Establish, implement, and maintain local environment security profiles.
CONTROL ID 07037
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Document the organization's local environments., CC ID: 06726
This Control has the following implementation support Control(s):
Include individuals assigned to the local environment in the local environment security profile., CC ID: 07038
Include security requirements in the local environment security profile., CC ID: 15717
Include the business processes assigned to the local environment in the local environment security profile., CC ID: 07039
Include the technology used in the local environment in the local environment security profile., CC ID: 07040
Include contact information for critical personnel assigned to the local environment in the local environment security profile., CC ID: 07041
Include facility information for the local environment in the local environment security profile., CC ID: 07042
Include facility access information for the local environment in the local environment security profile., CC ID: 11773
Disseminate and communicate the local environment security profile to interested personnel and affected parties., CC ID: 15716
Update the local environment security profile, as necessary., CC ID: 07043
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
A local environment security profile for each local environment shall be documented and maintained, providing an overall picture of the environment, which helps support risk-based decisions and information security-related activities at both a corporate and local level. (CF.12.01.01, The Standard of Good Practice for Information Security)
Details about the security profile shall be recorded (e.g., in a spreadsheet, tailor-made database, or Document Management System). (CF.12.01.07a, The Standard of Good Practice for Information Security)
Details about the security profile shall be kept up-to-date (e.g., by a local security coordinator, information protection champion, or equivalent). (CF.12.01.07b, The Standard of Good Practice for Information Security)
Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as assessing information risks in the local environment. (CF.12.02.05b, The Standard of Good Practice for Information Security)
Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as delivering information security awareness messages to promote information security in the local environment. (CF.12.02.05d, The Standard of Good Practice for Information Security)
A local environment security profile for each local environment shall be documented and maintained, providing an overall picture of the environment, which helps support risk-based decisions and information security-related activities at both a corporate and local level. (CF.12.01.01, The Standard of Good Practice for Information Security, 2013)
Details about the security profile shall be recorded (e.g., in a spreadsheet, tailor-made database, or Document Management System). (CF.12.01.07a, The Standard of Good Practice for Information Security, 2013)
Details about the security profile shall be kept up-to-date (e.g., by a local security coordinator, information protection champion, or equivalent). (CF.12.01.07b, The Standard of Good Practice for Information Security, 2013)
Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as assessing information risks in the local environment. (CF.12.02.05b, The Standard of Good Practice for Information Security, 2013)
Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as delivering information security awareness messages to promote information security in the local environment. (CF.12.02.05d, The Standard of Good Practice for Information Security, 2013)