15)

boundary protection | route privileged network accesses
















SC-7(16)

boundary protection | prevent discovery of components / devices
















SC-7(17)

boundary protection | automated enforcement of protocol formats
















SC-7(18)

boundary protection | fail secure




x







x

SC-7(19)

boundary protection | blocks communication from non-organizationally configured hosts
















SC-7(20)

boundary protection | dynamic isolation / segregation
















SC-7(21)

boundary protection | isolation of information system components




x







x

SC-7(22)

boundary protection | separate subnets for connecting to different security domains




x










SC-7(23)

boundary protection | disable sender feedback on protocol validation failure
















SC-8

Transmission Confidentiality and Integrity










x

x

SC-8(1)

transmission confidentiality and integrity | cryptographic or alternate physical protection










x

x

SC-8(2)

transmission confidentiality and integrity | pre / post transmission handling
















SC-8(3)

transmission confidentiality and integrity | cryptographic protection for message externals
















SC-8(4)

transmission confidentiality and integrity | conceal / randomize communications
















SC-9

Transmission Confidentiality

x

Incorporated into SC-8.

SC-10

Network Disconnect










x

x

SC-11

Trusted Path




x










SC-11(1)

trusted path | logical isolation




x












Поделитесь с Вашими друзьями:
1   ...   25   26   27   28   29   30   31   32   ...   48


База данных защищена авторским правом ©vossta.ru 2019
обратиться к администрации

    Главная страница