Back

Establish, implement, and maintain local environment security profiles.


CONTROL ID
07037
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Document the organization's local environments., CC ID: 06726

This Control has the following implementation support Control(s):
  • Include individuals assigned to the local environment in the local environment security profile., CC ID: 07038
  • Include security requirements in the local environment security profile., CC ID: 15717
  • Include the business processes assigned to the local environment in the local environment security profile., CC ID: 07039
  • Include the technology used in the local environment in the local environment security profile., CC ID: 07040
  • Include contact information for critical personnel assigned to the local environment in the local environment security profile., CC ID: 07041
  • Include facility information for the local environment in the local environment security profile., CC ID: 07042
  • Include facility access information for the local environment in the local environment security profile., CC ID: 11773
  • Disseminate and communicate the local environment security profile to interested personnel and affected parties., CC ID: 15716
  • Update the local environment security profile, as necessary., CC ID: 07043


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A local environment security profile for each local environment shall be documented and maintained, providing an overall picture of the environment, which helps support risk-based decisions and information security-related activities at both a corporate and local level. (CF.12.01.01, The Standard of Good Practice for Information Security)
  • Details about the security profile shall be recorded (e.g., in a spreadsheet, tailor-made database, or Document Management System). (CF.12.01.07a, The Standard of Good Practice for Information Security)
  • Details about the security profile shall be kept up-to-date (e.g., by a local security coordinator, information protection champion, or equivalent). (CF.12.01.07b, The Standard of Good Practice for Information Security)
  • Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as assessing information risks in the local environment. (CF.12.02.05b, The Standard of Good Practice for Information Security)
  • Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as delivering information security awareness messages to promote information security in the local environment. (CF.12.02.05d, The Standard of Good Practice for Information Security)
  • A local environment security profile for each local environment shall be documented and maintained, providing an overall picture of the environment, which helps support risk-based decisions and information security-related activities at both a corporate and local level. (CF.12.01.01, The Standard of Good Practice for Information Security, 2013)
  • Details about the security profile shall be recorded (e.g., in a spreadsheet, tailor-made database, or Document Management System). (CF.12.01.07a, The Standard of Good Practice for Information Security, 2013)
  • Details about the security profile shall be kept up-to-date (e.g., by a local security coordinator, information protection champion, or equivalent). (CF.12.01.07b, The Standard of Good Practice for Information Security, 2013)
  • Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as assessing information risks in the local environment. (CF.12.02.05b, The Standard of Good Practice for Information Security, 2013)
  • Information protection champions should support local information security co-ordinators by facilitating information security-related activities, such as delivering information security awareness messages to promote information security in the local environment. (CF.12.02.05d, The Standard of Good Practice for Information Security, 2013)