framework-mcp 2.4.2 → 2.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1 +1 @@
1
- {"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAq+gB7B"}
1
+ {"version":3,"file":"safeguard-manager.d.ts","sourceRoot":"","sources":["../../src/core/safeguard-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAc,MAAM,oBAAoB,CAAC;AAElE,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,UAAU,CAAwC;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;IAC9C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAkB;IAChE,OAAO,CAAC,kBAAkB,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAa;;IAQzB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,eAAe,GAAE,OAAe,GAAG,gBAAgB,GAAG,IAAI;IA4BnG,uBAAuB,IAAI,MAAM,EAAE;IAgBnC,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAIpD,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAerD,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,2BAA2B;IAmCnC;;OAEG;IACI,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAO7D;;OAEG;IACI,UAAU,IAAI,IAAI;IAKzB,OAAO,CAAC,yBAAyB;IAajC,OAAO,CAAC,yBAAyB;IA2BjC,OAAO,CAAC,oBAAoB;CAg8gB7B"}
@@ -1016,7 +1016,7 @@ export class SafeguardManager {
1016
1016
  title: "Establish and Maintain a Data Management Process",
1017
1017
  description: "Establish and maintain a documented data management process. In the process, address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
1018
1018
  implementationGroup: "IG1",
1019
- assetType: ["data"],
1019
+ assetType: ["Data"],
1020
1020
  securityFunction: ["Govern"],
1021
1021
  governanceElements: [
1022
1022
  "Establish",
@@ -1024,20 +1024,15 @@ export class SafeguardManager {
1024
1024
  "Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
1025
1025
  ],
1026
1026
  coreRequirements: [
1027
- "documented data management process",
1028
- "address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise"
1027
+ "documented data management process"
1029
1028
  ],
1030
1029
  subTaxonomicalElements: [
1031
- "Documented Data management process",
1032
1030
  "Data Sensitivity",
1033
1031
  "Data Owner",
1034
1032
  "Data Handling",
1035
1033
  "Data Retention Limits",
1036
1034
  "Disposal Requirements",
1037
- "Retention Standards",
1038
- "Review and update documentation",
1039
- "Annually",
1040
- "When significant enterprise changes occur that could impact this Safeguard"
1035
+ "Retention Standards"
1041
1036
  ],
1042
1037
  implementationSuggestions: [ // Gray - Implementation suggestions
1043
1038
  ],
@@ -1093,7 +1088,7 @@ export class SafeguardManager {
1093
1088
  title: "Establish and Maintain a Data Inventory",
1094
1089
  description: "Establish and maintain a data inventory based on the enterprise's data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.",
1095
1090
  implementationGroup: "IG1",
1096
- assetType: ["data"],
1091
+ assetType: ["Data"],
1097
1092
  securityFunction: ["Identify"],
1098
1093
  governanceElements: [
1099
1094
  "Establish",
@@ -1101,16 +1096,11 @@ export class SafeguardManager {
1101
1096
  "Review and update inventory annually, at a minimum, with a priority on sensitive data"
1102
1097
  ],
1103
1098
  coreRequirements: [
1104
- "data inventory based on the enterprise's data management process",
1105
- "inventory sensitive data, at a minimum"
1099
+ "data inventory"
1106
1100
  ],
1107
1101
  subTaxonomicalElements: [
1108
- "Data Inventory",
1109
1102
  "Based on Data Management process",
1110
- "Sensitive Data at a Minimum",
1111
- "Review and update inventory",
1112
- "Annually, at a minimum",
1113
- "Priority on sensitive data"
1103
+ "Sensitive Data at a Minimum"
1114
1104
  ],
1115
1105
  implementationSuggestions: [ // Gray - Implementation suggestions
1116
1106
  ],
@@ -1166,14 +1156,13 @@ export class SafeguardManager {
1166
1156
  title: "Configure Data Access Control Lists",
1167
1157
  description: "Configure data access control lists based on a user's need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.",
1168
1158
  implementationGroup: "IG1",
1169
- assetType: ["data"],
1159
+ assetType: ["Data"],
1170
1160
  securityFunction: ["Protect"],
1171
1161
  governanceElements: [
1172
- "Configure",
1173
- "Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications"
1162
+ "Configure"
1174
1163
  ],
1175
1164
  coreRequirements: [
1176
- "data access control lists based on a user's need to know"
1165
+ "data access control lists"
1177
1166
  ],
1178
1167
  subTaxonomicalElements: [
1179
1168
  "Data Access control lists",
@@ -1238,7 +1227,7 @@ export class SafeguardManager {
1238
1227
  title: "Enforce Data Retention",
1239
1228
  description: "Retain data according to the enterprise's documented data management process. Data retention must include both minimum and maximum timelines.",
1240
1229
  implementationGroup: "IG1",
1241
- assetType: ["data"],
1230
+ assetType: ["Data"],
1242
1231
  securityFunction: ["Protect"],
1243
1232
  governanceElements: [
1244
1233
  "Retain",
@@ -1251,7 +1240,6 @@ export class SafeguardManager {
1251
1240
  ],
1252
1241
  subTaxonomicalElements: [
1253
1242
  "Data Retention",
1254
- "Must Include",
1255
1243
  "Minimum Timelines",
1256
1244
  "Maximum timelines"
1257
1245
  ],
@@ -1309,19 +1297,17 @@ export class SafeguardManager {
1309
1297
  title: "Securely Dispose of Data",
1310
1298
  description: "Securely dispose of data as outlined in the enterprise's data management process. Ensure the disposal process and method are commensurate with the data sensitivity.",
1311
1299
  implementationGroup: "IG1",
1312
- assetType: ["data"],
1300
+ assetType: ["Data"],
1313
1301
  securityFunction: ["Protect"],
1314
1302
  governanceElements: [
1315
- "Securely dispose of data",
1303
+ "Disposal process and method are commensurate with the data sensitivity",
1316
1304
  "Ensure"
1317
1305
  ],
1318
1306
  coreRequirements: [
1319
- "as outlined in the enterprise's data management process",
1320
- "the disposal process and method are commensurate with the data sensitivity"
1307
+ "Securely Dispose of Data"
1321
1308
  ],
1322
1309
  subTaxonomicalElements: [
1323
- "Securely dispose of data",
1324
- "Disposal process and method are commensurate with the data sensitivity"
1310
+ "Securely dispose of Data"
1325
1311
  ],
1326
1312
  implementationSuggestions: [ // Gray - Implementation suggestions
1327
1313
  ],
@@ -1377,17 +1363,17 @@ export class SafeguardManager {
1377
1363
  title: "Encrypt Data on End-User Devices",
1378
1364
  description: "Encrypt data on end-user devices containing sensitive data. Example implementations can include: Windows BitLocker®, Apple FileVault®, Linux® dm-crypt.",
1379
1365
  implementationGroup: "IG1",
1380
- assetType: ["data"],
1366
+ assetType: ["Data"],
1381
1367
  securityFunction: ["Protect"],
1382
1368
  governanceElements: [
1383
1369
  "Encrypt"
1384
1370
  ],
1385
1371
  coreRequirements: [
1386
- "data on end-user devices containing sensitive data"
1372
+ "data on end-user devices"
1387
1373
  ],
1388
1374
  subTaxonomicalElements: [
1389
1375
  "Data on end-user devices",
1390
- "Sensitive data"
1376
+ "that contain Sensitive data"
1391
1377
  ],
1392
1378
  implementationSuggestions: [
1393
1379
  "Windows Bitlocker",
@@ -1446,7 +1432,7 @@ export class SafeguardManager {
1446
1432
  title: "Establish and Maintain a Data Classification Scheme",
1447
1433
  description: "Establish and maintain an overall data classification scheme for the enterprise. Enterprises may use labels, such as \"Sensitive,\" \"Confidential,\" and \"Public,\" and classify their data according to those labels. Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard.",
1448
1434
  implementationGroup: "IG2",
1449
- assetType: ["data"],
1435
+ assetType: ["Data"],
1450
1436
  securityFunction: ["Identify"],
1451
1437
  governanceElements: [
1452
1438
  "Establish",
@@ -1454,15 +1440,10 @@ export class SafeguardManager {
1454
1440
  "Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard"
1455
1441
  ],
1456
1442
  coreRequirements: [
1457
- "overall data classification scheme for the enterprise",
1458
- "classify their data according to those labels"
1443
+ "data classification scheme"
1459
1444
  ],
1460
1445
  subTaxonomicalElements: [
1461
- "Data classification scheme",
1462
- "Classify their data according to labels",
1463
- "Review and update classification scheme",
1464
- "Annually",
1465
- "When significant enterprise changes occur that could impact this Safeguard"
1446
+ "Classify their data according to labels"
1466
1447
  ],
1467
1448
  implementationSuggestions: [
1468
1449
  "Sensitive",
@@ -1521,27 +1502,19 @@ export class SafeguardManager {
1521
1502
  title: "Document Data Flows",
1522
1503
  description: "Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise's data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
1523
1504
  implementationGroup: "IG2",
1524
- assetType: ["data"],
1505
+ assetType: ["Data"],
1525
1506
  securityFunction: ["Identify"],
1526
1507
  governanceElements: [
1527
- "Document data flows",
1528
- "Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
1508
+ "Document data flows"
1529
1509
  ],
1530
1510
  coreRequirements: [
1531
- "Data flow documentation includes service provider data flows and should be based on the enterprise's data management process"
1511
+ "Document Data Flows"
1532
1512
  ],
1533
1513
  subTaxonomicalElements: [
1534
- "Document data flows",
1535
1514
  "Enterprise Data Flows",
1536
- "Service Provider Data Flows",
1537
- "Review and update documentation",
1538
- "Annually",
1539
- "When significant enterprise changes occur that could impact this Safeguard"
1515
+ "Service Provider Data Flows"
1540
1516
  ],
1541
- implementationSuggestions: [
1542
- "Data management systems",
1543
- "Data flow mapping tools",
1544
- "Service provider documentation"
1517
+ implementationSuggestions: [ // Gray - Implementation suggestions
1545
1518
  ],
1546
1519
  relatedSafeguards: ["3.1", "3.2", "3.7", "3.9", "3.10", "3.11"],
1547
1520
  systemPromptFull: {
@@ -1595,16 +1568,16 @@ export class SafeguardManager {
1595
1568
  title: "Encrypt Data on Removable Media",
1596
1569
  description: "Encrypt Data on Removable Media",
1597
1570
  implementationGroup: "IG2",
1598
- assetType: ["data"],
1571
+ assetType: ["Data"],
1599
1572
  securityFunction: ["Protect"],
1600
1573
  governanceElements: [
1601
- "Encrypt Data on Removable Media"
1574
+ "Encrypt"
1602
1575
  ],
1603
- coreRequirements: [ // Green - The "what"
1576
+ coreRequirements: [
1577
+ "Encrypt Data on Removable Media"
1604
1578
  ],
1605
1579
  subTaxonomicalElements: [
1606
1580
  "Data on Removable Media",
1607
- "Maintain"
1608
1581
  ],
1609
1582
  implementationSuggestions: [ // Gray - Implementation suggestions
1610
1583
  ],
@@ -1660,13 +1633,13 @@ export class SafeguardManager {
1660
1633
  title: "Encrypt Sensitive Data in Transit",
1661
1634
  description: "Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).",
1662
1635
  implementationGroup: "IG2",
1663
- assetType: ["data"],
1636
+ assetType: ["Data"],
1664
1637
  securityFunction: ["Protect"],
1665
1638
  governanceElements: [
1666
1639
  "Encrypt"
1667
1640
  ],
1668
1641
  coreRequirements: [
1669
- "sensitive data in transit"
1642
+ "Encrypt sensitive data in transit"
1670
1643
  ],
1671
1644
  subTaxonomicalElements: [
1672
1645
  "Sensitive data in transit"
@@ -1727,23 +1700,21 @@ export class SafeguardManager {
1727
1700
  title: "Encrypt Sensitive Data at Rest",
1728
1701
  description: "Encrypt sensitive data at rest on servers, applications, and databases. Storage-layer encryption, also known as server-side encryption, meets the minimum requirement of this Safeguard. Additional encryption methods may include application-layer encryption, also known as client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.",
1729
1702
  implementationGroup: "IG2",
1730
- assetType: ["data"],
1703
+ assetType: ["Data"],
1731
1704
  securityFunction: ["Protect"],
1732
1705
  governanceElements: [
1733
1706
  "Encrypt",
1734
- "meets the minimum requirement of this Safeguard"
1707
+ "Minimum Requirement"
1735
1708
  ],
1736
1709
  coreRequirements: [
1737
- "sensitive data at rest on servers, applications, and databases",
1738
- "Storage-layer encryption, also known as server-side encryption"
1710
+ "Encrypt sensitive data at rest"
1739
1711
  ],
1740
1712
  subTaxonomicalElements: [
1741
- "Encrypt Sensitive Data At Rest",
1713
+ "Sensitive Data At Rest",
1742
1714
  "Servers",
1743
- "Software",
1715
+ "Applications",
1744
1716
  "Databases",
1745
- "Storage Layer (server side) encryption",
1746
- "Minimum Requirement"
1717
+ "Storage Layer (server side) encryption"
1747
1718
  ],
1748
1719
  implementationSuggestions: [
1749
1720
  "Application layer (client-side) encryption",
@@ -1801,19 +1772,17 @@ export class SafeguardManager {
1801
1772
  title: "Segment Data Processing and Storage Based on Sensitivity",
1802
1773
  description: "Segment data processing and storage based on the sensitivity of the data. Do not process sensitive data on enterprise assets intended for lower sensitivity data.",
1803
1774
  implementationGroup: "IG2",
1804
- assetType: ["data"],
1775
+ assetType: ["Data"],
1805
1776
  securityFunction: ["Protect"],
1806
1777
  governanceElements: [
1807
- "Segment data processing and storage based on the sensitivity of the data",
1808
1778
  "Do not process sensitive data on enterprise assets intended for lower sensitivity data"
1809
1779
  ],
1810
- coreRequirements: [ // Green - The "what"
1780
+ coreRequirements: [
1781
+ "Segment Data Processing",
1782
+ "Segment Data Storage",
1783
+ "Based on Sensitivity"
1811
1784
  ],
1812
- subTaxonomicalElements: [
1813
- "Based on the sensitivity of data",
1814
- "Segment data processing (compute)",
1815
- "Segment Storage",
1816
- "Do not process sensitive data on enterprise assets intended for lower sensitivity data"
1785
+ subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1817
1786
  ],
1818
1787
  implementationSuggestions: [ // Gray - Implementation suggestions
1819
1788
  ],
@@ -1869,17 +1838,15 @@ export class SafeguardManager {
1869
1838
  title: "Deploy a Data Loss Prevention Solution",
1870
1839
  description: "Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise's data inventory.",
1871
1840
  implementationGroup: "IG3",
1872
- assetType: ["data"],
1841
+ assetType: ["Data"],
1873
1842
  securityFunction: ["Protect"],
1874
1843
  governanceElements: [
1875
- "Implement",
1876
- "Update Data Inventory"
1844
+ "Implement"
1877
1845
  ],
1878
1846
  coreRequirements: [
1879
- "automated tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider"
1847
+ "automated tool to identify all sensitive data"
1880
1848
  ],
1881
1849
  subTaxonomicalElements: [
1882
- "Automated DLP Tool",
1883
1850
  "Identify all sensitive Data",
1884
1851
  "Stored",
1885
1852
  "Processed",
@@ -1943,19 +1910,15 @@ export class SafeguardManager {
1943
1910
  title: "Log Sensitive Data Access",
1944
1911
  description: "Log sensitive data access, including modification and disposal.",
1945
1912
  implementationGroup: "IG3",
1946
- assetType: ["data"],
1913
+ assetType: ["Data"],
1947
1914
  securityFunction: ["Detect"],
1948
1915
  governanceElements: [
1949
1916
  "Log"
1950
1917
  ],
1951
1918
  coreRequirements: [
1952
- "sensitive data access, including modification and disposal"
1919
+ "Log sensitive data access, including modification and disposal"
1953
1920
  ],
1954
- subTaxonomicalElements: [
1955
- "Sensitive Data access",
1956
- "Access",
1957
- "Modification",
1958
- "Disposal"
1921
+ subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
1959
1922
  ],
1960
1923
  implementationSuggestions: [ // Gray - Implementation suggestions
1961
1924
  ],
@@ -2815,7 +2778,7 @@ export class SafeguardManager {
2815
2778
  title: "Separate Enterprise Workspaces on Mobile End-User Devices",
2816
2779
  description: "Ensure separate enterprise workspaces are used on mobile end-user devices, where supported. Example implementations include using an Apple® Configuration Profile or AndroidTM Work Profile to separate enterprise applications and data from personal applications and data.",
2817
2780
  implementationGroup: "IG3",
2818
- assetType: ["devices", "data"],
2781
+ assetType: ["devices", "Data"],
2819
2782
  securityFunction: ["Protect"],
2820
2783
  governanceElements: [
2821
2784
  "Ensure",
@@ -4534,7 +4497,7 @@ export class SafeguardManager {
4534
4497
  title: "Establish and Maintain an Audit Log Management Process",
4535
4498
  description: "Establish and maintain a documented audit log management process that defines the enterprise's logging requirements. At a minimum, address the collection, review, and retention of audit logs for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
4536
4499
  implementationGroup: "IG1",
4537
- assetType: ["enterprise assets", "data"],
4500
+ assetType: ["enterprise assets", "Data"],
4538
4501
  securityFunction: ["Govern"],
4539
4502
  governanceElements: [
4540
4503
  "establish and maintain",
@@ -4610,7 +4573,7 @@ export class SafeguardManager {
4610
4573
  title: "Collect Audit Logs",
4611
4574
  description: "Collect audit logs. Ensure that logging, per the enterprise's audit log management process, has been enabled across enterprise assets.",
4612
4575
  implementationGroup: "IG1",
4613
- assetType: ["enterprise assets", "data"],
4576
+ assetType: ["enterprise assets", "Data"],
4614
4577
  securityFunction: ["Detect"],
4615
4578
  governanceElements: [
4616
4579
  "per the enterprise's audit log management process"
@@ -4679,7 +4642,7 @@ export class SafeguardManager {
4679
4642
  title: "Ensure Adequate Audit Log Storage",
4680
4643
  description: "Ensure that logging destinations maintain adequate storage to comply with the enterprise's audit log management process.",
4681
4644
  implementationGroup: "IG1",
4682
- assetType: ["data"],
4645
+ assetType: ["Data"],
4683
4646
  securityFunction: ["Protect"],
4684
4647
  governanceElements: [
4685
4648
  "comply with the enterprise's audit log management process"
@@ -4749,7 +4712,7 @@ export class SafeguardManager {
4749
4712
  title: "Standardize Time Synchronization",
4750
4713
  description: "Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.",
4751
4714
  implementationGroup: "IG2",
4752
- assetType: ["enterprise assets", "data"],
4715
+ assetType: ["enterprise assets", "Data"],
4753
4716
  securityFunction: ["Protect"],
4754
4717
  governanceElements: [
4755
4718
  "standardize time synchronization"
@@ -4821,7 +4784,7 @@ export class SafeguardManager {
4821
4784
  title: "Collect Detailed Audit Logs",
4822
4785
  description: "Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.",
4823
4786
  implementationGroup: "IG2",
4824
- assetType: ["enterprise assets", "data"],
4787
+ assetType: ["enterprise assets", "Data"],
4825
4788
  securityFunction: ["Detect"],
4826
4789
  governanceElements: [
4827
4790
  "configure detailed audit logging"
@@ -4896,7 +4859,7 @@ export class SafeguardManager {
4896
4859
  title: "Collect DNS Query Audit Logs",
4897
4860
  description: "Collect DNS query audit logs on enterprise assets, where appropriate and supported.",
4898
4861
  implementationGroup: "IG2",
4899
- assetType: ["enterprise assets", "data"],
4862
+ assetType: ["enterprise assets", "Data"],
4900
4863
  securityFunction: ["Detect"],
4901
4864
  governanceElements: [
4902
4865
  "where appropriate and supported"
@@ -4967,7 +4930,7 @@ export class SafeguardManager {
4967
4930
  title: "Collect URL Request Audit Logs",
4968
4931
  description: "Collect URL request audit logs on enterprise assets, where appropriate and supported.",
4969
4932
  implementationGroup: "IG2",
4970
- assetType: ["enterprise assets", "data"],
4933
+ assetType: ["enterprise assets", "Data"],
4971
4934
  securityFunction: ["Detect"],
4972
4935
  governanceElements: [
4973
4936
  "where appropriate and supported"
@@ -5038,7 +5001,7 @@ export class SafeguardManager {
5038
5001
  title: "Collect Command-Line Audit Logs",
5039
5002
  description: "Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals.",
5040
5003
  implementationGroup: "IG2",
5041
- assetType: ["data"],
5004
+ assetType: ["Data"],
5042
5005
  securityFunction: ["Detect"],
5043
5006
  governanceElements: [
5044
5007
  "collect command-line audit logs"
@@ -5108,7 +5071,7 @@ export class SafeguardManager {
5108
5071
  title: "Centralize Audit Logs",
5109
5072
  description: "Centralize, to the extent possible, audit log collection and retention across enterprise assets in accordance with the documented audit log management process. Example implementations include leveraging a SIEM tool to centralize multiple log sources.",
5110
5073
  implementationGroup: "IG2",
5111
- assetType: ["enterprise assets", "data"],
5074
+ assetType: ["enterprise assets", "Data"],
5112
5075
  securityFunction: ["Detect"],
5113
5076
  governanceElements: [
5114
5077
  "in accordance with documented audit log management process",
@@ -5180,7 +5143,7 @@ export class SafeguardManager {
5180
5143
  title: "Retain Audit Logs",
5181
5144
  description: "Retain audit logs across enterprise assets for a minimum of 90 days.",
5182
5145
  implementationGroup: "IG2",
5183
- assetType: ["enterprise assets", "data"],
5146
+ assetType: ["enterprise assets", "Data"],
5184
5147
  securityFunction: ["Protect"],
5185
5148
  governanceElements: [
5186
5149
  "minimum of 90 days"
@@ -5247,7 +5210,7 @@ export class SafeguardManager {
5247
5210
  title: "Conduct Audit Log Reviews",
5248
5211
  description: "Conduct reviews of audit logs to detect anomalies or abnormal events that could indicate a potential threat. Conduct reviews on a weekly, or more frequent, basis.",
5249
5212
  implementationGroup: "IG2",
5250
- assetType: ["data"],
5213
+ assetType: ["Data"],
5251
5214
  securityFunction: ["Detect"],
5252
5215
  governanceElements: [
5253
5216
  "conduct reviews on a weekly, or more frequent, basis"
@@ -5317,7 +5280,7 @@ export class SafeguardManager {
5317
5280
  title: "Collect Service Provider Logs",
5318
5281
  description: "Collect service provider logs, where supported. Example implementations include collecting authentication and authorization events, data creation and disposal events, and user management events.",
5319
5282
  implementationGroup: "IG3",
5320
- assetType: ["data"],
5283
+ assetType: ["Data"],
5321
5284
  securityFunction: ["Detect"],
5322
5285
  governanceElements: [
5323
5286
  "where supported"
@@ -6481,7 +6444,7 @@ export class SafeguardManager {
6481
6444
  title: "Establish and Maintain a Data Recovery Process",
6482
6445
  description: "Establish and maintain a documented data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard",
6483
6446
  implementationGroup: "IG1",
6484
- assetType: ["data"],
6447
+ assetType: ["Data"],
6485
6448
  securityFunction: ["Govern"],
6486
6449
  governanceElements: [
6487
6450
  "establish documented data recovery process",
@@ -6564,7 +6527,7 @@ export class SafeguardManager {
6564
6527
  title: "Perform Automated Backups",
6565
6528
  description: "Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data",
6566
6529
  implementationGroup: "IG1",
6567
- assetType: ["data"],
6530
+ assetType: ["Data"],
6568
6531
  securityFunction: ["Recover"],
6569
6532
  governanceElements: [
6570
6533
  "perform automated backups",
@@ -6645,7 +6608,7 @@ export class SafeguardManager {
6645
6608
  title: "Protect Recovery Data",
6646
6609
  description: "Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements",
6647
6610
  implementationGroup: "IG1",
6648
- assetType: ["data"],
6611
+ assetType: ["Data"],
6649
6612
  securityFunction: ["Protect"],
6650
6613
  governanceElements: [
6651
6614
  "protect recovery data",
@@ -6725,7 +6688,7 @@ export class SafeguardManager {
6725
6688
  title: "Establish and Maintain an Isolated Instance of Recovery Data",
6726
6689
  description: "Establish and maintain an isolated instance of recovery data. Example implementations include version controlling backup destinations through offline, cloud, or off-site systems or services",
6727
6690
  implementationGroup: "IG1",
6728
- assetType: ["data"],
6691
+ assetType: ["Data"],
6729
6692
  securityFunction: ["Recover"],
6730
6693
  governanceElements: [
6731
6694
  "establish isolated instance of recovery data",
@@ -6808,7 +6771,7 @@ export class SafeguardManager {
6808
6771
  title: "Test Data Recovery",
6809
6772
  description: "Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets",
6810
6773
  implementationGroup: "IG2",
6811
- assetType: ["data"],
6774
+ assetType: ["Data"],
6812
6775
  securityFunction: ["Recover"],
6813
6776
  governanceElements: [
6814
6777
  "test backup recovery quarterly or more frequently",
@@ -9494,7 +9457,7 @@ export class SafeguardManager {
9494
9457
  title: "Monitor Service Providers",
9495
9458
  description: "Monitor service providers consistent with the enterprise's service provider management policy. Monitoring may include periodic reassessment of service provider compliance, monitoring service provider release notes, and dark web monitoring",
9496
9459
  implementationGroup: "IG3",
9497
- assetType: ["data"],
9460
+ assetType: ["Data"],
9498
9461
  securityFunction: ["Govern"],
9499
9462
  governanceElements: [
9500
9463
  "monitor service providers consistent with enterprise's service provider management policy",
@@ -9571,7 +9534,7 @@ export class SafeguardManager {
9571
9534
  title: "Securely Decommission Service Providers",
9572
9535
  description: "Securely decommission service providers. Example considerations include user and service account deactivation, termination of data flows, and secure disposal of enterprise data within service provider systems",
9573
9536
  implementationGroup: "IG3",
9574
- assetType: ["data"],
9537
+ assetType: ["Data"],
9575
9538
  securityFunction: ["Protect"],
9576
9539
  governanceElements: [
9577
9540
  "securely decommission service providers",