Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.IR-01.5: The organisation shall implement, where feasible, authenticated proxy servers or fire- walls with URL filtering and threat intelligence capabilities for defined communications traffic between its critical systems and external networks. |
|
PR.IR-01.5 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p134 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of cyber threats entering critical systems, by filtering and inspecting outbound and inbound communications through authenticated proxies or firewalls. To achieve this goal, the following should be considered: - Access Controls Proxy servers and firewalls should enforce strict access controls, allowing only authorised users and systems. Strong authentication methods, such as multi-factor authentication (MFA), should be used to support zero- trust principles. - Encryption Communications between clients and proxyservers should be encrypted using the most current and secure versions of SSL/TLS to protect against eavesdropping and man-in-the-middle attacks. - Threat Intelligence and URL Filtering - To effectively monitor and control communications across IT and OT environments, proxy servers and firewalls should: - Integrate threat intelligence feeds to detect and block known malicious domains, IPaddresses, and URLs. - Apply URL filtering to prevent access to harmful or unauthorised web content. - In OT environments, where systems often lack built-in security features, intelligent filtering at network boundaries should be used to: - Detect and block malicious traffic before it reaches critical systems. - Prevent data exfiltration and unauthorised external communication. - Enforce communication policies without disrupting operational processes. These measures should be part of a layered defence strategy that supports secure and reliable operations across both IT and OT domains. - Logging and Monitoring Detailed logging and continuous monitoring should be enabled to track access, detect anomalies, and support incident response. Logs should be regularly reviewed for signs of compromise. - Firewall Configuration Firewalls should be configured to allow only explicitly authorised traffic to and from proxy servers. A “deny by default” policy should be enforced. - Regular Updates and Patching Proxy servers, firewalls, and their underlying systems should be regularly updated and patched to address known vulnerabilities and maintain security effectiveness. - Performance and Reliability Load balancing should be used to distribute traffic across multiple proxy servers or firewalls, ensuring high availability and optimal performance. Resource usage should be monitored to prevent overload and degradation. |
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of cyber threats entering critical systems, by filtering and inspecting outbound and inbound communications through authenticated proxies or firewalls. To achieve this goal, the following should be considered: - Access Controls Proxy servers and firewalls should enforce strict access controls, allowing only authorised users and systems. Strong authentication methods, such as multi-factor authentication (MFA), should be used to support zero- trust principles. - Encryption Communications between clients and proxyservers should be encrypted using the most current and secure versions of SSL/TLS to protect against eavesdropping and man-in-the-middle attacks. - Threat Intelligence and URL Filtering - To effectively monitor and control communications across IT and OT environments, proxy servers and firewalls should: - Integrate threat intelligence feeds to detect and block known malicious domains, IPaddresses, and URLs. - Apply URL filtering to prevent access to harmful or unauthorised web content. - In OT environments, where systems often lack built-in security features, intelligent filtering at network boundaries should be used to: - Detect and block malicious traffic before it reaches critical systems. - Prevent data exfiltration and unauthorised external communication. - Enforce communication policies without disrupting operational processes. These measures should be part of a layered defence strategy that supports secure and reliable operations across both IT and OT domains. - Logging and Monitoring Detailed logging and continuous monitoring should be enabled to track access, detect anomalies, and support incident response. Logs should be regularly reviewed for signs of compromise. - Firewall Configuration Firewalls should be configured to allow only explicitly authorised traffic to and from proxy servers. A “deny by default” policy should be enforced. - Regular Updates and Patching Proxy servers, firewalls, and their underlying systems should be regularly updated and patched to address known vulnerabilities and maintain security effectiveness. - Performance and Reliability Load balancing should be used to distribute traffic across multiple proxy servers or firewalls, ensuring high availability and optimal performance. Resource usage should be monitored to prevent overload and degradation. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to reduce the risk of cyber threats entering critical systems, by filtering and inspecting outbound and inbound communications through authenticated proxies or firewalls. To achieve this goal, the following should be considered:</p><ul><li>Access Controls Proxy servers and firewalls should enforce strict access controls, allowing only authorised users and systems. Strong authentication methods, such as multi-factor authentication (MFA), should be used to support zero- trust principles.</li><li>Encryption Communications between clients and proxyservers should be encrypted using the most current and secure versions of SSL/TLS to protect against eavesdropping and man-in-the-middle attacks.</li><li>Threat Intelligence and URL Filtering<ul><li>To effectively monitor and control communications across IT and OT environments, proxy servers and firewalls should:<ul><li>Integrate threat intelligence feeds to detect and block known malicious domains, IPaddresses, and URLs.</li><li>Apply URL filtering to prevent access to harmful or unauthorised web content.</li></ul></li><li>In OT environments, where systems often lack built-in security features, intelligent filtering at network boundaries should be used to:<ul><li>Detect and block malicious traffic before it reaches critical systems.</li><li>Prevent data exfiltration and unauthorised external communication.</li><li>Enforce communication policies without disrupting operational processes. These measures should be part of a layered defence strategy that supports secure and reliable operations across both IT and OT domains.</li></ul></li></ul></li><li>Logging and Monitoring Detailed logging and continuous monitoring should be enabled to track access, detect anomalies, and support incident response. Logs should be regularly reviewed for signs of compromise.</li><li>Firewall Configuration Firewalls should be configured to allow only explicitly authorised traffic to and from proxy servers. A “deny by default” policy should be enforced.</li><li>Regular Updates and Patching Proxy servers, firewalls, and their underlying systems should be regularly updated and patched to address known vulnerabilities and maintain security effectiveness.</li><li>Performance and Reliability Load balancing should be used to distribute traffic across multiple proxy servers or firewalls, ensuring high availability and optimal performance. Resource usage should be monitored to prevent overload and degradation.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to reduce the risk of cyber threats entering critical systems, by filtering and inspecting outbound and inbound communications through authenticated proxies or firewalls. To achieve this goal, the following should be considered: • Access Controls Proxy servers and firewalls should enforce strict access controls, allowing only authorised users and systems. Strong authentication methods, such as multi-factor authentication (MFA), should be used to support zero- trust principles. • Encryption Communications between clients and proxyservers should be encrypted using the most current and secure versions of SSL/TLS to protect against eavesdropping and man-in-the-middle attacks. • Threat Intelligence and URL Filtering o To effectively monitor and control communications across IT and OT environments, proxy servers and firewalls should: - Integrate threat intelligence feeds to detect and block known malicious domains, IPaddresses, and URLs. - Apply URL filtering to prevent access to harmful or unauthorised web content. o In OT environments, where systems often lack built-in security features, intelligent filtering at network boundaries should be used to: - Detect and block malicious traffic before it reaches critical systems. - Prevent data exfiltration and unauthorised external communication. - Enforce communication policies without disrupting operational processes. These measures should be part of a layered defence strategy that supports secure and reliable operations across both IT and OT domains. • Logging and Monitoring Detailed logging and continuous monitoring should be enabled to track access, detect anomalies, and support incident response. Logs should be regularly reviewed for signs of compromise. • Firewall Configuration Firewalls should be configured to allow only explicitly authorised traffic to and from proxy servers. A “deny by default” policy should be enforced. • Regular Updates and Patching Proxy servers, firewalls, and their underlying systems should be regularly updated and patched to address known vulnerabilities and maintain security effectiveness. • Performance and Reliability Load balancing should be used to distribute traffic across multiple proxy servers or firewalls, ensuring high availability and optimal performance. Resource usage should be monitored to prevent overload and degradation. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.IR-01.5 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Authenticated proxy and URL filtering |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall implement, where feasible, authenticated proxy servers or fire- walls with URL filtering and threat intelligence capabilities for defined communications traffic between its critical systems and external networks. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1