CAF Framework – Alsid Alignment – For Banking & Finance and other Key UK services Sectors
Principle: A2 Risk Management
The organisation takes appropriate steps to identify, assess and understand security risks to the network and information systems supporting the operation of essential functions. This includes an overall organisational approach to risk management.
A2.a Risk Management Process
Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.
Principle: B2 Identity and Access Control
The organisation understands, documents and manages access to networks and information systems supporting the operation of essential functions. Users (or automated functions) that can access data or systems are appropriately verified, authenticated and authorised.
B2.a Identity Verification, Authentication and Authorisation
You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.
B2.c Privileged User Management
You closely manage privileged user access to networks and information systems supporting the essential function.
B2.d Identity and Access Management (IdAM)
You assure good management and maintenance of identity and access control for your networks and information systems supporting the essential function.
B4.a Secure by Design
You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability.
B4.b Secure Configuration
You securely configure the network and information systems that support the operation of essential functions.
B4.c Secure Management
You manage your organisation’s network and information systems that support the operation of essential functions to enable and maintain security.
B4.d. Vulnerability Management
You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.
Principle: B5 Resilient Networks and Systems
The organisation builds resilience against cyber-attack and system failure into the design, implementation, operation and management of systems that support the operation of essential functions.
B5.a Resilience Preparation
You are prepared to restore the operation of your essential function following adverse impact
B5.b Design for Resilience
You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated.
C1.a Monitoring Coverage
The data sources that you include in your monitoring allow for timely identification of security events which might affect the operation of your essential function.
C1.c Generating Alerts
Evidence of potential security incidents contained in your monitoring data is reliably identified and triggers alerts.
C1.d Identifying Security Incidents
You contextualise alerts with knowledge of the threat and your systems, to identify those security incidents that require some form of response.
Principle: C2 Proactive Security Event Discovery
The organisation detects, within networks and information systems, malicious activity affecting, or with the potential to affect, the operation of essential functions even when the activity evades standard signature based security prevent/detect solutions (or when standard solutions are not deployable).
C2.a System Abnormalities for Attack Detection
You define examples of abnormalities in system behaviour that provide practical ways of detecting malicious activity that is otherwise hard to identify.
C2.b Proactive Attack Discovery
You use an informed understanding of more sophisticated attack methods and of normal system behaviour to monitor proactively for malicious activity.