Куда я попал?
CIS Critical Security Controls v7.1 (SANS Top 20)
Framework
CSC 13.6
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
CSC 13.6 Encrypt Mobile Device Data
Utilize approved cryptographic mechanisms to protect enterprise data stored on all mobile devices.Обязательно для implementation Group 1 2 3
Похожие требования
NIST Cybersecurity Framework (RU):
PR.DS-1
PR.DS-1: Защищены данные находящиеся в состоянии покоя
Guideline for a healthy information system v.2.0 (EN):
31 STANDARD
/STANDARD
Frequent journeys in a professional context and the miniaturisation of IT hardware often lead to their loss or theft in a public space. This may put the sensitive data of the organization which is stored on it at risk.
Therefore, on all mobile hardware (laptops, smartphones, USB keys, external hard drives, etc.), only data that has already been encrypted must be stored, in order to maintain its confidentiality. Only confidential information (password, smart card, PIN code, etc.) will allow the person who has it to access this data.
A partition, archive or file encryption solution may be considered depending on the needs. Here, once again, it is essential to ensure the uniqueness and robustness of the decryption method used.
As far as possible, it is advisable to start by a complete disk encryption before considering archive and file encryption. These last two respond to different needs and can potentially leave the data storage medium unencrypted (backup files from office suites for example).
Frequent journeys in a professional context and the miniaturisation of IT hardware often lead to their loss or theft in a public space. This may put the sensitive data of the organization which is stored on it at risk.
Therefore, on all mobile hardware (laptops, smartphones, USB keys, external hard drives, etc.), only data that has already been encrypted must be stored, in order to maintain its confidentiality. Only confidential information (password, smart card, PIN code, etc.) will allow the person who has it to access this data.
A partition, archive or file encryption solution may be considered depending on the needs. Here, once again, it is essential to ensure the uniqueness and robustness of the decryption method used.
As far as possible, it is advisable to start by a complete disk encryption before considering archive and file encryption. These last two respond to different needs and can potentially leave the data storage medium unencrypted (backup files from office suites for example).
30 STANDARD
/STANDARD
Mobile devices (laptops, tablets and smartphones) are, naturally, exposed to loss and theft. They may contain sensitive information for the organization, locally, and constitute an entry point to wider resources of the information system. Beyond the minimal application of the organization’s security policies, specific security measures for these devices must therefore be provided.
First and foremost, users’ awareness must be raised to increase their level of vigilance during their trips and keep their devices within sight. Any organization, even a small sized one, may be the victim of a cyberattack. Consequently, when mobile, any device becomes a potential or even favoured target.
It is recommended that mobile devices are as ordinary as possible, avoiding any explicit mention of the organization they belong to (by displaying a sticker with the colours of the organization for example).
To avoid any indiscretion during journeys, especially on public transport or in waiting areas, a privacy filter must be placed on each screen..
Mobile devices (laptops, tablets and smartphones) are, naturally, exposed to loss and theft. They may contain sensitive information for the organization, locally, and constitute an entry point to wider resources of the information system. Beyond the minimal application of the organization’s security policies, specific security measures for these devices must therefore be provided.
First and foremost, users’ awareness must be raised to increase their level of vigilance during their trips and keep their devices within sight. Any organization, even a small sized one, may be the victim of a cyberattack. Consequently, when mobile, any device becomes a potential or even favoured target.
It is recommended that mobile devices are as ordinary as possible, avoiding any explicit mention of the organization they belong to (by displaying a sticker with the colours of the organization for example).
To avoid any indiscretion during journeys, especially on public transport or in waiting areas, a privacy filter must be placed on each screen..
ГОСТ Р № ИСО/МЭК 27001-2021 от 01.01.2022 "Информационная технология. Методы и средства обеспечения безопасности. Системы менеджмента информационной безопасности. Требования - Приложение А":
A.6.2.1
A.6.2.1 Политика использования мобильных устройств
Мера обеспечения информационной безопасности: Следует определить политику и реализовать поддерживающие меры безопасности для управления рисками информационной безопасности, связанными с использованием мобильных устройств
Мера обеспечения информационной безопасности: Следует определить политику и реализовать поддерживающие меры безопасности для управления рисками информационной безопасности, связанными с использованием мобильных устройств
Приказ ФСТЭК России № 17 от 11.02.2013 "Требования о защите информации, не составляющей государственную тайну, содержащейся в государственных информационных системах":
ЗИС.30
ЗИС.30 Защита мобильных технических средств, применяемых в информационной системе
Приказ ФСТЭК России № 31 от 14.03.2014 "Состав мер защиты информации и их базовые наборы для соответствующего класса защищенности автоматизированной системы управления":
ЗИС.38
ЗИС.38 Защита информации при использовании мобильных устройств
NIST Cybersecurity Framework (EN):
PR.DS-1
PR.DS-1: Data-at-rest is protected
Приказ ФСТЭК России № 239 от 25.12.2017 "Состав мер по обеспечению безопасности для значимого объекта соответствующей категории значимости":
ЗИС.38
ЗИС.38 Защита информации при использовании мобильных устройств
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.