- 掃描 ID:
- b5b68e19-5b38-46f5-8839-f119d321ce6b已完成
- 已提交的 URL:
- https://csafportal.com/
- 報告完成時間:
連結 · 找到 0 個
從頁面中識別的傳出連結
JavaScript 變數 · 找到 11 個
在頁面的視窗物件上載入的全域 JavaScript 變數是在函數外部宣告的變數,可從目前範圍內程式碼中的任何位置存取
| 名稱 | 類型 |
|---|---|
| onbeforetoggle | object |
| documentPictureInPicture | object |
| onscrollend | object |
| _loggedIn | boolean |
| _userId | undefined |
| _roles | object |
| _personas | object |
| litPropertyMetadata | object |
| reactiveElementVersions | object |
| litHtmlVersions | object |
主控台記錄訊息 · 找到 0 條
記錄到 Web 主控台的訊息
HTML
頁面的原始 HTML 主體
<!DOCTYPE html><html lang="en"><head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>CSAF Portal: Home</title>
<link rel="stylesheet" href="/static/reset.css">
<link rel="stylesheet" href="/static/mod.css">
<link rel="stylesheet" href="/static/gds.css">
<link rel="stylesheet" href="/static/main.css">
<script type="module" src="/static/elements/loader.js?v=uafk9c"></script>
<script nonce="">
window.onload = () => {
document.body.style.visibility = "visible";
};
</script>
<link rel="icon" type="image/svg+xml" href="/static/icons/default.svg">
<link rel="icon" type="image/png" href="/static/icons/favicon_512.png">
<!-- Apple Touch Icon -->
<link rel="apple-touch-icon" sizes="180x180" href="/static/icons/favicon_180.png">
<!-- Android Chrome Icons -->
<link rel="icon" sizes="192x192" href="/static/icons/favicon_192.png">
<link rel="icon" sizes="512x512" href="/static/icons/favicon_512.png">
<!-- Microsoft Tiles -->
<meta name="msapplication-TileColor" content="#0F2441">
<meta name="msapplication-TileImage" content="/static/icons/favicon_144.png">
<!-- Safari Pinned Tab -->
<link rel="mask-icon" href="/static/icons/no_bg.svg" color="#fff">
</head>
<body style="visibility: visible;">
<script nonce="">
window._loggedIn = (false);
window._userId = (undefined);
window._roles = ({});
window._personas = ([{"name":"Everyone","id":"everyone","active":true,"colour":"dark-purple"},{"name":"Assessor","id":"6677e57f071f8849235415f9","active":false,"colour":"muted-pink"},{"name":"Security Lead","id":"6677e57f071f8849235415fa","active":false,"colour":"muted-blue"},{"name":"Delivery Team","id":"6677e57f071f8849235415fb","active":false,"colour":"muted-orange"},{"name":"Programme Lead","id":"6677e57f071f8849235415fc","active":false,"colour":"muted-green"},{"name":"Senior Responsible Officer (SRO)","id":"6677e57f071f8849235415fd","active":false,"colour":"muted-purple"}]);
</script>
<gds-skip-link></gds-skip-link>
<gds-page>
<header>
<gds-header role="banner"></gds-header>
</header>
<main id="main-content">
<gds-grid><gds-heading role="heading" aria-level="1" level="1" _size="xl"> Cyber Security Architecture Framework </gds-heading>
<gds-para type="lead" role="paragraph">
The Cyber Security Architecture Framework (CSAF) acts as a unifying
structure for Cyber Defence and Risk's (CyDR) Guidance and
Enterprise Architecture, bringing together and increasing
accessibility to the resources projects should use to build “Secure
by Design” services and capability. This helps ensure they are
resilient, conform to future technology roadmaps and are
interoperable with systems across Defence.
</gds-para>
<gds-para role="paragraph" type="default">
Used with the Common Technology Architecture (see the
<gds-link target="blank" href="https://dda.r.mil.uk/index.php/Technical_architecture" role="link" tabindex="0">Technical Architecture Wiki</gds-link>), it enables the creation of a Secure Digital Backbone for Defence
and provides good practice to Architects creating solutions.
</gds-para>
<gds-heading level="2" role="heading" aria-level="2" _size="l">Who governs the CSAF?</gds-heading>
<gds-para role="paragraph" type="default">
The CSAF is governed by the Cyber Security Design Authority (CSDA),
the Architectural Reference Authority responsible for publishing
security architecture designs, patterns and guidance. Full details
of the CSDA can be found on their Defence Digital homepage:
<gds-link target="blank" href="https://modgovuk.sharepoint.com/sites/IntranetDefenceDigital/SitePages/csda.aspx?e=4%3a1c3f2ef17daa4d8fb257ec42f1c2be84&web=1&at=9&cid=44c91761-5608-4275-88ae-1d7de45e32cb" role="link" tabindex="0">Cyber Security Design Authority (CSDA) (sharepoint.com)</gds-link>
</gds-para>
<gds-heading level="2" role="heading" aria-level="2" _size="l">CSAF and Secure by Design</gds-heading>
<gds-para role="paragraph" type="default">
The CSAF is fully integrated into the Secure by Design (SbD)
process, so projects can find everything in one place for all their
SbD requirements. SbD helps projects know what they need to do to be
secure and resilient and the CSAF support them in how they should do
it, reducing the need to search for additional guidance elsewhere.
</gds-para>
<gds-heading level="2" role="heading" aria-level="2" _size="l">How is the CSAF structured?</gds-heading>
<gds-para role="paragraph" type="default">
The CSAF contains a range of guidance and enterprise architecture
products that can be used in different roles and contexts. These go
from high level guides providing a broad overview of a topic, to
increasingly more granular and technical guidance for solution
architects.
</gds-para>
<gds-para role="paragraph" type="default">
The CSAF organises these products into a series of themed toolboxes
for building Secure by Design capability. Projects can take the
framework and, using their requirements, choose the appropriate
security guidance from it to inform the design and implementation of
their solution.
</gds-para>
<gds-para role="paragraph" type="default">
Some of this guidance is mandatory. This includes guidance products
on how to conform to JSP 604 and 440 Policy directives and Cyber
Security Architecture that interfaces with the pan-defence Common
Technology Architecture. Other guidance is discretionary depending
on requirements, operating environment and organisational context.
</gds-para>
<gds-heading level="2" role="heading" aria-level="2" _size="l">Who are CSAF Toolboxes designed for?</gds-heading>
<gds-para role="paragraph" type="default">
The toolboxes are designed for anybody involved in a project or
programme with a digital component. They are intended to meet the
needs of multiple Secure by Design personas: Senior Responsible
Owners (SRO), Project Security Leads, Programme Leaders, Delivery
teams and Assessors. We have tried to tailor the experience of the
toolboxes around each of these personas, with users being directed
to the most appropriate content:
</gds-para>
<gds-grid grid-gap="5" max-cols="5" min-cols="5">
<gds-tag dark-blue="" dark="" span-1="" value="Strategies" aria-hidden="true" role="note" aria-label="Strategies"></gds-tag>
<gds-tag dark-green="" dark="" span-1="" value="Policies" aria-hidden="true" role="note" aria-label="Policies"></gds-tag>
<gds-tag dark-pink="" dark="" span-1="" value="Architectural Patterns" aria-hidden="true" role="note" aria-label="Architectural Patterns"></gds-tag>
<gds-tag dark-orange="" dark="" span-1="" value="Standards" aria-hidden="true" role="note" aria-label="Standards"></gds-tag>
<gds-tag dark-yellow="" dark="" span-1="" value="Tools" aria-hidden="true" role="note" aria-label="Tools"></gds-tag>
<gds-tag muted-purple="" span-2="" value="Senior Responsible Officer (SRO)" full-label="Senior Responsible Officer (SRO): We expect SROs to be most interested in Strategies and Policies." role="note" aria-label="Senior Responsible Officer (SRO): We expect SROs to be most interested in Strategies and Policies."></gds-tag>
<div span-3=""></div>
<gds-tag muted-pink="" span-2="" value="Security Lead" full-label="Security Lead: We expect Security Leads to be most interested in Strategies and Policies." role="note" aria-label="Security Lead: We expect Security Leads to be most interested in Strategies and Policies."></gds-tag>
<div span-3=""></div>
<div span-1=""></div>
<gds-tag muted-green="" span-4="" value="Programme Lead" full-label="Programme Lead: We expect Programme Leads to be most interested in Policies, Architectural Patterns, Standards and Tools." role="note" aria-label="Programme Lead: We expect Programme Leads to be most interested in Policies, Architectural Patterns, Standards and Tools."></gds-tag>
<div span-2=""></div>
<gds-tag muted-orange="" span-3="" value="Delivery Team" full-label="Delivery Team: We expect Delivery Teams to be most interested in Architectural Patterns, Standards and Tools." role="note" aria-label="Delivery Team: We expect Delivery Teams to be most interested in Architectural Patterns, Standards and Tools."></gds-tag>
<gds-tag muted-pink="" span-3="" value="Assessor (inc TDA)" full-label="Assessor (inc TDA): We expect Assessors to be most interested in Strategies, Policies and Architectural Patterns." role="note" aria-label="Assessor (inc TDA): We expect Assessors to be most interested in Strategies, Policies and Architectural Patterns."></gds-tag>
<div span-2=""></div>
</gds-grid>
<gds-heading level="2" role="heading" aria-level="2" _size="l">Why should projects use the CSAF?</gds-heading>
<gds-para role="paragraph" type="default">
Current guidance within the MoD is not centralised and is often
buried within policies or hidden within projects or services. This
has lead to non-standard approaches by project which weakens
security in Defence as a whole.
</gds-para>
<gds-para role="paragraph" type="default">
The framework collates and organises in one place, all the CyDR
Guidance, Standards and Architecture projects should be
implementing. This supports projects in developing or procuring a
better more resilient solution, without needing to invest the same
time and resources into finding and integrating these various
sources of Cyber Security good practise from across Defence and
Industry.
</gds-para>
<gds-para role="paragraph" type="default">
The CSAF provides projects with the guardrails to create Secure by
Design services and capability, baking security in from the outset.
Picking the appropriate Tools and following the guidance supports
projects in avoiding known vulnerabilities and managing their risk.
</gds-para>
<gds-para role="paragraph" type="default">
The framework empowers projects to make good, informed security
design decisions when building services and capabilities. Projects
can make these decisions with better knowledge of their options and
can manage any risks that come out of their choice. All guidance is
informed by cyber security standards and best practise such as NIST
CSF and ISO 27001. Following the guidance allows projects to
confidently engage with their Technical Design Authority, and with
SbD Second line assessment.
</gds-para>
<gds-para role="paragraph" type="default">
All guidance is aligned to Defence Strategy and significant
architectural approaches like Zero Trust and Data Centric Security.
This ensures alignment by default, future proofing services and
capability in line with Technology Roadmaps and reduces the burden
of seeking out and implementing these initiatives. Guidance is also
aligned with JSP 604 and 440 directives, so projects can build
solutions knowing when they use the guidance they are compliant with
policy. Guidance will be mapped to these directives to make it
easier for projects to achieve and demonstrate compliance and to
understand the drivers behind documentation.
</gds-para>
<gds-grid grid-gap="15" max-cols="1" min-cols="1">
<gds-tag dark-purple="" caption="Cyber Resilience Strategy for Defence" value="Defence Strategy" role="note" aria-label="Defence Strategy - Cyber Resilience Strategy for Defence"></gds-tag>
<gds-tag dark-blue="" caption="JSP 604 and 440" value="Defence Policy" role="note" aria-label="Defence Policy - JSP 604 and 440"></gds-tag>
<gds-tag dark-green="" caption="Defence Cyber Security Model" value="Enterprise Architecture" role="note" aria-label="Enterprise Architecture - Defence Cyber Security Model"></gds-tag>
<gds-tag muted-green="" caption="Zero Trust & Data Centric Security/NIST, ISO & NCSC" value="Architectural Approaches and Standards" role="note" aria-label="Architectural Approaches and Standards - Zero Trust & Data Centric Security/NIST, ISO & NCSC"></gds-tag>
<gds-tag dark-yellow="" bold="" value="Security Principles and Patterns" role="note" aria-label="Security Principles and Patterns"></gds-tag>
<gds-tag bold="" bright-orange="" value="Toolboxes" role="note" aria-label="Toolboxes"></gds-tag>
</gds-grid>
<gds-para role="paragraph" type="default">
All the guidance, principles and patterns are organised into the
CSAF Toolboxes, represented in the diagram above, which pulls the
material together and makes it accessible to users. The Toolboxes
provide easy to consume, plug and play tools for users designing and
implementing solutions, who can pick and choose the relevant
guidance to their project based on their requirements.
</gds-para>
<gds-heading level="2" role="heading" aria-level="2" _size="l">What if I can't find the guidance I need?</gds-heading>
<gds-para role="paragraph" type="default">
The CSAF is still maturing and there will be gaps, either because
planned guidance hasn't been created yet or due to unanticipated use
cases. All attempts to access guidance where we only have "stub"
articles is recorded, to help us prioritise work where there is the
greatest need.
</gds-para>
<gds-para role="paragraph" type="default">
If new guidance is required urgently, projects can request guidance
products and advice from the Cyber Security Design Authority. All
the details for how to contact the team can be found on the CSDA
homepage:
<gds-link target="blank" href="https://modgovuk.sharepoint.com/sites/IntranetDefenceDigital/SitePages/csda.aspx?e=4%3a1c3f2ef17daa4d8fb257ec42f1c2be84&web=1&at=9&cid=44c91761-5608-4275-88ae-1d7de45e32cb" role="link" tabindex="0">Cyber Security Design Authority (CSDA) (sharepoint.com)</gds-link>
</gds-para></gds-grid>
</main>
<footer>
<gds-footer version="4.12.1" role="contentinfo"></gds-footer>
</footer>
</gds-page>
</body></html>