본문 바로가기 주메뉴 바로가기
국회도서관 홈으로 정보검색 소장정보 검색

결과 내 검색

동의어 포함

목차보기

Title page 1

Contents 4

Structure of the Code of Practice 6

Section 1. Introduction and background 7

Introduction 7

The tiering system 8

Legal status of the Code of Practice 10

Implementation timeframes 11

Updating the Code of Practice 11

Section 2. Key concepts 13

1. Overarching key concepts 13

2. Network architecture 17

3. Protection of data and network functions 35

4. Protection of certain tools enabling monitoring or analysis 43

5. Monitoring and analysis 45

6. Supply chain 51

7. Prevention of unauthorised access or interference 59

8. Preparing for remediation and recovery 63

9. Governance 66

10. Reviews 68

11. Patching and updates 70

12. Competency 72

13. Testing 74

14. Assistance 77

Section 3. Technical guidance measures 79

Overarching security measures 79

Management plane 1 80

Signalling plane 1 80

Third party supplier measures 1 83

Supporting business processes 84

Management plane 2 86

Signalling plane 2 86

Third party supplier measures 2 87

Customer premises equipment 89

Third party supplier measures 3 90

Management plane 3 97

Signalling plane 3 102

Virtualisation 1 103

Third party supplier measures 4 107

Network Oversight Functions 107

Monitoring and analysis 1 109

Management plane 4 113

Signalling plane 4 113

Virtualisation 2 114

Monitoring and analysis 2 115

Retaining national resilience and capability 115

New Measures 117

Annex A - Glossary of terms 122

Annex B - Vendor Security Assessment 130

Annex C - Extracts from the Cyber Assessment Framework 153

Tables 30

Table 1. Signalling protocols 30

Table 2. Criticality and exposure-adjusted maximum timeframes for application of patches (from supplier release date) 71

Figures 19

Figure 1. Example of 'browse up' architecture 19

Figure 2. Example of 'browse-down' architecture 21

Figure 3. Example of containers 24

Figure 4. Virtualisation fabric broken into host 'pools' 25

Figure 5. Segregating trust domains using host pools 25