Content library
CyberFundamentals (Belgium)
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity.

How to fill the requirement

CyberFundamentals (Belgium)

PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity.

Task name
Priority
Status
Theme
Policy
Other requirements
Technical review of data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
requirements

Task is fulfilling also these other security requirements

Article 26: Advanced testing of ICT tools, systems and processes based on TLPT
DORA
4.1: Tietojärjestelmien tietoturvallisuus
TiHL: Tietoturva
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity.
CyFun
1. Task description

The organization shall regularly review the technical compliance of the data systems with the organisation's requirements.

The review may use manual implementation by experienced professionals or automated tools (including intrusion testing).

The technical review shall always be planned and carried out by competent and pre-approved staff.

Regular malware inspection of data systems supporting critical business processes
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
requirements

Task is fulfilling also these other security requirements

12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full
PR.DS-6: Integrity checking
NIST
DE.CM-4: Malicious code detection
NIST
8.7: Protection against malware
ISO27k1 Full
1. Task description

The data systems (and their content) that support critical business processes are regularly reviewed to locate malware. All unauthorized files and changes will be formally investigated.

Change management procedure for significant changes to data processing services
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Secure development
requirements

Task is fulfilling also these other security requirements

14.2.2: System change control procedures
ISO27 Full
14.2.4: Restrictions on changes to software packages
ISO27 Full
PR.DS-6: Integrity checking
NIST
TEK-17: Muutoshallintamenettelyt
Julkri
8.32: Change management
ISO27k1 Full
1. Task description

Inadequate change management is a common cause of incidents for digital services.

An organization shall document the change management process that must be followed whenever significant changes are made to developed digital services or other computing services that affect cyber security. The process includes requirements e.g. for the following:

  • Defining and documenting the change
  • Assessing the risks and defining the necessary control measures
  • Other impact assessment of the change
  • Testing and quality assurance
  • Managed implementation of the change
  • Updating a change log
Security rules for the development and acquisition of data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system procurement
requirements

Task is fulfilling also these other security requirements

I13: Ohjelmistoilla toteutettavat pääsynhallintatoteutukset
Katakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
14.1.1: Information security requirements analysis and specification
ISO27 Full
14.1.2: Securing application services on public networks
ISO27 Full
14.2.5: Secure system engineering principles
ISO27 Full
1. Task description

Whenever new data systems are acquired or developed, pre-defined security rules are followed, taking into account the priority of the system. The rules ensure that adequate measures are taken to ensure the security of the data and data processing in the system.

Process for identifying and responding to system log faults
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
requirements

Task is fulfilling also these other security requirements

PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity.
CyFun
1. Task description

The organization must have pre-planned, clear policies for situations where logging or other access controls are suspected of failing. These situations should be reported to the appropriate authority without delay.

Different types of situations should have their own policies. Monitoring errors can be caused by software errors, log saving errors, log backup errors, or memory overflows.

No items found.