https://csafportal.com/

URL inviato:
https://csafportal.com/
Report terminato:

Variabili JavaScript · 11 trovate

NomeTipo
onbeforetoggleobject
documentPictureInPictureobject
onscrollendobject
_loggedInboolean
_userIdundefined
_rolesobject
_personasobject
litPropertyMetadataobject
reactiveElementVersionsobject
litHtmlVersionsobject

Messaggi di log della console · 0 trovati

HTML

<!DOCTYPE html><html lang="en"><head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>CSAF Portal: Home</title>
    <link rel="stylesheet" href="/static/reset.css">
    <link rel="stylesheet" href="/static/mod.css">
    <link rel="stylesheet" href="/static/gds.css">
    <link rel="stylesheet" href="/static/main.css">
    <script type="module" src="/static/elements/loader.js?v=uafk9c"></script>
  <script nonce="">
    window.onload = () => {
      document.body.style.visibility = "visible";
    };
  </script>

    <link rel="icon" type="image/svg+xml" href="/static/icons/default.svg">
    <link rel="icon" type="image/png" href="/static/icons/favicon_512.png">

    <!-- Apple Touch Icon -->
    <link rel="apple-touch-icon" sizes="180x180" href="/static/icons/favicon_180.png">

    <!-- Android Chrome Icons -->
    <link rel="icon" sizes="192x192" href="/static/icons/favicon_192.png">
    <link rel="icon" sizes="512x512" href="/static/icons/favicon_512.png">
    <!-- Microsoft Tiles -->
    <meta name="msapplication-TileColor" content="#0F2441">
    <meta name="msapplication-TileImage" content="/static/icons/favicon_144.png">
    <!-- Safari Pinned Tab -->
    <link rel="mask-icon" href="/static/icons/no_bg.svg" color="#fff">
  </head>
      <body style="visibility: visible;">
        <script nonce="">
          window._loggedIn = (false);
          window._userId = (undefined);
          window._roles = ({});
          window._personas = ([{"name":"Everyone","id":"everyone","active":true,"colour":"dark-purple"},{"name":"Assessor","id":"6677e57f071f8849235415f9","active":false,"colour":"muted-pink"},{"name":"Security Lead","id":"6677e57f071f8849235415fa","active":false,"colour":"muted-blue"},{"name":"Delivery Team","id":"6677e57f071f8849235415fb","active":false,"colour":"muted-orange"},{"name":"Programme Lead","id":"6677e57f071f8849235415fc","active":false,"colour":"muted-green"},{"name":"Senior Responsible Officer (SRO)","id":"6677e57f071f8849235415fd","active":false,"colour":"muted-purple"}]);
        </script>
        <gds-skip-link></gds-skip-link>
        <gds-page>
          <header>
            <gds-header role="banner"></gds-header>
          </header>
          <main id="main-content">
            <gds-grid><gds-heading role="heading" aria-level="1" level="1" _size="xl"> Cyber Security Architecture Framework </gds-heading>
      <gds-para type="lead" role="paragraph">
        The Cyber Security Architecture Framework (CSAF) acts as a unifying
        structure for Cyber Defence and Risk's (CyDR) Guidance and
        Enterprise Architecture, bringing together and increasing
        accessibility to the resources projects should use to build “Secure
        by Design” services and capability. This helps ensure they are
        resilient, conform to future technology roadmaps and are
        interoperable with systems across Defence.
      </gds-para>
      <gds-para role="paragraph" type="default">
        Used with the Common Technology Architecture (see the
        <gds-link target="blank" href="https://dda.r.mil.uk/index.php/Technical_architecture" role="link" tabindex="0">Technical Architecture Wiki</gds-link>), it enables the creation of a Secure Digital Backbone for Defence
        and provides good practice to Architects creating solutions.
      </gds-para>
      <gds-heading level="2" role="heading" aria-level="2" _size="l">Who governs the CSAF?</gds-heading>
      <gds-para role="paragraph" type="default">
        The CSAF is governed by the Cyber Security Design Authority (CSDA),
        the Architectural Reference Authority responsible for publishing
        security architecture designs, patterns and guidance. Full details
        of the CSDA can be found on their Defence Digital homepage:
        <gds-link target="blank" href="https://modgovuk.sharepoint.com/sites/IntranetDefenceDigital/SitePages/csda.aspx?e=4%3a1c3f2ef17daa4d8fb257ec42f1c2be84&amp;web=1&amp;at=9&amp;cid=44c91761-5608-4275-88ae-1d7de45e32cb" role="link" tabindex="0">Cyber Security Design Authority (CSDA) (sharepoint.com)</gds-link>
      </gds-para>
      <gds-heading level="2" role="heading" aria-level="2" _size="l">CSAF and Secure by Design</gds-heading>
      <gds-para role="paragraph" type="default">
        The CSAF is fully integrated into the Secure by Design (SbD)
        process, so projects can find everything in one place for all their
        SbD requirements. SbD helps projects know what they need to do to be
        secure and resilient and the CSAF support them in how they should do
        it, reducing the need to search for additional guidance elsewhere.
      </gds-para>
      <gds-heading level="2" role="heading" aria-level="2" _size="l">How is the CSAF structured?</gds-heading>
      <gds-para role="paragraph" type="default">
        The CSAF contains a range of guidance and enterprise architecture
        products that can be used in different roles and contexts. These go
        from high level guides providing a broad overview of a topic, to
        increasingly more granular and technical guidance for solution
        architects.
      </gds-para>
      <gds-para role="paragraph" type="default">
        The CSAF organises these products into a series of themed toolboxes
        for building Secure by Design capability. Projects can take the
        framework and, using their requirements, choose the appropriate
        security guidance from it to inform the design and implementation of
        their solution.
      </gds-para>
      <gds-para role="paragraph" type="default">
        Some of this guidance is mandatory. This includes guidance products
        on how to conform to JSP 604 and 440 Policy directives and Cyber
        Security Architecture that interfaces with the pan-defence Common
        Technology Architecture. Other guidance is discretionary depending
        on requirements, operating environment and organisational context.
      </gds-para>
      <gds-heading level="2" role="heading" aria-level="2" _size="l">Who are CSAF Toolboxes designed for?</gds-heading>
      <gds-para role="paragraph" type="default">
        The toolboxes are designed for anybody involved in a project or
        programme with a digital component. They are intended to meet the
        needs of multiple Secure by Design personas: Senior Responsible
        Owners (SRO), Project Security Leads, Programme Leaders, Delivery
        teams and Assessors. We have tried to tailor the experience of the
        toolboxes around each of these personas, with users being directed
        to the most appropriate content:
      </gds-para>
      <gds-grid grid-gap="5" max-cols="5" min-cols="5">
            <gds-tag dark-blue="" dark="" span-1="" value="Strategies" aria-hidden="true" role="note" aria-label="Strategies"></gds-tag>
            <gds-tag dark-green="" dark="" span-1="" value="Policies" aria-hidden="true" role="note" aria-label="Policies"></gds-tag>
            <gds-tag dark-pink="" dark="" span-1="" value="Architectural Patterns" aria-hidden="true" role="note" aria-label="Architectural Patterns"></gds-tag>
            <gds-tag dark-orange="" dark="" span-1="" value="Standards" aria-hidden="true" role="note" aria-label="Standards"></gds-tag>
            <gds-tag dark-yellow="" dark="" span-1="" value="Tools" aria-hidden="true" role="note" aria-label="Tools"></gds-tag>

          <gds-tag muted-purple="" span-2="" value="Senior Responsible Officer (SRO)" full-label="Senior Responsible Officer (SRO): We expect SROs to be most interested in Strategies and Policies." role="note" aria-label="Senior Responsible Officer (SRO): We expect SROs to be most interested in Strategies and Policies."></gds-tag>
          <div span-3=""></div>

          <gds-tag muted-pink="" span-2="" value="Security Lead" full-label="Security Lead: We expect Security Leads to be most interested in Strategies and Policies." role="note" aria-label="Security Lead: We expect Security Leads to be most interested in Strategies and Policies."></gds-tag>
          <div span-3=""></div>

          <div span-1=""></div>
          <gds-tag muted-green="" span-4="" value="Programme Lead" full-label="Programme Lead: We expect Programme Leads to be most interested in Policies, Architectural Patterns, Standards and Tools." role="note" aria-label="Programme Lead: We expect Programme Leads to be most interested in Policies, Architectural Patterns, Standards and Tools."></gds-tag>

          <div span-2=""></div>
          <gds-tag muted-orange="" span-3="" value="Delivery Team" full-label="Delivery Team: We expect Delivery Teams to be most interested in Architectural Patterns, Standards and Tools." role="note" aria-label="Delivery Team: We expect Delivery Teams to be most interested in Architectural Patterns, Standards and Tools."></gds-tag>
                    
          <gds-tag muted-pink="" span-3="" value="Assessor (inc TDA)" full-label="Assessor (inc TDA): We expect Assessors to be most interested in Strategies, Policies and Architectural Patterns." role="note" aria-label="Assessor (inc TDA): We expect Assessors to be most interested in Strategies, Policies and Architectural Patterns."></gds-tag>
          <div span-2=""></div>
          
      </gds-grid>
      <gds-heading level="2" role="heading" aria-level="2" _size="l">Why should projects use the CSAF?</gds-heading>
      <gds-para role="paragraph" type="default">
        Current guidance within the MoD is not centralised and is often
        buried within policies or hidden within projects or services. This
        has lead to non-standard approaches by project which weakens
        security in Defence as a whole.
      </gds-para>
      <gds-para role="paragraph" type="default">
        The framework collates and organises in one place, all the CyDR
        Guidance, Standards and Architecture projects should be
        implementing. This supports projects in developing or procuring a
        better more resilient solution, without needing to invest the same
        time and resources into finding and integrating these various
        sources of Cyber Security good practise from across Defence and
        Industry.
      </gds-para>
      <gds-para role="paragraph" type="default">
        The CSAF provides projects with the guardrails to create Secure by
        Design services and capability, baking security in from the outset.
        Picking the appropriate Tools and following the guidance supports
        projects in avoiding known vulnerabilities and managing their risk.
      </gds-para>
      <gds-para role="paragraph" type="default">
        The framework empowers projects to make good, informed security
        design decisions when building services and capabilities. Projects
        can make these decisions with better knowledge of their options and
        can manage any risks that come out of their choice. All guidance is
        informed by cyber security standards and best practise such as NIST
        CSF and ISO 27001. Following the guidance allows projects to
        confidently engage with their Technical Design Authority, and with
        SbD Second line assessment.
      </gds-para>
      <gds-para role="paragraph" type="default">
        All guidance is aligned to Defence Strategy and significant
        architectural approaches like Zero Trust and Data Centric Security.
        This ensures alignment by default, future proofing services and
        capability in line with Technology Roadmaps and reduces the burden
        of seeking out and implementing these initiatives. Guidance is also
        aligned with JSP 604 and 440 directives, so projects can build
        solutions knowing when they use the guidance they are compliant with
        policy. Guidance will be mapped to these directives to make it
        easier for projects to achieve and demonstrate compliance and to
        understand the drivers behind documentation.
      </gds-para>
      <gds-grid grid-gap="15" max-cols="1" min-cols="1">
        <gds-tag dark-purple="" caption="Cyber Resilience Strategy for Defence" value="Defence Strategy" role="note" aria-label="Defence Strategy - Cyber Resilience Strategy for Defence"></gds-tag>
        <gds-tag dark-blue="" caption="JSP 604 and 440" value="Defence Policy" role="note" aria-label="Defence Policy - JSP 604 and 440"></gds-tag>
        <gds-tag dark-green="" caption="Defence Cyber Security Model" value="Enterprise Architecture" role="note" aria-label="Enterprise Architecture - Defence Cyber Security Model"></gds-tag>
        <gds-tag muted-green="" caption="Zero Trust &amp; Data Centric Security/NIST, ISO &amp; NCSC" value="Architectural Approaches and Standards" role="note" aria-label="Architectural Approaches and Standards - Zero Trust &amp; Data Centric Security/NIST, ISO &amp; NCSC"></gds-tag>
        <gds-tag dark-yellow="" bold="" value="Security Principles and Patterns" role="note" aria-label="Security Principles and Patterns"></gds-tag>
        <gds-tag bold="" bright-orange="" value="Toolboxes" role="note" aria-label="Toolboxes"></gds-tag>
      </gds-grid>
      <gds-para role="paragraph" type="default">
        All the guidance, principles and patterns are organised into the
        CSAF Toolboxes, represented in the diagram above, which pulls the
        material together and makes it accessible to users. The Toolboxes
        provide easy to consume, plug and play tools for users designing and
        implementing solutions, who can pick and choose the relevant
        guidance to their project based on their requirements.
      </gds-para>
      <gds-heading level="2" role="heading" aria-level="2" _size="l">What if I can't find the guidance I need?</gds-heading>
      <gds-para role="paragraph" type="default">
        The CSAF is still maturing and there will be gaps, either because
        planned guidance hasn't been created yet or due to unanticipated use
        cases. All attempts to access guidance where we only have "stub"
        articles is recorded, to help us prioritise work where there is the
        greatest need.
      </gds-para>
      <gds-para role="paragraph" type="default">
        If new guidance is required urgently, projects can request guidance
        products and advice from the Cyber Security Design Authority. All
        the details for how to contact the team can be found on the CSDA
        homepage:
        <gds-link target="blank" href="https://modgovuk.sharepoint.com/sites/IntranetDefenceDigital/SitePages/csda.aspx?e=4%3a1c3f2ef17daa4d8fb257ec42f1c2be84&amp;web=1&amp;at=9&amp;cid=44c91761-5608-4275-88ae-1d7de45e32cb" role="link" tabindex="0">Cyber Security Design Authority (CSDA) (sharepoint.com)</gds-link>
      </gds-para></gds-grid>
          </main>
          <footer>
            <gds-footer version="4.12.1" role="contentinfo"></gds-footer>
          </footer>
        </gds-page>
      
    </body></html>