T4.3.3 - PUBLICLY AVAILABLE INFORMATION Implementation Guidance
The entity shall protect information being made available on a publicly available system against unauthorized modification.
Back to T4.3.3 - P4 - PUBLICLY AVAILABLE INFORMATION
Critical entities shall also take into account any other NESA’s relevant issuances, guidance, and activities in this regard.
Software, data, and other information requiring a high level of integrity, being made available on a publicly available system, should be protected by appropriate mechanisms, e.g. digital signatures. The publicly accessible system should be tested against weaknesses and failures prior to information being made available.
There should be a formal approval process before information is made publicly available. In addition, all input provided from the outside to the system should be verified and approved.
Electronic publishing systems, especially those that permit feedback and direct entering of information, should be carefully controlled so that:
- A. Information is obtained in compliance with any data protection legislation
- B. Information input to, and processed by, the publishing system will be processed completely and accurately in a timely manner
- C. Sensitive information will be protected during collection, processing, and storage
- D. Access to the publishing system does not allow unintended access to networks to which the system is connected
