Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
ID.AM-04.1: Organisations shall keep a clear and up-to-date list of all external services it uses, including how they connect to their systems. These services shall be reviewed and approved before use, and the list shall be updated whenever changes happen. |
|
ID.AM-04.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p51 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p36 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that all external services used by the organisation are clearly identified, reviewed, and kept up to date to reduce the risk of unauthorised access, unmanaged third-party dependencies, or service disruption across ICT and OT environments. To achieve this goal:</p><ul><li>Maintain an Inventory of External Services All external services relied upon by the organisation should be identified and documented. This includes services used in both IT and OT environments. The inventory should be updated whenever services are added, changed, or removed.</li><li>Describe and Map Service Connections The way each external service connects to internal systems should be clearly described and recorded. This includes remote access tools, cloud-based SCADA platforms, and vendor-managed OT systems.</li><li>Review and Approve Services Before Use External services should be reviewed and approved before being used. This process should verify that the service aligns with internal security, compliance, and operational requirements.</li><li>Categorise and Classify Services External services should be categorised by type (e.g. IaaS, SaaS, APIs) and classified based on their criticality and data sensitivity. This helps prioritise oversight and risk management efforts.</li><li>Integrate with Risk and Change Management The inventory should be integrated into broader risk and change management processes. Any changes to external services should trigger a review of associated risks and required controls.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that all external services used by the organisation are clearly identified, reviewed, and kept up to date to reduce the risk of unauthorised access, unmanaged third-party dependencies, or service disruption across ICT and OT environments. To achieve this goal: • Maintain an Inventory of External Services All external services relied upon by the organisation should be identified and documented. This includes services used in both IT and OT environments. The inventory should be updated whenever services are added, changed, or removed. • Describe and Map Service Connections The way each external service connects to internal systems should be clearly described and recorded. This includes remote access tools, cloud-based SCADA platforms, and vendor-managed OT systems. • Review and Approve Services Before Use External services should be reviewed and approved before being used. This process should verify that the service aligns with internal security, compliance, and operational requirements. • Categorise and Classify Services External services should be categorised by type (e.g. IaaS, SaaS, APIs) and classified based on their criticality and data sensitivity. This helps prioritise oversight and risk management efforts. • Integrate with Risk and Change Management The inventory should be integrated into broader risk and change management processes. Any changes to external services should trigger a review of associated risks and required controls. |
|
A general note, for any purpose. |
The goal of this control is to ensure that all external services used by the organisation are clearly identified, reviewed, and kept up to date to reduce the risk of unauthorised access, unmanaged third-party dependencies, or service disruption across ICT and OT environments. To achieve this goal: - Maintain an Inventory of External Services All external services relied upon by the organisation should be identified and documented. This includes services used in both IT and OT environments. The inventory should be updated whenever services are added, changed, or removed. - Describe and Map Service Connections The way each external service connects to internal systems should be clearly described and recorded. This includes remote access tools, cloud-based SCADA platforms, and vendor-managed OT systems. - Review and Approve Services Before Use External services should be reviewed and approved before being used. This process should verify that the service aligns with internal security, compliance, and operational requirements. - Categorise and Classify Services External services should be categorised by type (e.g. IaaS, SaaS, APIs) and classified based on their criticality and data sensitivity. This helps prioritise oversight and risk management efforts. - Integrate with Risk and Change Management The inventory should be integrated into broader risk and change management processes. Any changes to external services should trigger a review of associated risks and required controls. |
|
A general note, for any purpose. |
The goal of this control is to ensure that all external services used by the organisation are clearly identified, reviewed, and kept up to date to reduce the risk of unauthorised access, unmanaged third-party dependencies, or service disruption across ICT and OT environments. To achieve this goal: - Maintain an Inventory of External Services All external services relied upon by the organisation should be identified and documented. This includes services used in both IT and OT environments. The inventory should be updated whenever services are added, changed, or removed. - Describe and Map Service Connections The way each external service connects to internal systems should be clearly described and recorded. This includes remote access tools, cloud-based SCADA platforms, and vendor-managed OT systems. - Review and Approve Services Before Use External services should be reviewed and approved before being used. This process should verify that the service aligns with internal security, compliance, and operational requirements. - Categorise and Classify Services External services should be categorised by type (e.g. IaaS, SaaS, APIs) and classified based on their criticality and data sensitivity. This helps prioritise oversight and risk management efforts. - Integrate with Risk and Change Management The inventory should be integrated into broader risk and change management processes. Any changes to external services should trigger a review of associated risks and required controls. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
ID.AM-04.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
External services inventory and approval |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Organisations shall keep a clear and up-to-date list of all external services it uses, including how they connect to their systems. These services shall be reviewed and approved before use, and the list shall be updated whenever changes happen. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1