Introduction to Certification: Fillable template and example

Fillable template: Digital asset catalogue DOCX, 52 KB

Fillable templates provide instructions on the information required to be documented for certification.

Example: Digital asset catalogue DOCX, 553 KB

Examples provide sample text to help learners complete a template.

[insert organization name]

Digital asset catalogue

Disclaimer

Cybersecure Canada has developed this template for your use in relation to certification requirements for the eLearning series. It provides guidance as to how information can be organized and documented for certification. Cybersecure Canada does not guarantee a successful certification from use of this template. Organizations are not obliged to use this template and may provide the certification requirement(s) in a documented format best suited for them.

Template instructions

Instructions: instructions are provided in blue font within each section of this template. Upon completion of the template, delete these instructions.

It is recommended that users review the eLearning module for introduction to certification and the completed example of a digital catalogue.

This template is prepared for and by the cybersecure Canada certification program to help organizations develop the various policies, documentation and inventories required to meet the certification requirements of cybersecure Canada. Instructions end.

Revision history

Instructions: it is a best practice for organizations to ensure their policies are reviewed and updated regularly. Document what changes are made, when, and by whom.

The digital asset catalogue has been modified as follows:

Date

Version

Modification

Modifier

[date edited]

[document version]

[description of changes made]

[name of the editor]

General security controls & justifications

Instructions:

  • List the security control features that your organization has decided to implement universally on its hardware and software assets.
    • For example: automatic patching – we have standardized enabling automatic patching wherever possible across our organization. This is to reduce the risk of malware.

[insert company name] has reviewed the devices and implemented the following security controls universally:

  • [insert security feature and description]
  • [insert security feature and description]
  • [insert security feature and description]
  • [insert security feature and description]

Inventory of assets

Instructions:

  • The digital asset catalogue must consist of all your organization's digital assets including both hardware and software. This catalogue is foundational and is an inventory of all your organization's digital assets. It contains other required information for each of these assets that will be needed to comply with certification requirements.
  • Please note that the inventory table is not the only method to catalogue the necessary information. Software that can track your hardware and software inventory is also available for purchase at the discretion of your organization. Organizations are encouraged to determine the best approach for their own needs.
  • To begin completing the inventories below, organizations must take the following steps:

    Step 1: list the hardware and software used in your organization (the first seven columns of the inventory table)

    Step 2: using the list of hardware and software assets from step 1, complete the other columns in the table. The information required for the "security controls and justification" columns form part of the certification requirements for each security control area.

    • The table below outlines which security control areas are relevant to that specific column and the title of the module in this eLearning series where you can find more information on this topic.
    • As you progress through the certification requirements, you are encouraged to update this catalogue to reflect action/decisions taken.

Criticality

User Auth

Auto Patching

Remote Mgmt

Wi-fi

Blue Tooth

Shared Drive

Storage Encrypt

Onsite Backup

Offsite Backup

Perimeter Defense

Backup and encrypt data

Use strong user authentication

Automatically patch operating systems and applications

Establish basic perimeter defences

Securely configure devices

Secure mobility

Establish basic perimeter defences

Securely configure devices

Implement access control and authorization

Securely configure devices

Backup and encrypt

Secure portable media

Backup and encrypt data

Backup and encrypt data

Establish basic perimeter defences

IT hardware inventory

Id

Device type

Vendor

Model

Assignee

O/s

Purchase date

Security controls and justifications

Criticality

User

Auth

Auto

Patching

Remote

Mgmt

Wi-fi

Blue

Tooth

Shared

Drive

Storage

Encrypt

Onsite

Backup

Offsite

Backup

Offline backup

Perimeter

Defense

1

Laptop

Dell

Latitude 7410 standard

John doe

Windows 10

2020-03-01

1-critical

can operate for two days without.

Workaround: close temporarily.

2fa standard

Auto

Standard

Disabled

Standard

Enabled

Standard

Disabled

standard

\\nas\exec

executive use

Yes

standard

\\nas\backup

nightly

OneDrive

Standard

Western digital hdd

Monthly

Windows firewall

standard

IT software inventory

Id

Vendor

Software

& version

Technical

Owner

Update

Method

Installed

On

Confidential

Info stored

Security controls and justifications

Criticality

Hardening guide

Auto

Patching

Remote mgmt

User

Auth

Onsite

Backup

Offsite

Backup

Offline backup

1

Intuit

Quickbooks payroll

John doe

Auto

Cloud

Yes-sin

1-critical

can operate for two days without.

Workaround: don't run payroll for the time being.

N/a

Auto standard

N/1

Microsoft sso

2fa

\\nas\backup

Nightly

OneDrive

Standard

Western digital hdd

Monthly