ANSSI Hygiene Guide, RGS & SecNumCloud
French national cybersecurity guidelines from the Agence nationale de la securite des systemes d'information. Includes the 42-measure Hygiene Guide (cyber hygiene essentials), Referentiel General de Securite (government IS security framework), and SecNumCloud 3.2 (cloud security qualification for trusted cloud providers).
Controls: 222
Total Mappings: 616
Publisher: ANSSI (Agence nationale de la securite des systemes d'information) Version: 2022 AC (20) AT (6) AU (12) CA (8) CM (11) CP (10) IA (7) IR (8) MA (7) MP (7) PE (22) PL (9) PM (1) PS (9) PT (8) RA (7) SA (14) SC (28) SI (16) SR (12)
AC Access Control
| Control | Name | ANSSI References |
|---|---|---|
| AC-01 | Access Control Policies and Procedures | Hygiene.10Hygiene.14Hygiene.2RGS.1.3SecNumCloud.10.1SecNumCloud.6.1 |
| AC-02 | Account Management | Hygiene.11Hygiene.13Hygiene.32Hygiene.6Hygiene.7SecNumCloud.10.2 |
| AC-03 | Access Enforcement | Hygiene.14Hygiene.15Hygiene.17SecNumCloud.10.3 |
| AC-04 | Information Flow Enforcement | Hygiene.23Hygiene.27SecNumCloud.14.1 |
| AC-05 | Separation Of Duties | Hygiene.15Hygiene.17SecNumCloud.10.4 |
| AC-06 | Least Privilege | Hygiene.14Hygiene.15Hygiene.16Hygiene.17SecNumCloud.10.3SecNumCloud.10.4 |
| AC-07 | Unsuccessful Login Attempts | Hygiene.10Hygiene.12SecNumCloud.10.5 |
| AC-08 | System Use Notification | SecNumCloud.10.1 |
| AC-09 | Previous Logon Notification | Hygiene.29SecNumCloud.13.7 |
| AC-10 | Concurrent Session Control | Hygiene.12SecNumCloud.10.5 |
| AC-11 | Session Lock | SecNumCloud.10.6 |
| AC-12 | Session Termination | Hygiene.12SecNumCloud.10.6 |
| AC-13 | Supervision And Review -- Access Control | Hygiene.31Hygiene.6SecNumCloud.10.2 |
| AC-14 | Permitted Actions Without Identification Or Authentication | Hygiene.11SecNumCloud.10.1 |
| AC-15 | Automated Marking | Hygiene.8 |
| AC-16 | Automated Labeling | Hygiene.8 |
| AC-17 | Remote Access | Hygiene.24Hygiene.28SecNumCloud.10.7SecNumCloud.14.2 |
| AC-18 | Wireless Access Restrictions | Hygiene.25Hygiene.26SecNumCloud.14.3 |
| AC-19 | Access Control For Portable And Mobile Devices | Hygiene.19SecNumCloud.10.6 |
| AC-20 | Use Of External Information Systems | Hygiene.22Hygiene.9SecNumCloud.16.1 |
AT Awareness and Training
| Control | Name | ANSSI References |
|---|---|---|
| AT-01 | Security Awareness And Training Policy And Procedures | Hygiene.1Hygiene.2RGS.1.2SecNumCloud.6.1 |
| AT-02 | Security Awareness | Hygiene.1Hygiene.3SecNumCloud.8.3 |
| AT-03 | Security Training | Hygiene.4SecNumCloud.8.3 |
| AT-04 | Security Training Records | Hygiene.3Hygiene.4SecNumCloud.8.3 |
| AT-05 | Contacts With Security Groups And Associations | Hygiene.1Hygiene.4 |
| AT-06 | Training Feedback | Hygiene.1RGS.1.2SecNumCloud.8.3 |
AU Audit and Accountability
| Control | Name | ANSSI References |
|---|---|---|
| AU-01 | Audit And Accountability Policy And Procedures | Hygiene.2Hygiene.29RGS.1.3SecNumCloud.13.7SecNumCloud.6.1 |
| AU-02 | Auditable Events | Hygiene.29SecNumCloud.13.7 |
| AU-03 | Content Of Audit Records | Hygiene.29SecNumCloud.13.7 |
| AU-04 | Audit Storage Capacity | Hygiene.29SecNumCloud.13.7 |
| AU-05 | Response To Audit Processing Failures | Hygiene.29SecNumCloud.13.7 |
| AU-06 | Audit Monitoring, Analysis, And Reporting | Hygiene.29Hygiene.39SecNumCloud.13.7SecNumCloud.17.1 |
| AU-07 | Audit Reduction And Report Generation | Hygiene.29SecNumCloud.13.7 |
| AU-08 | Time Stamps | Hygiene.29SecNumCloud.13.7 |
| AU-09 | Protection Of Audit Information | Hygiene.29SecNumCloud.13.7 |
| AU-10 | Non-Repudiation | Hygiene.29RGS.2.1SecNumCloud.13.7 |
| AU-11 | Audit Record Retention | Hygiene.29SecNumCloud.13.7 |
| AU-12 | Audit Record Generation | Hygiene.29SecNumCloud.13.7 |
CA Security Assessment and Authorization
| Control | Name | ANSSI References |
|---|---|---|
| CA-01 | Certification, Accreditation, And Security Assessment Policies And Procedures | Hygiene.2Hygiene.36RGS.1.3SecNumCloud.19.1SecNumCloud.6.1 |
| CA-02 | Security Assessments | Hygiene.3Hygiene.31Hygiene.41RGS.4.1SecNumCloud.19.2 |
| CA-03 | Information System Connections | Hygiene.26Hygiene.9SecNumCloud.14.1 |
| CA-04 | Security Certification | Hygiene.31RGS.4.1SecNumCloud.19.2 |
| CA-05 | Plan Of Action And Milestones | Hygiene.36SecNumCloud.19.1 |
| CA-06 | Security Accreditation | Hygiene.36Hygiene.41RGS.4.1SecNumCloud.19.2 |
| CA-07 | Continuous Monitoring | Hygiene.29Hygiene.3Hygiene.31Hygiene.39SecNumCloud.13.7SecNumCloud.19.2 |
| CA-09 | Internal System Connections | Hygiene.26Hygiene.3Hygiene.9 |
CM Configuration Management
| Control | Name | ANSSI References |
|---|---|---|
| CM-01 | Configuration Management Policy And Procedures | Hygiene.2Hygiene.5SecNumCloud.13.1SecNumCloud.6.1 |
| CM-02 | Baseline Configuration | Hygiene.18Hygiene.5SecNumCloud.13.1 |
| CM-03 | Configuration Change Control | Hygiene.34Hygiene.36SecNumCloud.13.2 |
| CM-04 | Monitoring Configuration Changes | Hygiene.34SecNumCloud.13.2 |
| CM-05 | Access Restrictions For Change | Hygiene.15Hygiene.16Hygiene.17Hygiene.34SecNumCloud.13.2 |
| CM-06 | Configuration Settings | Hygiene.18Hygiene.20SecNumCloud.13.1 |
| CM-07 | Least Functionality | Hygiene.18Hygiene.20SecNumCloud.13.1 |
| CM-08 | Information System Component Inventory | Hygiene.5Hygiene.8SecNumCloud.9.1 |
| CM-12 | Information Location | Hygiene.5SecNumCloud.9.1 |
| CM-13 | Data Action Mapping | Hygiene.8 |
| CM-14 | Signed Components | Hygiene.18Hygiene.20Hygiene.33Hygiene.34SecNumCloud.13.1SecNumCloud.13.2SecNumCloud.15.4 |
CP Contingency Planning
| Control | Name | ANSSI References |
|---|---|---|
| CP-01 | Contingency Planning Policy And Procedures | Hygiene.2Hygiene.30SecNumCloud.18.1SecNumCloud.6.1 |
| CP-02 | Contingency Plan | Hygiene.30Hygiene.35SecNumCloud.18.1 |
| CP-03 | Contingency Training | Hygiene.35Hygiene.4SecNumCloud.18.2 |
| CP-04 | Contingency Plan Testing And Exercises | Hygiene.35SecNumCloud.18.2 |
| CP-05 | Contingency Plan Update | Hygiene.35Hygiene.36SecNumCloud.18.1 |
| CP-06 | Alternate Storage Site | Hygiene.30SecNumCloud.18.3 |
| CP-07 | Alternate Processing Site | Hygiene.30SecNumCloud.18.3 |
| CP-08 | Telecommunications Services | Hygiene.30SecNumCloud.18.3 |
| CP-09 | Information System Backup | Hygiene.30SecNumCloud.13.5 |
| CP-10 | Information System Recovery And Reconstitution | Hygiene.30Hygiene.35SecNumCloud.18.3 |
IA Identification and Authentication
| Control | Name | ANSSI References |
|---|---|---|
| IA-01 | Identification And Authentication Policy And Procedures | Hygiene.10Hygiene.11Hygiene.2RGS.2.2SecNumCloud.10.1SecNumCloud.6.1 |
| IA-02 | User Identification And Authentication | Hygiene.10Hygiene.11Hygiene.12RGS.2.2SecNumCloud.10.5 |
| IA-03 | Device Identification And Authentication | Hygiene.26Hygiene.5SecNumCloud.10.5 |
| IA-04 | Identifier Management | Hygiene.11Hygiene.32Hygiene.6Hygiene.7SecNumCloud.10.2 |
| IA-05 | Authenticator Management | Hygiene.10Hygiene.12RGS.2.2SecNumCloud.10.5 |
| IA-06 | Authenticator Feedback | Hygiene.10SecNumCloud.10.5 |
| IA-07 | Cryptographic Module Authentication | Hygiene.12RGS.2.3SecNumCloud.11.1 |
IR Incident Response
| Control | Name | ANSSI References |
|---|---|---|
| IR-01 | Incident Response Policy And Procedures | Hygiene.2Hygiene.35Hygiene.40SecNumCloud.17.1SecNumCloud.6.1 |
| IR-02 | Incident Response Training | Hygiene.35Hygiene.4SecNumCloud.17.1 |
| IR-03 | Incident Response Testing And Exercises | Hygiene.35SecNumCloud.17.2 |
| IR-04 | Incident Handling | Hygiene.35Hygiene.39Hygiene.40SecNumCloud.17.1SecNumCloud.17.2 |
| IR-05 | Incident Monitoring | Hygiene.29Hygiene.39SecNumCloud.17.1 |
| IR-06 | Incident Reporting | Hygiene.40SecNumCloud.17.1 |
| IR-07 | Incident Response Assistance | Hygiene.40Hygiene.42SecNumCloud.17.1 |
| IR-09 | Information Spillage Response | Hygiene.35Hygiene.40SecNumCloud.17.1 |
MA Maintenance
| Control | Name | ANSSI References |
|---|---|---|
| MA-01 | System Maintenance Policy And Procedures | Hygiene.2Hygiene.34SecNumCloud.13.4SecNumCloud.6.1 |
| MA-02 | Controlled Maintenance | Hygiene.34SecNumCloud.13.4 |
| MA-03 | Maintenance Tools | Hygiene.20Hygiene.34SecNumCloud.13.4 |
| MA-04 | Remote Maintenance | Hygiene.16Hygiene.24Hygiene.28Hygiene.34SecNumCloud.13.4 |
| MA-05 | Maintenance Personnel | Hygiene.15Hygiene.7SecNumCloud.8.1 |
| MA-06 | Timely Maintenance | Hygiene.34SecNumCloud.13.4 |
| MA-07 | Field Maintenance | Hygiene.28SecNumCloud.13.4 |
MP Media Protection
| Control | Name | ANSSI References |
|---|---|---|
| MP-01 | Media Protection Policy And Procedures | Hygiene.19Hygiene.2SecNumCloud.6.1SecNumCloud.9.2 |
| MP-02 | Media Access | Hygiene.14Hygiene.19SecNumCloud.9.2 |
| MP-03 | Media Labeling | Hygiene.8SecNumCloud.9.2 |
| MP-04 | Media Storage | Hygiene.19Hygiene.37SecNumCloud.12.1SecNumCloud.9.2 |
| MP-05 | Media Transport | Hygiene.19SecNumCloud.9.2 |
| MP-06 | Media Sanitization And Disposal | Hygiene.19SecNumCloud.9.3 |
| MP-08 | Media Downgrading | Hygiene.19SecNumCloud.9.2SecNumCloud.9.3 |
PE Physical and Environmental Protection
| Control | Name | ANSSI References |
|---|---|---|
| PE-01 | Physical And Environmental Protection Policy And Procedures | Hygiene.2Hygiene.37SecNumCloud.12.1SecNumCloud.6.1 |
| PE-02 | Physical Access Authorizations | Hygiene.37SecNumCloud.12.2 |
| PE-03 | Physical Access Control | Hygiene.37SecNumCloud.12.2 |
| PE-04 | Access Control For Transmission Medium | Hygiene.26Hygiene.37SecNumCloud.12.2 |
| PE-05 | Access Control For Display Medium | Hygiene.37SecNumCloud.12.2 |
| PE-06 | Monitoring Physical Access | Hygiene.37Hygiene.39SecNumCloud.12.2 |
| PE-07 | Visitor Control | Hygiene.37SecNumCloud.12.2 |
| PE-08 | Access Records | Hygiene.37SecNumCloud.12.2 |
| PE-09 | Power Equipment And Power Cabling | Hygiene.38SecNumCloud.12.3 |
| PE-10 | Emergency Shutoff | Hygiene.38SecNumCloud.12.3 |
| PE-11 | Emergency Power | Hygiene.38SecNumCloud.12.3 |
| PE-12 | Emergency Lighting | Hygiene.38SecNumCloud.12.3 |
| PE-13 | Fire Protection | Hygiene.38SecNumCloud.12.3 |
| PE-14 | Temperature And Humidity Controls | Hygiene.38SecNumCloud.12.3 |
| PE-15 | Water Damage Protection | Hygiene.38SecNumCloud.12.3 |
| PE-16 | Delivery And Removal | Hygiene.37SecNumCloud.12.2 |
| PE-17 | Alternate Work Site | Hygiene.37SecNumCloud.12.1 |
| PE-18 | Location Of Information System Components | Hygiene.37Hygiene.38SecNumCloud.12.1 |
| PE-19 | Information Leakage | Hygiene.37SecNumCloud.12.2 |
| PE-21 | Electromagnetic Pulse Protection | Hygiene.37Hygiene.38SecNumCloud.12.3 |
| PE-22 | Component Marking | Hygiene.37SecNumCloud.12.2 |
| PE-23 | Facility Location | Hygiene.37SecNumCloud.12.1 |
PL Planning
| Control | Name | ANSSI References |
|---|---|---|
| PL-01 | Security Planning Policy And Procedures | Hygiene.2Hygiene.36RGS.1.3SecNumCloud.6.1 |
| PL-02 | System Security Plan | Hygiene.2Hygiene.36Hygiene.5SecNumCloud.6.2 |
| PL-03 | System Security Plan Update | Hygiene.36SecNumCloud.6.2 |
| PL-04 | Rules Of Behavior | Hygiene.1Hygiene.3SecNumCloud.8.2 |
| PL-05 | Privacy Impact Assessment | Hygiene.41 |
| PL-06 | Security-Related Activity Planning | Hygiene.36SecNumCloud.6.2 |
| PL-09 | Central Management | Hygiene.36RGS.1.3 |
| PL-10 | Baseline Selection | Hygiene.36 |
| PL-11 | Baseline Tailoring | Hygiene.36 |
PM Program Management
| Control | Name | ANSSI References |
|---|---|---|
| PM-02 | Information Security Program Leadership Role | Hygiene.4 |
PS Personnel Security
| Control | Name | ANSSI References |
|---|---|---|
| PS-01 | Personnel Security Policy And Procedures | Hygiene.2Hygiene.7SecNumCloud.6.1SecNumCloud.8.1 |
| PS-02 | Position Categorization | Hygiene.15Hygiene.7SecNumCloud.8.1 |
| PS-03 | Personnel Screening | Hygiene.7SecNumCloud.8.1 |
| PS-04 | Personnel Termination | Hygiene.32Hygiene.7SecNumCloud.8.4 |
| PS-05 | Personnel Transfer | Hygiene.14Hygiene.32Hygiene.7SecNumCloud.8.4 |
| PS-06 | Access Agreements | Hygiene.7SecNumCloud.8.2 |
| PS-07 | Third-Party Personnel Security | Hygiene.7SecNumCloud.16.1SecNumCloud.8.1 |
| PS-08 | Personnel Sanctions | Hygiene.7SecNumCloud.8.4 |
| PS-09 | Position Descriptions | Hygiene.11Hygiene.4Hygiene.7SecNumCloud.8.1 |
PT Personally Identifiable Information Processing and Transparency
| Control | Name | ANSSI References |
|---|---|---|
| PT-01 | Policy and Procedures | Hygiene.2SecNumCloud.19.3SecNumCloud.6.1 |
| PT-02 | Authority to Process Personally Identifiable Information | SecNumCloud.19.3 |
| PT-03 | Personally Identifiable Information Processing Purposes | Hygiene.8SecNumCloud.19.3 |
| PT-04 | Consent | SecNumCloud.19.3 |
| PT-05 | Privacy Notice | SecNumCloud.19.3 |
| PT-06 | System of Records Notice | SecNumCloud.19.3 |
| PT-07 | Specific Categories of Personally Identifiable Information | Hygiene.8SecNumCloud.19.3 |
| PT-08 | Computer Matching Requirements | SecNumCloud.19.3 |
RA Risk Assessment
| Control | Name | ANSSI References |
|---|---|---|
| RA-01 | Risk Assessment Policy And Procedures | Hygiene.2Hygiene.41RGS.1.3SecNumCloud.6.1 |
| RA-02 | Security Categorization | Hygiene.41Hygiene.8SecNumCloud.9.1 |
| RA-03 | Risk Assessment | Hygiene.41RGS.3.1SecNumCloud.7.2 |
| RA-04 | Risk Assessment Update | Hygiene.36Hygiene.41SecNumCloud.7.2 |
| RA-05 | Vulnerability Scanning | Hygiene.31Hygiene.33SecNumCloud.13.6 |
| RA-07 | Risk Response | Hygiene.31Hygiene.36Hygiene.41RGS.3.1SecNumCloud.13.6SecNumCloud.7.2 |
| RA-09 | Criticality Analysis | Hygiene.36Hygiene.41RGS.3.1SecNumCloud.7.2 |
SA System and Services Acquisition
| Control | Name | ANSSI References |
|---|---|---|
| SA-01 | System And Services Acquisition Policy And Procedures | Hygiene.2Hygiene.36SecNumCloud.15.1SecNumCloud.6.1 |
| SA-02 | Allocation Of Resources | Hygiene.36SecNumCloud.15.1 |
| SA-03 | Life Cycle Support | Hygiene.34Hygiene.36SecNumCloud.15.1 |
| SA-04 | Acquisitions | Hygiene.42SecNumCloud.15.1SecNumCloud.16.1 |
| SA-05 | Information System Documentation | Hygiene.5SecNumCloud.15.2 |
| SA-06 | Software Usage Restrictions | Hygiene.20SecNumCloud.13.1 |
| SA-07 | User Installed Software | Hygiene.20SecNumCloud.13.1 |
| SA-08 | Security Engineering Principles | Hygiene.23Hygiene.36SecNumCloud.15.3 |
| SA-09 | External Information System Services | Hygiene.26Hygiene.42Hygiene.9SecNumCloud.16.1SecNumCloud.16.2 |
| SA-10 | Developer Configuration Management | Hygiene.34Hygiene.36SecNumCloud.15.4 |
| SA-11 | Developer Security Testing | Hygiene.31Hygiene.33SecNumCloud.15.5 |
| SA-20 | Customized Development of Critical Components | SecNumCloud.15.1SecNumCloud.15.5 |
| SA-21 | Developer Screening | Hygiene.42SecNumCloud.15.1SecNumCloud.16.1 |
| SA-23 | Specialization | SecNumCloud.15.3 |
SC System and Communications Protection
| Control | Name | ANSSI References |
|---|---|---|
| SC-01 | System And Communications Protection Policy And Procedures | Hygiene.2Hygiene.23RGS.1.3SecNumCloud.14.1SecNumCloud.6.1 |
| SC-02 | Application Partitioning | Hygiene.23SecNumCloud.14.1 |
| SC-03 | Security Function Isolation | Hygiene.23SecNumCloud.14.1 |
| SC-04 | Information Remnance | Hygiene.19SecNumCloud.9.3 |
| SC-05 | Denial Of Service Protection | Hygiene.22Hygiene.27SecNumCloud.14.4 |
| SC-06 | Resource Priority | Hygiene.23SecNumCloud.13.3 |
| SC-07 | Boundary Protection | Hygiene.22Hygiene.23Hygiene.27SecNumCloud.14.1SecNumCloud.14.4 |
| SC-08 | Transmission Integrity | Hygiene.24RGS.2.3SecNumCloud.11.1SecNumCloud.14.2 |
| SC-10 | Network Disconnect | Hygiene.12SecNumCloud.10.6 |
| SC-11 | Trusted Path | Hygiene.24Hygiene.28SecNumCloud.14.2 |
| SC-12 | Cryptographic Key Establishment And Management | Hygiene.12RGS.2.3SecNumCloud.11.1 |
| SC-13 | Use Of Cryptography | Hygiene.12Hygiene.19RGS.2.3SecNumCloud.11.1 |
| SC-14 | Public Access Protections | Hygiene.22SecNumCloud.14.4 |
| SC-15 | Collaborative Computing | Hygiene.22SecNumCloud.14.1 |
| SC-16 | Transmission Of Security Parameters | Hygiene.24RGS.2.2SecNumCloud.14.2 |
| SC-17 | Public Key Infrastructure Certificates | Hygiene.12RGS.2.3SecNumCloud.11.1 |
| SC-18 | Mobile Code | Hygiene.20Hygiene.22SecNumCloud.13.1 |
| SC-20 | Secure Name / Address Resolution Service (Authoritative Source) | Hygiene.23SecNumCloud.14.1 |
| SC-21 | Secure Name / Address Resolution Service (Recursive Or Caching Resolver) | Hygiene.23SecNumCloud.14.1 |
| SC-22 | Architecture And Provisioning For Name / Address Resolution Service | Hygiene.23SecNumCloud.14.1 |
| SC-23 | Session Authenticity | Hygiene.12Hygiene.24SecNumCloud.10.5 |
| SC-28 | Protection of Information at Rest | Hygiene.19 |
| SC-38 | Operations Security | Hygiene.12RGS.2.3SecNumCloud.11.1SecNumCloud.14.2 |
| SC-40 | Wireless Link Protection | Hygiene.25SecNumCloud.14.3 |
| SC-44 | Detonation Chambers | Hygiene.21 |
| SC-46 | Cross Domain Policy Enforcement | Hygiene.17Hygiene.23SecNumCloud.14.1 |
| SC-47 | Alternate Communications Paths | Hygiene.24SecNumCloud.10.7SecNumCloud.14.4SecNumCloud.18.3 |
| SC-48 | Sensor Relocation | Hygiene.39 |
SI System and Information Integrity
| Control | Name | ANSSI References |
|---|---|---|
| SI-01 | System And Information Integrity Policy And Procedures | Hygiene.2Hygiene.33Hygiene.34SecNumCloud.13.6SecNumCloud.6.1 |
| SI-02 | Flaw Remediation | Hygiene.18Hygiene.33Hygiene.34SecNumCloud.13.6 |
| SI-03 | Malicious Code Protection | Hygiene.21SecNumCloud.13.1 |
| SI-04 | Information System Monitoring Tools And Techniques | Hygiene.29Hygiene.39SecNumCloud.13.7 |
| SI-05 | Security Alerts And Advisories | Hygiene.33Hygiene.39SecNumCloud.13.6 |
| SI-06 | Security Functionality Verification | Hygiene.31SecNumCloud.13.6 |
| SI-07 | Software And Information Integrity | Hygiene.20Hygiene.34SecNumCloud.13.6 |
| SI-08 | Spam Protection | Hygiene.21Hygiene.22SecNumCloud.13.1 |
| SI-09 | Information Input Restrictions | Hygiene.14SecNumCloud.10.3 |
| SI-10 | Information Accuracy, Completeness, Validity, And Authenticity | Hygiene.33SecNumCloud.15.3 |
| SI-11 | Error Handling | Hygiene.29SecNumCloud.15.3 |
| SI-12 | Information Output Handling And Retention | Hygiene.19Hygiene.8SecNumCloud.9.2 |
| SI-13 | Predictable Failure Prevention | SecNumCloud.13.3SecNumCloud.18.1 |
| SI-16 | Memory Protection | Hygiene.21 |
| SI-18 | Personally Identifiable Information Quality Operations | SecNumCloud.19.3 |
| SI-19 | De-identification | SecNumCloud.19.3 |
SR Supply Chain Risk Management
| Control | Name | ANSSI References |
|---|---|---|
| SR-01 | Policy and Procedures | Hygiene.2Hygiene.36Hygiene.42SecNumCloud.16.1SecNumCloud.6.1 |
| SR-02 | Supply Chain Risk Management Plan | Hygiene.36Hygiene.42SecNumCloud.16.1 |
| SR-03 | Supply Chain Controls and Processes | Hygiene.42Hygiene.9SecNumCloud.16.1SecNumCloud.16.2 |
| SR-04 | Provenance | Hygiene.42SecNumCloud.16.1 |
| SR-05 | Acquisition Strategies, Tools, and Methods | Hygiene.42SecNumCloud.16.1 |
| SR-06 | Supplier Assessments and Reviews | Hygiene.31Hygiene.42SecNumCloud.16.2 |
| SR-07 | Supply Chain Operations Security | Hygiene.42SecNumCloud.16.1 |
| SR-08 | Notification Agreements | Hygiene.40Hygiene.42SecNumCloud.16.1 |
| SR-09 | Tamper Resistance and Detection | Hygiene.37Hygiene.42SecNumCloud.12.2SecNumCloud.16.1 |
| SR-10 | Inspection of Systems or Components | Hygiene.31Hygiene.42SecNumCloud.16.2 |
| SR-11 | Component Authenticity | Hygiene.42SecNumCloud.16.1 |
| SR-12 | Component Disposal | Hygiene.19SecNumCloud.9.3 |