From 8affe474fb1bc7ce203a4d26527f784ef47af0b3 Mon Sep 17 00:00:00 2001 From: eric-intuitem <71850047+eric-intuitem@users.noreply.github.com> Date: Sat, 11 May 2024 02:02:36 +0200 Subject: [PATCH] add 3CF v2 --- backend/library/libraries/3cf-v2.yaml | 4839 +++++++++++++++++++++++++ tools/3cf/3cf-v2.xlsx | Bin 0 -> 46034 bytes 2 files changed, 4839 insertions(+) create mode 100644 backend/library/libraries/3cf-v2.yaml create mode 100644 tools/3cf/3cf-v2.xlsx diff --git a/backend/library/libraries/3cf-v2.yaml b/backend/library/libraries/3cf-v2.yaml new file mode 100644 index 000000000..4ed3e381b --- /dev/null +++ b/backend/library/libraries/3cf-v2.yaml @@ -0,0 +1,4839 @@ +urn: urn:intuitem:risk:library:3cf-v2 +locale: fr +ref_id: 3CF-v2 +name: "Cadre de Conformit\xE9 Cyber France (3CF) pour l'aviation civile - v2" +description: "Ce document, \xE9tabli par la direction de la s\xE9curit\xE9 de l'aviation\ + \ civile (DSAC), pr\xE9sente le Cadre de Conformit\xE9 Cyber France (3CF) pour l'aviation\ + \ civile.\nversion 2 du 30 avril 2024\nhttps://meteor.dsac.aviation-civile.gouv.fr/meteor-externe/api/file/attachment/12d47db0-e8a9-4be4-b243-50bd8cc835f1" +copyright: "Ce document peut \xEAtre utilis\xE9 librement, sous r\xE9serve de mentionner\ + \ sa paternit\xE9." +version: 1 +provider: "Direction de la s\xE9curit\xE9 de l'aviation civile" +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:c3cf-v2 + ref_id: 3CF-v2 + name: "Cadre de Conformit\xE9 Cyber France (3CF) pour l'aviation civile - v2" + description: "Ce document, \xE9tabli par la direction de la s\xE9curit\xE9 de\ + \ l'aviation civile (DSAC), pr\xE9sente le Cadre de Conformit\xE9 Cyber France\ + \ (3CF) pour l'aviation civile.\nversion 2 du 30 avril 2024\nhttps://meteor.dsac.aviation-civile.gouv.fr/meteor-externe/api/file/attachment/12d47db0-e8a9-4be4-b243-50bd8cc835f1" + implementation_groups_definition: + - ref_id: sec + name: "s\xE9curit\xE9 a\xE9rienne" + description: "\xC9tat dans lequel les risques li\xE9s aux activit\xE9s a\xE9\ + ronautiques concernant, ou appuyant directement, l\u2019exploitation des a\xE9\ + ronefs sont r\xE9duits et ma\xEEtris\xE9s \xE0 un niveau acceptable " + - ref_id: sur + name: "suret\xE9 a\xE9rienne" + description: "Combinaison des mesures ainsi que des moyens humains et mat\xE9\ + riels visant \xE0 prot\xE9ger l\u2019aviation civile contre les actes d\u2019\ + interventions illicites." + requirement_nodes: + - urn: urn:intuitem:risk:req_node:c3cf-v2:3 + assessable: false + depth: 1 + ref_id: '3' + name: Gouvernance + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3 + ref_id: '3.1' + name: Engagement du Dirigeant Responsable + - urn: urn:intuitem:risk:req_node:c3cf-v2:node4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.1 + description: "Le Dirigeant Responsable de l\u2019organisme s\u2019engage \xE0\ + \ mettre en \u0153uvre des moyens adapt\xE9s de protection contre l\u2019\ + atteinte \xE0 la confidentialit\xE9, l\u2019int\xE9grit\xE9, la disponibilit\xE9\ + \ et l\u2019authenticit\xE9 des informations qui pourraient entrainer des\ + \ probl\xE8mes de s\xE9curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.1 + description: "Pour ce faire, le Dirigeant Responsable s\u2019engage \xE0 mettre\ + \ en place un Syst\xE8me de Management de la S\xE9curit\xE9 de l\u2019Information\ + \ (SMSI) visant \xE0 \xE9tablir, mettre en \u0153uvre, exploiter, surveiller,\ + \ r\xE9examiner, tenir \xE0 jour et am\xE9liorer la gestion des risques li\xE9\ + s \xE0 la s\xE9curit\xE9 de l\u2019information sur la s\xFBret\xE9 et ou s\xE9\ + curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.1 + description: "La lettre formalisant cet engagement du Dirigeant Responsable\ + \ est int\xE9gr\xE9e ou r\xE9f\xE9renc\xE9e dans : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node6 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node6 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3 + ref_id: '3.2' + name: "Politique de s\xE9curit\xE9 de l\u2019information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2 + ref_id: 3.2.1 + name: "Strat\xE9gie et objectifs de s\xE9curit\xE9 de l\u2019information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node11 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.1 + description: "Le Dirigeant Responsable d\xE9finit et approuve une politique\ + \ de s\xE9curit\xE9 de l\u2019information dont d\xE9coule : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node12 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node11 + description: "une strat\xE9gie qui d\xE9crit les intentions et l\u2019orientation\ + \ en mati\xE8re de s\xE9curit\xE9 de l\u2019information relative \xE0 la s\xE9\ + curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node13 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node11 + description: "les objectifs de s\xE9curit\xE9 de l\u2019information qu\u2019\ + il s\u2019est fix\xE9 afin de mettre en \u0153uvre cette strat\xE9gie ; -\ + \ les \xE9tapes et le plan d\u2019actions pour atteindre ces objectifs. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2 + ref_id: 3.2.2 + name: "Coh\xE9rence de la strat\xE9gie et des objectifs" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node15 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.2 + description: "Le Dirigeant Responsable s\u2019assure de la coh\xE9rence entre\ + \ : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node16 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node15 + description: "la strat\xE9gie et les objectifs de s\xE9curit\xE9 de l\u2019\ + information d\u2019une part et ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node17 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node15 + description: "la strat\xE9gie et les objectifs globaux de l\u2019organisme et\ + \ ceux plus sp\xE9cifiques \xE0 la s\xE9curit\xE9 a\xE9rienne d\u2019autre\ + \ part. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2 + ref_id: 3.2.3 + name: "Int\xE9gration ou articulation entre les syst\xE8mes de gestion " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node19 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.3 + description: "Le Dirigeant Responsable pr\xE9cise l\u2019int\xE9gration ou l\u2019\ + articulation entre le SMSI et le(s) syst\xE8me(s) de gestion existant(s) de\ + \ l\u2019organisation. Notamment : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node20 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node19 + description: "le Syst\xE8me de Gestion de la S\xE9curit\xE9 a\xE9rienne (SGS\ + \ ou en anglais SMS Safety Management System) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node21 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node19 + description: "le cas \xE9ch\xE9ant d\u2019autres Syst\xE8mes de Management de\ + \ la S\xE9curit\xE9 de l'Information, en interaction avec le SMSI a\xE9ronautique\ + \ objet de ce document, tel qu\u2019un SMSI mutualis\xE9 au sein d\u2019un\ + \ groupe de soci\xE9t\xE9s, r\xE9pondant \xE0 d'autres objectifs r\xE9glementaires,\ + \ et/ou internes et/ou \xE9conomiques. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2 + ref_id: 3.2.4 + name: "Communication de la politique de s\xE9curit\xE9 de l\u2019information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node23 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.2.4 + description: "Le Dirigeant Responsable s\u2019assure que la politique de s\xE9\ + curit\xE9 de l\u2019information est :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node24 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node23 + description: " diffus\xE9e et promue de mani\xE8re appropri\xE9e :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node25 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node24 + description: 'au sein de son organisation ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node26 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node24 + description: "aupr\xE8s de ses partenaires, notamment ses sous-traitants, ses\ + \ prestataires de services et ses fournisseurs d\u2019\xE9quipement. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node27 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node23 + description: "formalis\xE9e et int\xE9gr\xE9e ou r\xE9f\xE9renc\xE9e dans : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node28 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node27 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node29 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node27 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:3.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3 + ref_id: '3.3' + name: "Gestion des ressources, r\xF4les et responsabilit\xE9s " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node31 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.3 + description: 'Le Dirigeant Responsable : ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node32 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node31 + description: "est capable de d\xE9montrer sa connaissance du r\xE8glement Part-IS\ + \ ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node33 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node31 + description: "s\u2019assure que les ressources financi\xE8res, mat\xE9rielles\ + \ et humaines n\xE9cessaires pour assurer la gestion des risques li\xE9s \xE0\ + \ la s\xE9curit\xE9 de l\u2019information relative \xE0 la s\xE9curit\xE9\ + \ a\xE9rienne sont disponibles et suffisantes ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node34 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node31 + description: "d\xE9finit et attribue les r\xF4les et les responsabilit\xE9s\ + \ en mati\xE8re de gestion de l\u2019information relative \xE0 la s\xE9curit\xE9\ + \ a\xE9rienne. Notamment, il veille \xE0 : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node35 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node34 + description: "d\xE9signer une personne ou un groupe de personnes responsables\ + \ : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node36 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node35 + description: "de la mise en \u0153uvre du r\xE8glement Part-IS, qui : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node37 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node36 + description: "a un acc\xE8s direct au Dirigeant Responsable ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node38 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node36 + description: "dispose de l\u2019autorit\xE9 et des comp\xE9tences suffisantes\ + \ pour exercer ses fonctions et ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node39 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node36 + description: "pour lequel une ou des personnes assurant l\u2019int\xE9rim sont\ + \ pr\xE9vues en cas d\u2019absence." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node40 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node35 + description: "de la conformit\xE9 au r\xE8glement Part-IS, qui : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node41 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node40 + description: "est ind\xE9pendant vis-\xE0-vis de la personne ou du groupe de\ + \ personnes responsables de la mise en \u0153uvre du r\xE8glement Part-IS. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node42 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node34 + description: "formaliser la d\xE9signation de ces personnes ou groupes de personnes,\ + \ en pr\xE9cisant : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node43 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node42 + description: 'leur(s) titre(s), leur(s) nom(s) et leurs missions ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node44 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node42 + description: "leur lien direct avec le Dirigeant Responsable, leurs responsabilit\xE9\ + s, leurs pouvoirs et leurs moyens, au travers d\u2019un organigramme ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node45 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node42 + description: 'leurs obligations de rendre compte. ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node46 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node31 + description: "s\u2019assure que les r\xF4les et responsabilit\xE9s sont communiqu\xE9\ + s et connus \xE0 tous les niveaux de l\u2019organisation, aussi bien par le\ + \ personnel interne que par les partenaires ext\xE9rieurs concern\xE9s. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node47 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:3.3 + description: "Les \xE9l\xE9ments relatifs \xE0 la gestion des ressources, aux\ + \ r\xF4les et responsabilit\xE9s sont : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node48 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node47 + description: "formalis\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node49 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node47 + description: "int\xE9gr\xE9s ou r\xE9f\xE9renc\xE9s dans :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node50 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node49 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node51 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node49 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4 + assessable: false + depth: 1 + ref_id: '4' + name: "Gestion des risques de s\xE9curit\xE9 de l\u2019information " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node53 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + description: "Dans le cadre des activit\xE9s de la gestion des risques de s\xE9\ + curit\xE9 de l\u2019information relative \xE0 la s\xFBret\xE9 et/ou \xE0 la\ + \ s\xE9curit\xE9 a\xE9rienne, l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node54 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node53 + description: "d\xE9finit les responsabilit\xE9s des diff\xE9rents participants\ + \ internes et externes ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node55 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node53 + description: "d\xE9finit l\u2019articulation avec l\u2019organisation d\xE9\ + j\xE0 en place pour la gestion des risques relatifs \xE0 la s\xFBret\xE9 et/ou\ + \ \xE0 la s\xE9curit\xE9 a\xE9rienne ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node56 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node53 + description: "pr\xE9cise la m\xE9thodologie ou le standard utilis\xE9e pour\ + \ mener \xE0 bien ces activit\xE9s :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node57 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node56 + description: "Il est recommand\xE9 de mettre en \u0153uvre une des normes ou\ + \ m\xE9thodes suivantes : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node58 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node57 + description: "ISO/CEI 27005 [15], Norme relative \xE0 la Gestion des risques\ + \ li\xE9s \xE0 la s\xE9curit\xE9 de l\u2019information ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node59 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node57 + description: "EBIOS Risk Manager [16] m\xE9thode d'appr\xE9ciation et de traitement\ + \ des risques num\xE9riques publi\xE9e par l\u2019ANSSI ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node60 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node57 + description: "toute autre m\xE9thode conforme \xE0 la norme ISO/CEI 31000 [17],\ + \ norme relative \xE0 la gestion des risques. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node61 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node56 + description: "Dans le cas o\xF9 l\u2019organisme met en \u0153uvre une autre\ + \ m\xE9thodologie ou standard, il apporte la preuve que celle ou celui-ci\ + \ : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node62 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node61 + description: "produit des r\xE9sultats : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node63 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node62 + description: "reproductibles sur la base d\u2019\xE9l\xE9ments d\u2019entr\xE9\ + e similaires ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node64 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node62 + description: comparables dans le temps. + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node65 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node61 + description: "prend en consid\xE9ration des \xE9l\xE9ments d\u2019entr\xE9e\ + \ pertinents et valides ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node66 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node61 + description: "permet un affinement des r\xE9sultats it\xE9ratifs au fil du temps\ + \ et des \xE9l\xE9ments d\u2019entr\xE9e disponibles. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node67 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node53 + description: "formalise les proc\xE9dures relatives \xE0 la gestion des risques,\ + \ notamment \xE0 :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node68 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node67 + description: "l\u2019appr\xE9ciation et au traitement des risques ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node69 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node67 + description: "la gestion des incidents de s\xE9curit\xE9 de l\u2019information\ + \ ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node70 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node67 + description: 'la gestion des organismes en interface ; ' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node71 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node67 + description: "la gestion des sous-traitants r\xE9alisant une ou des activit\xE9\ + s du SMSI." + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node72 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node53 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 ces proc\xE9dures dans\ + \ :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node73 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node72 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node74 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node72 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9, et/ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node75 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node72 + description: "le programme de s\xFBret\xE9. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node76 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + description: "Pour la suite, l\u2019organisme s\u2019appuie sur la m\xE9thodologie\ + \ de gestion des risques qu\u2019il a choisie pour aboutir aux conclusions. " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node77 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + description: "N\xE9anmoins, sont pr\xE9cis\xE9es ci-apr\xE8s les diff\xE9rentes\ + \ \xE9tapes et documents attendus pour \xEAtre conformes aux r\xE8glements. " + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + ref_id: '4.1' + name: "\xC9tablissement du contexte " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node79 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.1 + description: "Afin de d\xE9finir le p\xE9rim\xE8tre de son analyse de risques\ + \ et/ou de son SMSI, l\u2019organisme identifie la liste des fonctions relatives\ + \ \xE0 ses missions de s\xFBret\xE9 et/ou de s\xE9curit\xE9 a\xE9rienne. Pour\ + \ y parvenir, il peut s\u2019appuyer sur : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node80 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node79 + description: "les listes de fonctions relatives \xE0 la s\xFBret\xE9 et/ou s\xE9\ + curit\xE9 a\xE9rienne disponibles en annexe ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node81 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node79 + description: "une pr\xE9-\xE9valuation des risques qui identifie les fonctions\ + \ les plus critiques \xE0 prendre en compte au regard de la distance et de\ + \ la vraisemblance de propagation jusqu\u2019\xE0 l\u2019impact sur la s\xFB\ + ret\xE9 et/ou s\xE9curit\xE9 a\xE9rienne dont on cherche \xE0 se pr\xE9munir" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node82 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.1 + description: "De plus, l\u2019organisme d\xE9finit des \xE9chelles : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node83 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node82 + description: "de gravit\xE9 relative aux cons\xE9quences en mati\xE8re de s\xFB\ + ret\xE9 et/ou de s\xE9curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node84 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node82 + description: "de probabilit\xE9 d\u2019occurrence (ou vraisemblance) du risque\ + \ ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node85 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node82 + description: "les crit\xE8res d\u2019acceptation du risque propre \xE0 l\u2019\ + organisme. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + ref_id: '4.2' + name: "Appr\xE9ciation des risques" + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2 + ref_id: 4.2.1 + name: Identification des risques + - urn: urn:intuitem:risk:req_node:c3cf-v2:node88 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.1 + description: "Sur la base de la liste des fonctions relatives \xE0 la s\xFB\ + ret\xE9 et/ou s\xE9curit\xE9 a\xE9rienne de l\u2019organisation, l\u2019organisme\ + \ identifie :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node89 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node88 + description: 'les fonctions : ' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node90 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node89 + description: "dont il a la responsabilit\xE9 et qui sont r\xE9alis\xE9es par\ + \ lui-m\xEAme et pour son propre compte et/ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node91 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node89 + description: "qu\u2019il met en \u0153uvre pour le compte d\u2019un partenaire\ + \ ext\xE9rieur (interface) et/ou; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node92 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node89 + description: "dont il a la responsabilit\xE9 et qui sont r\xE9alis\xE9es par\ + \ un partenaire ext\xE9rieur pour le compte de l\u2019organisme consid\xE9\ + r\xE9 (interface). " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node93 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node88 + description: "les \xE9l\xE9ments qui contribuent \xE0 la r\xE9alisation de chacune\ + \ des fonctions identifi\xE9es pr\xE9c\xE9demment, notamment les \xE9quipements,\ + \ syst\xE8mes, donn\xE9es et informations. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node94 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.1 + description: "Puis, pour chaque fonction et chaque \xE9l\xE9ment identifi\xE9\ + s pr\xE9c\xE9demment, l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node95 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node94 + description: 'associe une description ; ' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node96 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node94 + description: "identifie une ou des personnes et/ou entit\xE9s responsables,\ + \ qui peuvent aussi bien \xEAtre internes qu\u2019externes ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node97 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node94 + description: "pr\xE9cise le cas \xE9ch\xE9ant si celui-ci dispose d\u2019une\ + \ interface avec un tiers ainsi que la nature de cette derni\xE8re : \no \ + \ prestation de service ; \no sous-traitance ; \no fourniture d\u2019\xE9\ + quipements ; \no prestation autre, \xE0 pr\xE9ciser. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node98 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.1 + description: "L\u2019organisme dispose d\u2019une interface avec un autre organisme,\ + \ lorsque la r\xE9alisation d\u2019une des fonctions n\xE9cessite : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node99 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node98 + description: "d\u2019\xE9changer des donn\xE9es et/ou des informations avec\ + \ ce tiers ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node100 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node98 + description: "de fournir et/ou de mettre \xE0 disposition un syst\xE8me, un\ + \ \xE9quipement et/ou un service num\xE9rique pour ce tiers ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node101 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node98 + description: "d\u2019utiliser un syst\xE8me d\u2019information, un \xE9quipement\ + \ et/ou un service num\xE9rique fourni par ce tiers. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node102 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.1 + description: "Enfin, l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node103 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node102 + description: "d\xE9termine pour chaque fonction identifi\xE9e, seul ou en lien\ + \ avec le ou les organismes en interface concern\xE9s :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node104 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node103 + description: "les \xE9v\xE9nements redout\xE9s, notamment les effets n\xE9fastes\ + \ sur la s\xFBret\xE9 et/ou s\xE9curit\xE9 a\xE9rienne cons\xE9cutifs \xE0\ + \ une atteinte \xE0 la disponibilit\xE9, l\u2019int\xE9grit\xE9, la confidentialit\xE9\ + \ et l\u2019authenticit\xE9 de la fonction ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node105 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node103 + description: "les impacts en mati\xE8re de s\xFBret\xE9 et/ou de s\xE9curit\xE9\ + \ a\xE9rienne associ\xE9s \xE0 ces \xE9v\xE9nements redout\xE9s. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node106 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node102 + description: "\xE9tablit la liste des organismes en interface pr\xE9c\xE9demment\ + \ identifi\xE9s. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2 + ref_id: 4.2.2 + name: 'Analyse de risques ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node108 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.2 + description: "Ensuite, l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node109 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node108 + description: "d\xE9finit une \xE9chelle de vraisemblance (ou de probabilit\xE9\ + \ d\u2019occurrence) prenant en compte : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node110 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node109 + description: "la vraisemblance de r\xE9alisation de l\u2019\xE9v\xE9nement redout\xE9\ + \ au niveau de l\u2019\xE9l\xE9ment du ou des syst\xE8mes d\u2019information\ + \ concern\xE9(s) ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node111 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node109 + description: "l\u2019efficacit\xE9 des processus m\xE9tier de s\xFBret\xE9 et/ou\ + \ s\xE9curit\xE9 a\xE9rienne mis en place au sein de l\u2019organisme et pouvant\ + \ bloquer, limiter ou favoriser la r\xE9alisation de l\u2019\xE9v\xE9nement\ + \ redout\xE9. Par exemple, les barri\xE8res de protection d\xE9j\xE0 mises\ + \ en place vis-\xE0-vis de l\u2019\xE9v\xE9nement redout\xE9. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node112 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node108 + description: "identifie ses risques sur la base de l\u2019analyse d\u2019impacts\ + \ en associant aux \xE9v\xE8nements redout\xE9s :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node113 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node112 + description: "un niveau de gravit\xE9 selon l\u2019\xE9chelle pr\xE9d\xE9finie\ + \ ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node114 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node112 + description: "un niveau de vraisemblance selon l\u2019\xE9chelle pr\xE9d\xE9\ + finie ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node115 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node112 + description: "une ou des personnes et/ou entit\xE9s responsables qui peuvent\ + \ \xEAtre au sein de l\u2019organisme ou bien un partenaire ext\xE9rieur,\ + \ notamment pour les fonctions qu\u2019il re\xE7oit. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2 + ref_id: 4.2.3 + name: "\xC9valuation des risques" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node117 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.3 + description: "Enfin, l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node118 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node117 + description: "associe \xE0 chaque risque identifi\xE9 son niveau de risque selon\ + \ l\u2019\xE9chelle pr\xE9d\xE9finie sur la base : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node119 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node118 + description: "des r\xE9sultats de son analyse de risques ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node120 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node118 + description: "des informations d\u2019analyse de risques transmises dans le\ + \ cadre d\u2019une fonction r\xE9alis\xE9e par un tiers. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node121 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node117 + description: "\xE9tablit la liste des organismes en interface pr\xE9sentant\ + \ un risque pour la s\xFBret\xE9 et/ou la s\xE9curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2 + ref_id: 4.2.4 + name: "R\xE9sultats de l\u2019appr\xE9ciation des risques" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node123 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.2.4 + description: "L\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node124 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node123 + description: 'formalise :' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node125 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node124 + description: "la liste des risques relatifs \xE0 la s\xFBret\xE9 et/ou \xE0\ + \ la s\xE9curit\xE9 a\xE9rienne identifi\xE9s en pr\xE9cisant pour chacun\ + \ d\u2019entre eux : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node126 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node125 + description: "la fonction associ\xE9e et la ou les \xE9ventuelles interfaces\ + \ ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node127 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node125 + description: "les \xE9quipements, syst\xE8mes, donn\xE9es et informations qui\ + \ contribuent \xE0 la r\xE9alisation de la fonction associ\xE9e ainsi que\ + \ la ou les \xE9ventuelles interfaces ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node128 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node125 + description: "l\u2019\xE9v\xE9nement redout\xE9 associ\xE9 ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node129 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node125 + description: "une ou des personnes et/ou entit\xE9s responsables ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node130 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node125 + description: le niveau de risque. + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node131 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node124 + description: "la liste des organismes en interface pr\xE9sentant un risque pour\ + \ la s\xFBret\xE9 et/ou la s\xE9curit\xE9 a\xE9rienne ; o le cas \xE9ch\xE9\ + ant, la liste des syst\xE8mes d\u2019information critiques au regard de la\ + \ s\xFBret\xE9. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node132 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node123 + description: "fait approuver la liste des risques relatifs \xE0 la s\xFBret\xE9\ + \ et/ou la s\xE9curit\xE9 a\xE9rienne identifi\xE9s par son Dirigeant Responsable\ + \ et/ou ses responsables des risques identifi\xE9s selon son organisation\ + \ de gestion des risques ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node133 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node123 + description: "conserve des informations document\xE9es comme preuves des r\xE9\ + sultats d\u2019appr\xE9ciation des risques. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + ref_id: '4.3' + name: Traitement des risques + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3 + ref_id: 4.3.1 + name: Mesures pour le traitement du risque + - urn: urn:intuitem:risk:req_node:c3cf-v2:node136 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.1 + description: "Sur la base des r\xE9sultats de l\u2019appr\xE9ciation des risques,\ + \ l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node137 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node136 + description: "d\xE9finit et justifie pour chacun des risques relatifs \xE0 la\ + \ s\xFBret\xE9 et/ou \xE0 la s\xE9curit\xE9 a\xE9rienne s\u2019il :\n- maintient\ + \ le risque \xE0 condition qu\u2019il soit acceptable en l\u2019\xE9tat ;\n\ + - r\xE9duit le niveau de risque par l\u2019introduction, la suppression ou\ + \ la modification des mesures de s\xE9curit\xE9 de l\u2019information ;\n\ + - refuse le risque en \xE9vitant l\u2019activit\xE9 ou la situation qui donne\ + \ lieu \xE0 un risque ; \n- partage le risque avec une autre partie capable\ + \ de g\xE9rer de mani\xE8re plus efficace le risque." + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node138 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node136 + description: "d\xE9termine la ou les mesures permettant de traiter le risque\ + \ conform\xE9ment \xE0 l\u2019action choisie et s\u2019assure que celle ou\ + \ celles-ci n\u2019entrainent pas de nouveaux risques ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node139 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node136 + description: "met en \u0153uvre en temps utile et v\xE9rifie l\u2019efficacit\xE9\ + \ de ces mesures conform\xE9ment aux \xA76.1. et \xA76.2.3. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node140 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.1 + description: "Pour d\xE9finir les mesures de s\xE9curit\xE9 de l\u2019information,\ + \ l\u2019organisme peut notamment s\u2019appuyer sur les r\xE9f\xE9rentiels\ + \ suivants : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node141 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node140 + description: "Guide d\u2019hygi\xE8ne informatique de l\u2019ANSSI [21] ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node142 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node140 + description: Norme internationale ISO/IEC 27002:2022 [22] ; + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node143 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node140 + description: 'Norme internationale ISO/ISA/IEC 62443 [23]. ' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3 + ref_id: 4.3.2 + name: "\xC9laboration du plan de traitement des risques" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node145 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.2 + description: "L\u2019organisme \xE9labore un plan de traitement des risques\ + \ relatifs \xE0 la s\xFBret\xE9 et/ou \xE0 la s\xE9curit\xE9 a\xE9rienne permettant\ + \ d\u2019identifier pour chaque mesure de s\xE9curit\xE9 de l\u2019information\ + \ d\xE9termin\xE9e supra : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node146 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node145 + description: "le ou les risques qu\u2019elle traite ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node147 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node145 + description: "la priorit\xE9 de mise en \u0153uvre; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node148 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node145 + description: "le d\xE9lai de mise en \u0153uvre recommand\xE9 ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node149 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node145 + description: "le cas \xE9ch\xE9ant, les raisons ne permettant pas de les mettre\ + \ en \u0153uvre. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3 + ref_id: 4.3.3 + name: "\xC9valuation des risques r\xE9siduels" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node151 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.3 + description: "L\u2019organisme \xE9value les risques r\xE9siduels, apr\xE8s\ + \ l\u2019application des mesures de s\xE9curit\xE9 de l\u2019information d\xE9\ + finies dans le plan de traitement des risques. Si un risque r\xE9siduel demeure\ + \ non acceptable, l\u2019organisme le traite \xE0 nouveau, conform\xE9ment\ + \ au \xA74.3.1, jusqu\u2019\xE0 ce que celui-ci soit acceptable. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3 + ref_id: 4.3.4 + name: "R\xE9sultats du traitement des risques" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node153 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.3.4 + description: "L\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node154 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node153 + description: 'formalise :' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node155 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node154 + description: "le plan de traitement des risques relatifs \xE0 la s\xFBret\xE9\ + \ et/ou \xE0 la s\xE9curit\xE9 a\xE9rienne ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node156 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node154 + description: "la liste des risques r\xE9siduels apr\xE8s application du plan\ + \ de traitement des risques relatifs \xE0 la s\xFBret\xE9 et/ou \xE0 la s\xE9\ + curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node157 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node153 + description: "fait approuver ces documents par le Dirigeant Responsable et/ou\ + \ la (ou les) personne()s et/ou entit\xE9(s) responsable(s) des risques selon\ + \ son organisation de gestion des risques ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node158 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node153 + description: "conserve des informations document\xE9es comme preuves des r\xE9\ + sultats d\u2019appr\xE9ciation des risques. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + ref_id: '4.4' + name: "Gestion des incidents de s\xE9curit\xE9 de l\u2019information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node160 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + description: "L\u2019organisme d\xE9finit et met en \u0153uvre des mesures techniques\ + \ et organisationnelles visant \xE0 : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node161 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node160 + description: "d\xE9tecter les types d\u2019incidents de s\xE9curit\xE9 de l\u2019\ + information et identifier ceux ayant un potentiel impact sur la s\xFBret\xE9\ + \ et /ou la s\xE9curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node162 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node160 + description: "r\xE9agir \xE0 la suite d\u2019un incident de s\xE9curit\xE9 de\ + \ l\u2019information ayant un potentiel impact sur la s\xFBret\xE9 et /ou\ + \ la s\xE9curit\xE9 a\xE9rienne d\xE9tect\xE9 ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node163 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node160 + description: "se r\xE9tablir \xE0 la suite d\u2019un incident de s\xE9curit\xE9\ + \ de l\u2019information ayant un potentiel impact sur la s\xFBret\xE9 et /ou\ + \ la s\xE9curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node164 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + description: "Pour y parvenir, l\u2019organisme peut s\u2019appuyer, par exemple\ + \ sur : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node165 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node164 + description: "les guides et bonnes pratiques publi\xE9s par l\u2019ANSSI ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node166 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node164 + description: "les mesures pr\xE9cis\xE9es dans la norme ISO/CEI 27002 [22]. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node167 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + description: "De plus dans le cadre de la gestion des incidents de s\xE9curit\xE9\ + \ de l\u2019information relatifs \xE0 la s\xE9curit\xE9 a\xE9rienne, l\u2019\ + organisme prend en compte les dispositions pr\xE9cis\xE9es ci-apr\xE8s. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + ref_id: 4.4.1 + name: "D\xE9tection des incidents de s\xE9curit\xE9 de l\u2019information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1 + ref_id: 4.4.1.1 + name: "Identification des incidents redout\xE9s de s\xE9curit\xE9 de l\u2019\ + information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node170 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.1 + description: "L\u2019organisme identifie la liste des types d\u2019incidents\ + \ redout\xE9s de s\xE9curit\xE9 de l\u2019information ayant un potentiel impact\ + \ sur la s\xE9curit\xE9 a\xE9rienne et des impacts et cons\xE9quences associ\xE9\ + s sur la base des r\xE9sultats de l\u2019appr\xE9ciation et du traitement\ + \ des risques r\xE9alis\xE9s au \xA74.2. et \xA74.3. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node171 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.1 + description: "L\u2019organisme peut \xE9galement s\u2019appuyer sur un ou plusieurs\ + \ r\xE9f\xE9rentiels, tels que : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node172 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node171 + description: "Prestataires de d\xE9tection des incidents de s\xE9curit\xE9,\ + \ s\xE9curit\xE9 - R\xE9f\xE9rentiel d\u2019exigences [24] - IV.2.1. b) ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node173 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node171 + description: "5 standards sur la d\xE9tection des incidents de s\xE9curit\xE9\ + \ [25] ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node174 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node171 + description: Annexe B de la norme internationale ISO/IEC 27035:2022 [26] ; + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node175 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node171 + description: "ED Decision 2023/009/R - Appendix I \u2014 Examples of threat\ + \ scenarios with a potential harmful impact on safety [27]. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2. + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1 + ref_id: 4.4.1.2. + name: "Collecte des \xE9v\xE9nements" + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2.1 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2. + ref_id: 4.4.1.2.1 + name: "Strat\xE9gie de collecte " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node178 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2.1 + description: "Sur la base des incidents redout\xE9s de s\xE9curit\xE9 de l\u2019\ + information ayant un potentiel impact sur la s\xE9curit\xE9 a\xE9rienne, l\u2019\ + organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node179 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node178 + description: "identifie les sources de collecte pertinentes au sein de son syst\xE8\ + me d\u2019information ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node180 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node178 + description: "met en place une veille sur les vuln\xE9rabilit\xE9s pouvant affecter\ + \ son syst\xE8me d\u2019information ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node181 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node178 + description: "journalise les \xE9v\xE9nements pertinents \xE0 la d\xE9tection\ + \ parmi les sources de collecte identifi\xE9es et la veille sur les vuln\xE9\ + rabilit\xE9s. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node182 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2.1 + description: "Pour y parvenir, l\u2019organisme peut s\u2019appuyer sur : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node183 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node182 + description: "les sections IV.2.2. c) & d) du r\xE9f\xE9rentiel d\u2019exigences\ + \ Prestataires de d\xE9tection des incidents de s\xE9curit\xE9 [24] ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node184 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node182 + description: "sur l\u2019annexe A des Recommandations de s\xE9curit\xE9 pour\ + \ la mise en \u0153uvre d\u2019un syst\xE8me de journalisation [28]. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2.2 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2. + ref_id: 4.4.1.2.2 + name: "Notification interne d\u2019\xE9v\xE9nements " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node186 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2.2 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node187 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node186 + description: "met en place une proc\xE9dure de collecte des \xE9v\xE9nements\ + \ qui peuvent lui \xEAtre notifi\xE9s et qui satisfait aux exigences du r\xE8\ + glement (UE) 376/2014 [29] ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node188 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node186 + description: "en pr\xE9cise le fonctionnement, notamment :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node189 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node188 + description: "les \xE9v\xE9nements qui doivent \xEAtre notifi\xE9s, \xE0 savoir\ + \ les \xE9v\xE9nements de s\xE9curit\xE9 de l\u2019information ayant un potentiel\ + \ impact sur la s\xE9curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node190 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node188 + description: "les moyens mis \xE0 disposition pour notifier un \xE9v\xE9nement\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node191 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node188 + description: "les d\xE9lais de notification ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node192 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node188 + description: "les conditions d\u2019archivage, notamment au moins 5 ans." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node193 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node186 + description: "rend cette proc\xE9dure et les moyens de notification associ\xE9\ + s accessibles aux personnes ayant besoin d\u2019en connaitre parmi : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node194 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node193 + description: son personnel interne ; + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node195 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node193 + description: "les tiers pertinents dans le contexte, identifi\xE9s au \xA74.2.4\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node196 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node193 + description: tous les interlocuteurs pertinents. + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node197 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.2.2 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node198 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node197 + description: "peut int\xE9grer ce syst\xE8me de notification interne d\u2019\ + \xE9v\xE9nements \xE0 un syst\xE8me existant ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node199 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node197 + description: "formalise la description de ce syst\xE8me et l\u2019int\xE8gre\ + \ ou y fait r\xE9f\xE9rence dans : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node200 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node199 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node201 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node199 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1 + ref_id: 4.4.1.3 + name: "Strat\xE9gie de d\xE9tection" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node203 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.3 + description: "L\u2019organisme met en place une strat\xE9gie de d\xE9tection\ + \ qui permet de d\xE9tecter les incidents redout\xE9s de s\xE9curit\xE9 de\ + \ l\u2019information ayant un potentiel impact sur la s\xE9curit\xE9 a\xE9\ + rienne sur la base des sources de collecte pr\xE9c\xE9dentes. Aussi, l\u2019\ + organisme :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node204 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node203 + description: "d\xE9finit :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node205 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node204 + description: "une classification par ordre de gravit\xE9 des incidents redout\xE9\ + s de s\xE9curit\xE9 de l\u2019information ayant un potentiel impact sur la\ + \ s\xE9curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node206 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node204 + description: "des r\xE8gles de d\xE9tection en : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + assessable: false + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node206 + description: "s\u2019appuyant sur : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node208 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: "la liste des incidents de s\xE9curit\xE9 redout\xE9s de s\xE9\ + curit\xE9 de l\u2019information ayant un potentiel impact sur la s\xE9curit\xE9\ + \ a\xE9rienne ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node209 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: "des bases de connaissances acquises aupr\xE8s des partenaires\ + \ ext\xE9rieurs ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node210 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: "des bases de connaissances internes (audits, tests de vuln\xE9\ + rabilit\xE9s et d\u2019intrusion) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node211 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: "une veille sur la menace et les vuln\xE9rabilit\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node212 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: "l\u2019identification d\u2019\xE9cart de bon fonctionnement par\ + \ rapport au comportement \xE0 d\xE9tecter ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node213 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: 'les impacts sur les performances ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node214 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node207 + description: "les incidents de s\xE9curit\xE9 de l\u2019information connus aupr\xE8\ + s d\u2019autres organismes. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node215 + assessable: false + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node206 + description: "en pr\xE9cisant pour chaque r\xE8gle :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node216 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node215 + description: "les moyens mis en \u0153uvre ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node217 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node215 + description: 'une description ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node218 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node215 + description: "Le ou les incidents redout\xE9s associ\xE9s ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node219 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node215 + description: "Le niveau de gravit\xE9. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node220 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node203 + description: "assure la centralisation et la corr\xE9lation des \xE9v\xE9nements\ + \ et des vuln\xE9rabilit\xE9s remont\xE9es ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node221 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node203 + description: "identifie les \xE9v\xE9nements ou combinaison d\u2019\xE9v\xE8\ + nements pouvant mener \xE0 un incident ayant un potentiel impact sur la s\xE9\ + curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1 + ref_id: 4.4.1.4 + name: 'Qualification ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.4 + description: "Lorsqu\u2019un \xE9v\xE8nement pouvant mener \xE0 un incident\ + \ de s\xE9curit\xE9 de l\u2019information ayant un potentiel impact sur la\ + \ s\xE9curit\xE9 a\xE9rienne est d\xE9tect\xE9, l\u2019organisme le qualifie\ + \ en incident de s\xE9curit\xE9 de l\u2019information, notamment il : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node224 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + description: "en d\xE9termine la v\xE9racit\xE9 afin d\u2019\xE9liminer les\ + \ faux positifs ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node225 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + description: "identifie les \xE9quipements, syst\xE8mes, donn\xE9es et informations\ + \ concern\xE9s par l\u2019incident d\xE9tect\xE9 ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node226 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + description: "identifie les cons\xE9quences en mati\xE8re de s\xE9curit\xE9\ + \ a\xE9rienne et en d\xE9termine :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node227 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node226 + description: "les impacts et la gravit\xE9 de l\u2019incident d\xE9tect\xE9\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node228 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node226 + description: "les causes de l\u2019incident. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node229 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + description: "identifie les \xE9ventuelles parties prenantes en interne et/ou\ + \ les partenaires ext\xE9rieurs concern\xE9s par l\u2019incident ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node230 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + description: "formalise la qualification de la d\xE9tection ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node231 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node223 + description: "conserve des informations document\xE9es au moins jusqu\u2019\xE0\ + \ la prochaine qualification. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1 + ref_id: 4.4.1.5 + name: ' Notification' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node233 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.1.5 + description: "Pour chaque \xE9v\xE9nement qualifi\xE9 en incident de s\xE9curit\xE9\ + , l\u2019organisme notifie : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node234 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node233 + description: "les personnes pertinentes au sein de son organisation pour activer\ + \ les r\xE9actions appropri\xE9es ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node235 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node233 + description: "le cas \xE9ch\xE9ant :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node236 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node235 + description: "les partenaires externes concern\xE9s selon le cadre d\xE9fini\ + \ au \xA74.5.1;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node237 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node235 + description: "l\u2019autorit\xE9 selon le cadre d\xE9fini au \xA74.4.5." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + ref_id: 4.4.2 + name: "R\xE9ponse aux incidents de s\xE9curit\xE9 de l\u2019information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node239 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.2 + description: "L\u2019organisme d\xE9finit un m\xE9canisme de r\xE9ponse \xE0\ + \ incident qui :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node240 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node239 + description: "pr\xE9cise : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node241 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node240 + description: "les r\xF4les et les responsabilit\xE9s des personnes qui activent\ + \ les r\xE9actions en cas d\u2019incident qualifi\xE9 ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node242 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node240 + description: "les modalit\xE9s d\u2019information de ces personnes \xE0 la suite\ + \ de la qualification d\u2019un incident, notamment les outils et les d\xE9\ + lais." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node243 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node239 + description: "d\xE9finit les actions imm\xE9diates \xE0 mettre en \u0153uvre,\ + \ notamment en identifiant pour chaque type d\u2019incident redout\xE9 relatifs\ + \ \xE0 la s\xE9curit\xE9 a\xE9rienne : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node244 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node243 + description: "les ressources \xE0 activer au sein de l\u2019entreprise et \xE0\ + \ l\u2019ext\xE9rieur de l\u2019entreprise, notamment dans le cadre d\u2019\ + un contrat avec un Prestataire de R\xE9ponse \xE0 Incident de S\xE9curit\xE9\ + \ (PRIS) ou de l\u2019adh\xE9sion \xE0 un CERT ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node245 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node243 + description: "les mesures organisationnelles et techniques pouvant \xEAtre mises\ + \ en \u0153uvre pour limiter la propagation d\u2019une attaque et \xE9viter\ + \ la mat\xE9rialisation du ou des incidents redout\xE9s. Ce r\xE9f\xE9rentiel\ + \ de mesures est tenu \xE0 jour en fonction de l\u2019\xE9volution du contexte\ + \ ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node246 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node243 + description: "les d\xE9lais de mise en \u0153uvre de ces mesures. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node247 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node239 + description: "met en place une surveillance des \xE9quipements, syst\xE8mes,\ + \ donn\xE9es et informations de son syst\xE8me d\u2019information associ\xE9\ + s \xE0 l\u2019incident d\xE9tect\xE9, et met \xE0 jour si n\xE9cessaire ce\ + \ p\xE9rim\xE8tre \xE0 surveiller. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + ref_id: 4.4.3 + name: "Rem\xE9diation " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node249 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.3 + description: "L\u2019organisme d\xE9finit des plans de rem\xE9diation \xE0 actionner\ + \ en cas d\u2019incident, qui : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node250 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node249 + description: "pr\xE9cise les r\xF4les et les responsabilit\xE9s des personnes\ + \ qui g\xE8rent les actions de rem\xE9diation ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node251 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node249 + description: "d\xE9finit un ou des plans de rem\xE9diation pour chaque type\ + \ d\u2019incident redout\xE9 relatifs \xE0 la s\xE9curit\xE9 a\xE9rienne qui\ + \ :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node252 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node251 + description: "identifie les ressources \xE0 activer au sein de l\u2019organisme\ + \ et \xE0 l\u2019ext\xE9rieur de l\u2019entreprise si applicable, notamment\ + \ dans le cadre d\u2019un contrat avec un Prestataire de R\xE9ponse \xE0 Incident\ + \ de S\xE9curit\xE9 (PRIS) ou de l\u2019adh\xE9sion \xE0 un CERT ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node253 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node251 + description: "pr\xE9cise les actions \xE0 mettre en \u0153uvre pour : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node254 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node253 + description: "identifier le p\xE9rim\xE8tre du syst\xE8me d\u2019information\ + \ impact\xE9 ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node255 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node253 + description: "r\xE9aliser la rem\xE9diation du syst\xE8me d\u2019information\ + \ impact\xE9 ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node256 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node253 + description: "s\u2019assurer que le syst\xE8me d\u2019information a retrouv\xE9\ + \ un \xE9tat s\xFBr et peut \xEAtre remis en service. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node257 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node251 + description: "pr\xE9voit la d\xE9termination des d\xE9lais de remise en service\ + \ en fonction du niveau de gravit\xE9, de la nature et du contexte de l\u2019\ + incident. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node258 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node249 + description: "produit un rapport d\u2019incident qui sera communiqu\xE9 \xE0\ + \ l\u2019autorit\xE9 selon les modalit\xE9s d\xE9finies au \xA74.4.5. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + ref_id: 4.4.4 + name: "R\xE9sultat de la gestion des incidents de s\xE9curit\xE9 de l\u2019\ + information" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node260 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "L\u2019organisme formalise la liste des mesures techniques et\ + \ organisationnelles visant \xE0 : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node261 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node260 + description: "d\xE9tecter les incidents de s\xE9curit\xE9 de l\u2019information\ + \ ayant un potentiel impact sur la s\xFBret\xE9 et /ou la s\xE9curit\xE9 a\xE9\ + rienne ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node262 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node260 + description: "r\xE9agir \xE0 la suite d\u2019une incident de s\xE9curit\xE9\ + \ de l\u2019information ayant un potentiel impact sur la s\xFBret\xE9 et /ou\ + \ la s\xE9curit\xE9 a\xE9rienne d\xE9tect\xE9 ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node263 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node260 + description: "se r\xE9tablir \xE0 la suite d\u2019un incident de s\xE9curit\xE9\ + \ de l\u2019information ayant un potentiel impact sur la s\xFBret\xE9 et /ou\ + \ la s\xE9curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node264 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "De plus dans le cadre de la gestion des incidents de s\xE9curit\xE9\ + \ relatifs \xE0 la s\xE9curit\xE9 a\xE9rienne, l\u2019organisme formalise\ + \ : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node265 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "la liste des incidents redout\xE9s relatifs \xE0 la s\xE9curit\xE9\ + \ a\xE9rienne; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node266 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "la liste des sources de collecte, le syst\xE8me de veille des\ + \ vuln\xE9rabilit\xE9s et les \xE9v\xE9nements journalis\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node267 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "la liste des r\xE8gles de d\xE9tection mises en \u0153uvre ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node268 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "les actions imm\xE9diates \xE0 mettre en \u0153uvre pour chaque\ + \ type d\u2019incident redout\xE9 relatifs \xE0 la s\xE9curit\xE9 a\xE9rienne\ + \ ; - les plans de rem\xE9diation. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node269 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.4 + description: "Enfin l\u2019organisme conserve des informations document\xE9\ + es appropri\xE9es comme preuves de la gestion des incidents de s\xE9curit\xE9\ + \ de l\u2019information. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4 + ref_id: 4.4.5 + name: "Notification \xE0 l\u2019autorit\xE9 " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node271 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.4.5 + description: 'A paraitre dans la prochaine version du 3CFv2 ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4 + ref_id: '4.5' + name: Gestions des risques induits par les tiers + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5 + ref_id: 4.5.1 + name: Organismes en interface + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1 + ref_id: 4.5.1.1 + name: "Organismes pr\xE9sentant un risque pour la s\xFBret\xE9 a\xE9rienne" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node275 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.1 + description: "Sur la base de la liste des organismes en interface pr\xE9sentant\ + \ un risque pour la s\xFBret\xE9 a\xE9rienne \xE9tablie au \xA74.2, l\u2019\ + organisme d\xE9finit un cadre de travail avec ces derniers qui : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node276 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node275 + description: "pr\xE9voit des r\xE8gles d\u2019\xE9change d\u2019information\ + \ visant \xE0 pr\xE9server l\u2019authenticit\xE9, la confidentialit\xE9 et\ + \ l\u2019int\xE9grit\xE9 des informations \xE9chang\xE9es ainsi que l\u2019\ + anonymat des interlocuteurs s\u2019ils le souhaitent ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node277 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node275 + description: "pr\xE9cise les exigences \xE0 leur faire appliquer. Elles sont\ + \ d\u2019ordre :" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node278 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node277 + description: "r\xE8glementaire, notamment celles en mati\xE8re de : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node279 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node278 + description: "v\xE9rification des ant\xE9c\xE9dents ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node280 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node278 + description: "sensibilisation et de formation \xE0 la s\xE9curit\xE9 de l\u2019\ + information. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node281 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node277 + description: 'contractuel, notamment : ' + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node282 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node281 + description: "la mise en \u0153uvre de mesures de s\xE9curit\xE9 de l\u2019\ + information d\xE9finies par l\u2019organisme[1] ;" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node283 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node281 + description: "une surveillance adapt\xE9e au contexte des activit\xE9s du tiers.\ + \ " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node284 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.1 + description: "L\u2019organisme conserve des informations document\xE9es comme\ + \ preuves de la gestion des organismes en interface pr\xE9sentant un risque\ + \ pour la s\xFBret\xE9 a\xE9rienne. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1 + ref_id: 4.5.1.2 + name: "Organismes pr\xE9sentant un risque pour la s\xE9curit\xE9 a\xE9rienne" + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2.1 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2 + ref_id: 4.5.1.2.1 + name: "Organismes en interface d\xE9tenant un agr\xE9ment ou un certificat de\ + \ s\xE9curit\xE9" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node287 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2.1 + description: "Sur la base de la liste des organismes en interface pr\xE9sentant\ + \ un risque pour la s\xE9curit\xE9 a\xE9rienne \xE9tablie au \xA74.2.4, l\u2019\ + organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node288 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node287 + description: "identifie les tiers pr\xE9sentant un risque pour la s\xE9curit\xE9\ + \ a\xE9rienne et devant \xEAtre conformes aux r\xE8glements Part-IS, appel\xE9\ + es aussi contractants ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node289 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node287 + description: "d\xE9finit un cadre de travail avec ces derniers, qui pr\xE9voit\ + \ :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node290 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node289 + description: "la d\xE9finition des responsabilit\xE9s pour la gestion des risques\ + \ partag\xE9s ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node291 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node289 + description: "un partage des hypoth\xE8ses et des objectifs de s\xE9curit\xE9\ + \ sur les p\xE9rim\xE8tres concern\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node292 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node289 + description: "la notification des \xE9v\xE9nements de s\xE9curit\xE9 de l\u2019\ + information et des vuln\xE9rabilit\xE9s ayant un potentiel impact sur la s\xE9\ + curit\xE9 a\xE9rienne conform\xE9ment au \xA74.4.1.2.2 ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node293 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node289 + description: "des r\xE8gles d\u2019\xE9change d\u2019information visant \xE0\ + \ pr\xE9server l\u2019authenticit\xE9, la confidentialit\xE9 et l\u2019int\xE9\ + grit\xE9 des informations \xE9chang\xE9es ainsi que l\u2019anonymat des interlocuteurs\ + \ s\u2019ils le souhaitent." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node294 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2.1 + description: "L\u2019organisme conserve des informations document\xE9es comme\ + \ preuves de la gestion des organismes agr\xE9\xE9s ou certifi\xE9s en interfaces\ + \ pr\xE9sentant un risque pour la s\xE9curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2.2 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2 + ref_id: 4.5.1.2.2 + name: "Organismes en interface ne d\xE9tenant pas d\u2019agr\xE9ment ou de certificat\ + \ de s\xE9curit\xE9" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node296 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2.2 + description: "Sur la base de la liste des organismes en interface pr\xE9sentant\ + \ un risque pour la s\xE9curit\xE9 a\xE9rienne \xE9tablie au \xA74.2.4, l\u2019\ + organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node297 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node296 + description: "identifie les tiers pr\xE9sentant un risque pour la s\xE9curit\xE9\ + \ a\xE9rienne et n\u2019ayant pas d\u2019obligation d\u2019\xEAtre conformes\ + \ aux r\xE8glements Part-IS ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node298 + assessable: false + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node296 + description: "d\xE9finit :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node299 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node298 + description: "Lorsque cela est possible, un cadre de travail avec ces derniers\ + \ qui pr\xE9voit : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node300 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node299 + description: "la notification d'\xE9v\xE9nements de s\xE9curit\xE9 de l\u2019\ + information et de vuln\xE9rabilit\xE9 ayant un potentiel impact sur la s\xE9\ + curit\xE9 a\xE9rienne conform\xE9ment au \xA74.4.1.2.2 ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node301 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node299 + description: "des r\xE8gles d\u2019\xE9change d\u2019information visant \xE0\ + \ pr\xE9server l\u2019authenticit\xE9, la confidentialit\xE9 et l\u2019int\xE9\ + grit\xE9 des informations \xE9chang\xE9es ainsi que l\u2019anonymat des interlocuteurs\ + \ s\u2019ils le souhaitent ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node302 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node299 + description: "la mise en \u0153uvre de mesures de s\xE9curit\xE9 de l\u2019\ + information d\xE9finies par l\u2019organisme7 ainsi qu\u2019une surveillance\ + \ adapt\xE9e au contexte des activit\xE9s du tiers ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node303 + assessable: true + depth: 9 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node299 + description: "Le cas \xE9ch\xE9ant, un contr\xF4le de la fiabilit\xE9 du personnel\ + \ conform\xE9ment \xE0 la politique de contr\xF4le de la fiabilit\xE9 d\xE9\ + finie par l\u2019organisme (\xA75.2). " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node304 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node298 + description: "Sinon, l\u2019organisme traite ce risque dans le cadre du \xA7\ + 4.3. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node305 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.1.2.2 + description: "L\u2019organisme conserve des informations document\xE9es comme\ + \ preuves de la gestion des organismes non-agr\xE9\xE9s ou noncertifi\xE9\ + s en interface pr\xE9sentant un risque pour la s\xE9curit\xE9 a\xE9rienne. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5 + ref_id: 4.5.2 + name: "Sous-traitance des activit\xE9s du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node307 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.2 + description: "L\u2019organisme identifie les sous-traitants \u0153uvrant pour\ + \ une ou plusieurs activit\xE9s de son SMSI. Il s\u2019agit notamment des\ + \ tiers participant aux activit\xE9s de : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node308 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node307 + description: "gestion des risques (appr\xE9ciation, traitement des risques et\ + \ gestion des incidents ) ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node309 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node307 + description: fonctionnement du SMSI. + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node310 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.2 + description: "Dans le cas o\xF9 l\u2019organisme fait appel \xE0 un sous-traitant\ + \ qualifi\xE9 par l\u2019ANSSI[2] alors ce dernier est consid\xE9r\xE9 comme\ + \ conforme aux exigences des r\xE8glements Part-IS (IS.OR.250) \xE0 condition\ + \ que soient pr\xE9vues : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node311 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node310 + description: "la possibilit\xE9 pour l\u2019autorit\xE9 comp\xE9tente d\u2019\ + avoir acc\xE8s au sous-traitant ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node312 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node310 + description: "la notification \xE0 l\u2019organisme d'\xE9v\xE9nements de s\xE9\ + curit\xE9 de l\u2019information et de vuln\xE9rabilit\xE9 ayant un potentiel\ + \ impact sur la s\xE9curit\xE9 a\xE9rienne conform\xE9ment au \xA74.4.1.2.2. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node313 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.2 + description: "Dans le cas contraire, l\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node314 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node313 + description: "m\xE8ne une analyse de risque relative \xE0 la contractualisation\ + \ d\u2019une ou plusieurs de ces activit\xE9s bas\xE9e sur une \xE9valuation\ + \ : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node315 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node314 + description: "des comp\xE9tences du sous-traitant ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node316 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node314 + description: "de l'exp\xE9rience du sous-traitant pour la ou les activit\xE9\ + s concern\xE9es ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node317 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node314 + description: "la fiabilit\xE9 \xE9conomique et technique du sous-traitant." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node313 + description: "\xE9labore un contrat pr\xE9cisant :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node319 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "l\u2019organisation de la prestation :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node320 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node319 + description: "les r\xF4les et responsabilit\xE9s entre l\u2019organisme et le\ + \ sous-traitant ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node321 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node319 + description: "un sch\xE9ma de reporting clair entre l\u2019organisme et le sous-traitant\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node322 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node319 + description: "la m\xE9thode et les outils de suivi de la prestation. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node323 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "le p\xE9rim\xE8tre de la prestation ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node324 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "les exigences applicables pour la ou les activit\xE9s du SMSI\ + \ concern\xE9es ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node325 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "la gestion des autorisations d'acc\xE8s aux informations de l\u2019\ + organisme ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node326 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "les clauses de confidentialit\xE9 ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node327 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: les actions possibles en cas de non-respect du contrat ; + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node328 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "la possibilit\xE9 de mener des contr\xF4les par l\u2019organisme\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node329 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "la possibilit\xE9 pour l\u2019autorit\xE9 comp\xE9tente d\u2019\ + avoir acc\xE8s au sous-traitant ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node330 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node318 + description: "la notification \xE0 l\u2019organisme d'\xE9v\xE9nements de s\xE9\ + curit\xE9 de l\u2019information et de vuln\xE9rabilit\xE9 ayant un potentiel\ + \ impact sur la s\xE9curit\xE9 a\xE9rienne conform\xE9ment au \xA74.4.1.2.2. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node331 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:4.5.2 + description: "Enfin, l\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node332 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node331 + description: "formalise la liste des sous-traitants \u0153uvrant pour une ou\ + \ plusieurs activit\xE9s de son SMSI ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node333 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node331 + description: "conserve des informations document\xE9es comme preuves de la gestion\ + \ des sous-traitants des activit\xE9s du SMSI. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:5 + assessable: false + depth: 1 + ref_id: '5' + name: "Personnels et comp\xE9tences " + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5 + ref_id: '5.1' + name: "V\xE9rification des ant\xE9c\xE9dents et contr\xF4le de la fiabilit\xE9\ + \ " + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1 + ref_id: 5.1.1 + name: "V\xE9rification des ant\xE9c\xE9dents pour les personnels de s\xFBret\xE9\ + \ a\xE9rienne" + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1 + ref_id: 5.1.1.1 + name: "Personnel de s\xFBret\xE9 a\xE9rienne" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node338 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.1 + description: "Sur la base de son analyse de risques, l\u2019organisme identifie\ + \ ou fait identifier par les tiers d\xE9termin\xE9s au \xA74.2.4,les personnes\ + \ :" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node339 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node338 + description: "ayant des droits d'administrateur ou un acc\xE8s non surveill\xE9\ + \ et illimit\xE9 aux donn\xE9es et syst\xE8mes de technologies de l'information\ + \ et de la communication critiques utilis\xE9s aux fins de la s\xFBret\xE9\ + \ a\xE9rienne, identifi\xE9s au \xA74.2., et/ou ;" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node340 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node338 + description: "qui ont \xE9t\xE9 identifi\xE9es lors de l'\xE9valuation des risques\ + \ relative \xE0 la s\xFBret\xE9 a\xE9rienne au \xA74.2." + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node341 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.1 + description: "Il s\u2019agit notamment : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node342 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node341 + description: "des \xE9quipes manag\xE9riales, \xE0 savoir les personnes organisant,\ + \ pilotant, contr\xF4lant ou participant \xE0 la gestion des risques de s\xE9\ + curit\xE9 de l\u2019information pouvant affecter la s\xFBret\xE9 a\xE9rienne;\ + \ (RSSI, DSI, Auditeur interne, responsable s\xFBret\xE9, etc.) ;" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node343 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node341 + description: "des \xE9quipes op\xE9rationnelles, \xE0 savoir les personnes d\xE9\ + finissant, planifiant et mettant en \u0153uvre les mesures de s\xE9curit\xE9\ + \ de l\u2019information d\xE9finies au \xA74.3. sur les syst\xE8mes d\u2019\ + information critiques \xE0 la s\xFBret\xE9 identifi\xE9s au \xA74.2 ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node344 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node341 + description: "des administrateurs des syst\xE8mes d\u2019information critiques\ + \ \xE0 la s\xFBret\xE9 identifi\xE9s au \xA74.2 " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node345 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node341 + description: "des utilisateurs ayant un acc\xE8s non surveill\xE9 et illimit\xE9\ + \ aux donn\xE9es et syst\xE8mes d\u2019information critiques \xE0 la s\xFB\ + ret\xE9 identifi\xE9s au \xA74.2 ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node346 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node341 + description: "Le cas \xE9ch\xE9ant, des personnes et/ou entit\xE9s responsables\ + \ des risques relatifs \xE0 la s\xFBret\xE9 a\xE9rienne identifi\xE9es au\ + \ \xA74.2. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node347 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.1 + description: "L\u2019organisme conserve des informations document\xE9es appropri\xE9\ + es comme preuves de l\u2019identification des personnels de s\xFBret\xE9 a\xE9\ + rienne. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1 + ref_id: 5.1.1.2 + name: "V\xE9rification renforc\xE9e des ant\xE9c\xE9dents pour les personnels\ + \ de s\xFBret\xE9 a\xE9rienne " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node349 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.2 + description: "L\u2019organisme applique ou fait appliquer par les tiers identifi\xE9\ + s au \xA74.2.4., une v\xE9rification renforc\xE9e des ant\xE9c\xE9dents des\ + \ personnels de s\xFBret\xE9 a\xE9rienne identifi\xE9s pr\xE9c\xE9demment.\ + \ Ainsi, il met en \u0153uvre les actions suivantes, ou s\u2019assure de cette\ + \ mise en \u0153uvre par les tiers. L\u2019organisme : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node350 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node349 + description: "s\u2019assure que ces personnes disposent d\u2019une habilitation\ + \ pr\xE9fectorale pr\xE9vue par l\u2019article L6342-3 du code des transports,\ + \ \xE0 savoir : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node351 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node350 + description: "qu\u2019ils disposent d\u2019un titre d\u2019acc\xE8s en zone\ + \ de s\xFBret\xE9 \xE0 acc\xE8s r\xE9glement\xE9 valide dont la d\xE9livrance\ + \ n\xE9cessite la d\xE9tention de l\u2019habilitation pr\xE9fectorale susmentionn\xE9\ + e, ou bien ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node352 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node350 + description: "qu\u2019ils disposent d\u2019une habilitation sans badge valide. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node353 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node349 + description: "prend en consid\xE9ration les emplois, \xE9tudes et interruptions[3]\ + \ \xE9ventuelles de ces personnes dans les \xC9tats o\xF9 elles ont r\xE9\ + sid\xE99 au cours des 5 derni\xE8res ann\xE9es ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node354 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node349 + description: "renouvelle ces v\xE9rifications \xE0 intervalles r\xE9guliers\ + \ ne d\xE9passant pas 12 mois ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node355 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node349 + description: "porte une vigilance particuli\xE8re sur les interruptions6 injustifi\xE9\ + es de ces personnes en leur demandant des explications ou justificatifs et\ + \ trace le fait que cette v\xE9rification a bien \xE9t\xE9 effectu\xE9e. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node356 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.1.2 + description: "L\u2019organisme : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node357 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node356 + description: "tient \xE0 jour une liste des personnels de s\xFBret\xE9 ayant\ + \ fait l\u2019objet d\u2019une v\xE9rification d\u2019identit\xE9 et d\xE9\ + tenant une habilitation valide ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node358 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node356 + description: "formalise sa proc\xE9dure de v\xE9rification des ant\xE9c\xE9\ + dents pour les personnels de s\xFBret\xE9 ; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node359 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node356 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ le programme de s\xFBret\xE9; " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node360 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node356 + description: "conserve des informations document\xE9es appropri\xE9es comme\ + \ preuves de la v\xE9rification des ant\xE9c\xE9dents. " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1 + ref_id: 5.1.2 + name: "Contr\xF4le de la fiabilit\xE9 des personnels de s\xE9curit\xE9 a\xE9\ + rienne" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node362 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.2 + description: "Sur la base de son analyse de risques, l\u2019organisme d\xE9\ + finit sa politique de contr\xF4le de la fiabilit\xE9 des personnes, dans laquelle\ + \ le contr\xF4le auquel est soumis chaque personne est proportionnel \xE0\ + \ l\u2019impact qu\u2019elle pourrait avoir sur la s\xE9curit\xE9 a\xE9rienne\ + \ par compromission de l\u2019int\xE9grit\xE9, de la confidentialit\xE9 ou\ + \ de la disponibilit\xE9 des donn\xE9es. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node363 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.2 + description: 'Cette politique identifie : ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node364 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node363 + description: "des cat\xE9gories de personnes en fonction du risque pour la s\xE9\ + curit\xE9 a\xE9rienne ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node365 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node363 + description: "des mesures de contr\xF4le de la fiabilit\xE9 qui :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node366 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node365 + description: "\xE9tablissent a minima l\u2019identit\xE9 de la personne au travers\ + \ de la v\xE9rification d\u2019un document d\u2019identit\xE9 ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node367 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node365 + description: "peuvent, selon les cat\xE9gories pr\xE9c\xE9demment identifi\xE9\ + es et leur niveau de risque pour la s\xE9curit\xE9 a\xE9rienne : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node368 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node367 + description: "prendre en consid\xE9ration les emplois, \xE9tudes et interruptions\ + \ \xE9ventuelles de ces personnes dans les \xC9tats o\xF9 elles ont r\xE9\ + sid\xE9 au cours des 5 derni\xE8res ann\xE9es ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node369 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node367 + description: "amener \xE0 r\xE9aliser une v\xE9rification des ant\xE9c\xE9dents\ + \ selon des modalit\xE9s \xE0 pr\xE9ciser, telles que : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node370 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node369 + description: "l\u2019habilitation pr\xE9fectorale vis\xE9es supra ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node371 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node369 + description: "la fourniture de l\u2019extrait de casier judiciaire (bulletin\ + \ num\xE9ro 3) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node372 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node369 + description: "le dispositif de protection des secrets de D\xE9fense Nationale\ + \ ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node373 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node369 + description: "tout autre dispositif existant et r\xE9pondant aux objectifs de\ + \ v\xE9rification des ant\xE9c\xE9dents. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node374 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.2 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node375 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node374 + description: "applique ou fait appliquer par les tiers identifi\xE9s au \xA7\ + 4.2.4, sa politique de contr\xF4le de la fiabilit\xE9 des personnes ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node376 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node374 + description: "tient \xE0 jour une liste des personnels de s\xE9curit\xE9 a\xE9\ + rienne ayant fait l\u2019objet d\u2019une v\xE9rification d\u2019identit\xE9\ + \ et d\u2019un contr\xF4le de leur fiabilit\xE9, en pr\xE9cisant duquel il\ + \ s\u2019agit en fonction des risques sur la s\xE9curit\xE9 a\xE9rienne ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node377 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node374 + description: "formalise la politique de contr\xF4le de la fiabilit\xE9 du personnel\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node378 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node374 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette politique dans :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node379 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node378 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node380 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node378 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node381 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node374 + description: "conserve des informations document\xE9es appropri\xE9es comme\ + \ preuves du contr\xF4le de la fiabilit\xE9 du personnel :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node382 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node381 + description: "tant que le personnel concern\xE9 doit faire l'objet d'une v\xE9\ + rification d'ant\xE9c\xE9dent, et ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node383 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node381 + description: "un an apr\xE8s la fin de l\u2019activit\xE9 justifiant le contr\xF4\ + le de la fiabilit\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1 + ref_id: 5.1.3 + name: 'Cas particuliers ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3 + ref_id: 5.1.3.1 + name: "Personnels soumis aux exigences de s\xFBret\xE9 et de s\xE9curit\xE9\ + \ " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node386 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3.1 + description: "Dans le cas o\xF9 une personne est soumise aux exigences de v\xE9\ + rification des ant\xE9c\xE9dents pour la s\xFBret\xE9 et la s\xE9curit\xE9\ + \ a\xE9rienne, alors il doit se soumettre au dispositif le plus exigeant,\ + \ \xE0 savoir celui de la s\xFBret\xE9. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3 + ref_id: 5.1.3.2 + name: "Personnels \xE0 l\u2019\xE9tranger" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node388 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.1.3.2 + description: "Dans le cas o\xF9 l\u2019organisme emploie du personnel de nationalit\xE9\ + \ \xE9trang\xE8re ne r\xE9sidant pas en France pour lequel il documente qu\u2019\ + il ne lui est pas l\xE9galement possible de r\xE9aliser une v\xE9rification\ + \ des ant\xE9c\xE9dents, alors l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node389 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node388 + description: "\xE9tablit l\u2019identit\xE9 de ces personnes au travers de la\ + \ v\xE9rification d\u2019un document d\u2019identit\xE9 ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node390 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node388 + description: "exige de ces personnes un engagement sign\xE9 de bonne conduite\ + \ lors de la r\xE9alisation de missions pour le compte de l\u2019organisme\ + \ ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node391 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node388 + description: "tient \xE0 jour une liste des personnels \xE9trangers pour lesquels\ + \ la v\xE9rification des ant\xE9c\xE9dents n\u2019a pu \xEAtre r\xE9alis\xE9\ + e. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5 + ref_id: '5.2' + name: 'Sensibilisation ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node393 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.2 + description: "L\u2019organisme met en \u0153uvre une campagne de sensibilisation\ + \ ou s\u2019assure de cette mise en \u0153uvre par les tiers identifi\xE9\ + s au \xA74.2.4., notamment il :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node394 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node393 + description: "pr\xE9cise :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node395 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node394 + description: "les moyens et ressources mis en \u0153uvre ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node396 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node394 + description: "la fr\xE9quence de renouvellement de la campagne de sensibilisation. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node397 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node393 + description: "s\u2019assure que les personnes identifi\xE9es au \xA75.1.1.1.et\ + \ au travers de l\u2019analyse de risques relatifs \xE0 la s\xE9curit\xE9\ + \ a\xE9rienne (\xA74.2.4) sont sensibilis\xE9es \xE0 la s\xE9curit\xE9 de\ + \ l\u2019information ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node398 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node393 + description: "formalise le suivi de la sensibilisation et la proc\xE9dure associ\xE9\ + e ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node399 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node393 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node400 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node399 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node401 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node399 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9, et/ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node402 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node399 + description: "le programme de s\xFBret\xE9. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node403 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node393 + description: "conserve des informations document\xE9es appropri\xE9es comme\ + \ preuves suivi de la sensibilisation de son personnel. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:5.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5 + ref_id: '5.3' + name: 'Formation ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node405 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:5.3 + description: "L\u2019organisme met en \u0153uvre un programme de formation ou\ + \ s\u2019assure de cette mise en \u0153uvre par les tiers identifi\xE9s au\ + \ \xA74.2.4., notamment il : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node406 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node405 + description: 'identifie les besoins au sein de son entreprise, notamment que + :' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node407 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node406 + description: " les \xE9quipes manag\xE9riales soient form\xE9es \xE0 la gestion\ + \ de la s\xE9curit\xE9 de l\u2019information en coh\xE9rence avec les t\xE2\ + ches qui leur sont confi\xE9es ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node408 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node406 + description: "les \xE9quipes op\xE9rationnelles soient form\xE9es \xE0 la mise\ + \ en \u0153uvre des mesures de s\xE9curit\xE9 de l\u2019information \xE0 l\u2019\ + \xE9tat de l\u2019art, en coh\xE9rence avec les t\xE2ches qui leur sont confi\xE9\ + es . " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node409 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node405 + description: "pr\xE9cise les moyens et ressources mis en \u0153uvre ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node410 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node405 + description: "formalise le suivi des comp\xE9tences et la proc\xE9dure associ\xE9\ + e ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node411 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node405 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node412 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node411 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node413 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node411 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9, et/ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node414 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node411 + description: "le programme de s\xFBret\xE9." + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node415 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node405 + description: "conserve des informations document\xE9es appropri\xE9es comme\ + \ preuves de suivi de la formation de son personnel. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:6 + assessable: false + depth: 1 + ref_id: '6' + name: "D\xE9finition et fonctionnement du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6 + ref_id: '6.1' + name: 'Suivi de la gestion des risques ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.1 + ref_id: 6.1.1 + name: 'Organisation du suivi de la gestion des risques ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node419 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.1.1 + description: "L\u2019organisme d\xE9finit l\u2019organisation du suivi de la\ + \ gestion des risques et en pr\xE9cise : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node420 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node419 + description: 'la structure et le positionnement ; ' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node421 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node419 + description: "les responsabilit\xE9s des diff\xE9rents participants ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node422 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node419 + description: "l\u2019articulation avec l\u2019organisation d\xE9j\xE0 en place\ + \ pour le suivi de la gestion des risques relatifs \xE0 la s\xFBret\xE9 et/ou\ + \ \xE0 la s\xE9curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node423 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node419 + description: "la p\xE9riodicit\xE9 et/ou les \xE9v\xE9nements significatifs\ + \ activant cette organisation, notamment lorsque : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node424 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node423 + description: "il y a un changement dans les \xE9l\xE9ments expos\xE9s \xE0 des\ + \ risques li\xE9s \xE0 la s\xE9curit\xE9 de l\u2019information ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node425 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node423 + description: "il y a un changement dans les interfaces entre l\u2019organisme\ + \ et d\u2019autres organismes, ou dans les risques communiqu\xE9s par les\ + \ autres organismes ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node426 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node423 + description: "il y a un changement dans les informations ou connaissances utilis\xE9\ + es pour le recensement, l\u2019analyse et la classification des risques ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node427 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node423 + description: "l\u2019analyse des incidents de s\xE9curit\xE9 de l\u2019information\ + \ a permis de tirer des enseignements. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.1 + ref_id: 6.1.2 + name: Missions du suivi de la gestion des risques + - urn: urn:intuitem:risk:req_node:c3cf-v2:node429 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.1.2 + description: "P\xE9riodiquement et/ou lors des \xE9v\xE9nements significatifs,\ + \ l\u2019organisme : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node430 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node429 + description: "planifie, met en \u0153uvre, contr\xF4le :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node431 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node430 + description: "les activit\xE9s de gestion des risques : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node432 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node431 + description: "appr\xE9ciation des risques (\xA74.2) ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node433 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node431 + description: "traitement des risques (\xA74.3) ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node434 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node431 + description: "gestion des incidents de s\xE9curit\xE9 de l\u2019information\ + \ (\xA74.4) ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node435 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node431 + description: "gestion des risques induits par les tiers (\xA74.5). " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node436 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node430 + description: "la gestion des personnels et des comp\xE9tences (\xA75) ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node437 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node430 + description: "la mise en \u0153uvre des mesures techniques et organisationnelles\ + \ : " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node438 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node437 + description: 'du plan de traitement des risques ; ' + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node439 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node437 + description: "de d\xE9tection, de r\xE9action et de r\xE9ponse \xE0 un incident\ + \ de s\xE9curit\xE9 ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node440 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node437 + description: "notifi\xE9es par l\u2019autorit\xE9 comp\xE9tente. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node441 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node429 + description: "assure le suivi des \xE9v\xE9nements et incidents de s\xE9curit\xE9\ + \ de l\u2019information. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.1 + ref_id: 6.1.3 + name: "R\xE9sultats du suivi de la gestion des risques" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node443 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.1.3 + description: "L\u2019organisme: " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node444 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node443 + description: "produit et tient \xE0 jour des tableaux de bord de suivi :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node445 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node444 + description: "des activit\xE9s de gestion des risques ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node446 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node444 + description: "des personnels et des comp\xE9tences ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node447 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node444 + description: "d\u2019avancement de mise en \u0153uvre des mesures techniques\ + \ et organisationnelles ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node448 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node444 + description: "des \xE9v\xE9nements et incidents de s\xE9curit\xE9 de l\u2019\ + information." + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node449 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node443 + description: "informe le Dirigeant Responsable et les personnes ou entit\xE9\ + s responsables de risques des conclusions du suivi de la gestion des risques\ + \ ; " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node450 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node443 + description: "formalise la proc\xE9dure relative au suivi de la gestion des\ + \ risques ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node451 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node443 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ :" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node452 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node451 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node453 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node451 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9, et/ou ;" + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node454 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node451 + description: "le programme de s\xFBret\xE9." + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node455 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node443 + description: "conserve des informations document\xE9es comme preuves du suivi\ + \ de la gestion des risques. " + implementation_groups: + - sec + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6 + ref_id: '6.2' + name: "\xC9valuation du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2 + ref_id: 6.2.1 + name: "\xC9valuation de la conformit\xE9 du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1 + ref_id: 6.2.1.1 + name: "Organisation de l\u2019\xE9valuation de la conformit\xE9 du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node459 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.1 + description: "L\u2019organisme d\xE9finit l\u2019organisation en charge de l\u2019\ + \xE9valuation de la conformit\xE9 et en pr\xE9cise : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node460 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node459 + description: 'la structure et le positionnement ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node461 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node459 + description: "les responsabilit\xE9s des diff\xE9rents participants ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node462 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node459 + description: "l\u2019articulation avec l\u2019organisation d\xE9j\xE0 en place\ + \ pour l\u2019\xE9valuation de la conformit\xE9 relative \xE0 la s\xE9curit\xE9\ + \ a\xE9rienne ; - la p\xE9riodicit\xE9 et/ou les \xE9v\xE9nements significatifs\ + \ activant cette organisation. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1 + ref_id: 6.2.1.2 + name: "Missions de l\u2019\xE9valuation de la conformit\xE9 du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node464 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.2 + description: "P\xE9riodiquement et/ou lors des \xE9v\xE9nements significatifs\ + \ et en s\u2019appuyant sur les r\xE9sultats : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node465 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node464 + description: 'des audits internes ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node466 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node464 + description: "des audits des autorit\xE9s comp\xE9tentes. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node467 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.2 + description: "l\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node468 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node467 + description: "\xE9value la conformit\xE9 et ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node469 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node467 + description: "identifie les \xE9carts de son SMSI par rapport aux dispositions\ + \ du pr\xE9sent document ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node470 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node467 + description: "corrige ces \xE9carts afin de se mettre en conformit\xE9 avec\ + \ les exigences de la Part-IS. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1 + ref_id: 6.2.1.3 + name: "R\xE9sultats de l\u2019\xE9valuation de la conformit\xE9 du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node472 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.1.3 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node473 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node472 + description: "produit et tient \xE0 jour un tableau de bord de suivi de la conformit\xE9\ + \ et les \xE9ventuels \xE9carts associ\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node474 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node472 + description: "informe le Dirigeant Responsable et les personnes ou entit\xE9\ + s responsables des risques des conclusions de l\u2019\xE9valuation de la conformit\xE9\ + \ du SMSI ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node475 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node472 + description: "formalise la proc\xE9dure relative \xE0 l\u2019\xE9valuation de\ + \ la conformit\xE9 du SMSI ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node476 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node472 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node477 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node476 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node478 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node476 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node479 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node472 + description: "conserve des informations document\xE9es comme preuves des r\xE9\ + sultats d\u2019\xE9valuation de la conformit\xE9 du SMSI. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2 + ref_id: 6.2.2 + name: "R\xE9ponse aux constatations notifi\xE9es par l\u2019autorit\xE9 comp\xE9\ + tente" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node481 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.2 + description: "L\u2019organisme r\xE9agit aux constatations notifi\xE9es par\ + \ l\u2019autorit\xE9 comp\xE9tente au travers du processus de traitement des\ + \ constatations pr\xE9vus dans le cadre de son certificat/agr\xE9ment. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2 + ref_id: 6.2.3 + name: "\xC9valuation de l\u2019efficacit\xE9 et de la maturit\xE9 du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3 + ref_id: 6.2.3.1 + name: "Organisation de l\u2019\xE9valuation de l\u2019efficacit\xE9 et de la\ + \ maturit\xE9 du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.1 + description: "L\u2019organisme d\xE9finit l\u2019organisation en charge de l\u2019\ + \xE9valuation de l\u2019efficacit\xE9 et de la maturit\xE9 du SMSI et en pr\xE9\ + cise : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node485 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + description: la structure et le positionnement ; + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node486 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + description: "les responsabilit\xE9s des diff\xE9rents participants ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node487 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + description: "l\u2019articulation avec l\u2019organisation d\xE9j\xE0 en place\ + \ pour l\u2019\xE9valuation du syst\xE8me de gestion de la s\xE9curit\xE9\ + \ a\xE9rienne ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node488 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + description: "la p\xE9riodicit\xE9 et/ou les \xE9v\xE9nements significatifs\ + \ activant cette organisation ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node489 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + description: "les indicateurs d\u2019efficacit\xE9 associ\xE9s aux objectifs\ + \ de s\xE9curit\xE9 d\xE9finis dans la politique de s\xE9curit\xE9 de l\u2019\ + information ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node490 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node484 + description: "le mod\xE8le de maturit\xE9 du SMSI vis\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3 + ref_id: 6.2.3.2 + name: "Missions de l\u2019\xE9valuation de l\u2019efficacit\xE9 et de la maturit\xE9\ + \ du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node492 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.2 + description: "P\xE9riodiquement et/ou lors des \xE9v\xE9nements significatifs\ + \ et en s\u2019appuyant sur : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node493 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node492 + description: "la politique de s\xE9curit\xE9 de l\u2019information ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node494 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node492 + description: "les \xE9l\xE9ments relatifs \xE0 la gestion des ressources, aux\ + \ r\xF4les et responsabilit\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node495 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node492 + description: "les tableaux de bord de suivi des activit\xE9s de gestion des\ + \ risques, des personnels et des comp\xE9tences, et des \xE9v\xE9nements et\ + \ incidents de s\xE9curit\xE9 de l\u2019information ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node496 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node492 + description: "des \xE9ventuels audits techniques et organisationnels ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node497 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node492 + description: "son retour d\u2019exp\xE9rience, aliment\xE9 notamment par la\ + \ gestion des incidents. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node498 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.2 + description: "L\u2019organisme :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node499 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node498 + description: "\xE9value :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node500 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node499 + description: "l\u2019efficacit\xE9 de son SMSI par rapport aux objectifs de\ + \ s\xE9curit\xE9 d\xE9finis dans la politique de s\xE9curit\xE9 de l\u2019\ + information ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node501 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node499 + description: "la maturit\xE9 de son SMSI par rapport au mod\xE8le de maturit\xE9\ + \ vis\xE9.Lors de ces \xE9valuations, l\u2019organisme porte une attention\ + \ particuli\xE8re aux processus relatifs : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node502 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node501 + description: "\xE0 la gouvernance (\xA73) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node503 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node501 + description: "aux activit\xE9s de gestion des risques ( \xA74) ainsi que leur\ + \ suivi (\xA76.1) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node504 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node501 + description: "\xE0 la gestion des personnels et des comp\xE9tences (\xA75) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node505 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node501 + description: "\xE0 l\u2019\xE9valuation de la conformit\xE9, de l\u2019efficacit\xE9\ + \ et de la maturit\xE9 du SMSI (\xA76.2) ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node506 + assessable: true + depth: 8 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node501 + description: "Au pilotage de l\u2019am\xE9lioration continue (\xA76.3)." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node507 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node498 + description: 'identifie :' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node508 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node507 + description: "les \xE9carts et/ou les manques par rapport aux objectifs de s\xE9\ + curit\xE9 ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node509 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node507 + description: "les axes d\u2019am\xE9lioration \xE9ventuels afin d\u2019atteindre\ + \ les niveaux de maturit\xE9 du mod\xE8le vis\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3 + ref_id: 6.2.3.3 + name: "R\xE9sultats de l\u2019\xE9valuation de l\u2019efficacit\xE9 et de la\ + \ maturit\xE9 du SMSI" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node511 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.3 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node512 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node511 + description: "produit et tient \xE0 jour des tableaux de bord de suivi de : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node513 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node512 + description: "l\u2019efficacit\xE9 de son SMSI et des \xE9carts associ\xE9s\ + \ ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node514 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node512 + description: "la maturit\xE9 de son SMSI et des \xE9ventuels axes d\u2019am\xE9\ + lioration associ\xE9s. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node515 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node511 + description: "informe le Dirigeant Responsable et les personnes ou entit\xE9\ + s responsables des risques des conclusions de l\u2019\xE9valuation de l\u2019\ + efficacit\xE9 et de la maturit\xE9 du SMSI ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node516 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node511 + description: "formalise la proc\xE9dure relative \xE0 l\u2019\xE9valuation de\ + \ l\u2019efficacit\xE9 et de la maturit\xE9 du SMSI ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node517 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node511 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node518 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node517 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node519 + assessable: true + depth: 7 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node517 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node520 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node511 + description: "conserve des informations document\xE9es comme preuves des r\xE9\ + sultats de l\u2019\xE9valuation de l\u2019efficacit\xE9 et de la maturit\xE9\ + \ du SMSI. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node521 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.2.3.3 + description: "Les mod\xE8les de maturit\xE9 suivants peuvent \xEAtre pris pour\ + \ r\xE9f\xE9rence : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node522 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node521 + description: 'Cybersecurity Capability Maturity Model (C2M2), version 1.1 ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node523 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node521 + description: "Systems Security Engineering \u2013 Capability Maturity Model\ + \ (SSE-CMM) " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node524 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node521 + description: 'NIST Cybersecurity Framework (NIST CSF), version 1.1 - ATM Cybersecurity + Maturity Model, edition 1 ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6 + ref_id: '6.3' + name: "Am\xE9lioration continue du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3 + ref_id: 6.3.1.1 + name: "Organisation du pilotage de l\u2019am\xE9lioration continue du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node527 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.1 + description: "L\u2019organisme d\xE9finit l\u2019organisation du pilotage de\ + \ l\u2019am\xE9lioration continue et en pr\xE9cise : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node528 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node527 + description: 'la structure et le positionnement ; ' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node529 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node527 + description: "les responsabilit\xE9s des diff\xE9rents participants ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node530 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node527 + description: "l\u2019articulation avec l\u2019organisation d\xE9j\xE0 en place\ + \ pour le pilotage de l\u2019am\xE9lioration continue du syst\xE8me de gestion\ + \ de la s\xE9curit\xE9 a\xE9rienne ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node531 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node527 + description: "la p\xE9riodicit\xE9 et/ou les \xE9v\xE9nements significatifs\ + \ activant cette organisation, notamment : o au moins 1 fois entre 2 audits\ + \ de l\u2019autorit\xE9, et/ou ; o les \xE9v\xE9nements significatifs d\xE9\ + clenchant la revue de direction (incident, changement de contexte etc.). " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3 + ref_id: 6.3.1.2 + name: "Missions du pilotage de l\u2019am\xE9lioration continue du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node533 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.2 + description: "P\xE9riodiquement et/ou lors des \xE9v\xE9nements significatifs\ + \ et sur la base : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node534 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node533 + description: "des changements de contexte de l\u2019organisme, notamment :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node535 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node534 + description: "l\u2019\xE9volution de la menace ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node536 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node534 + description: "un changement dans l\u2019organisation." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node537 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node533 + description: 'des tableaux de bord de suivi :' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node538 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node537 + description: "de la conformit\xE9 du SMSI et des \xE9carts associ\xE9s ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node539 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node537 + description: "de l\u2019efficacit\xE9 du SMSI et des \xE9carts associ\xE9s ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node540 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node537 + description: "de la maturit\xE9 du SMSI et des \xE9ventuels axes d\u2019am\xE9\ + lioration associ\xE9s ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node541 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node537 + description: "des non-conformit\xE9s notifi\xE9es par l\u2019autorit\xE9 et\ + \ des actions correctives associ\xE9es ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node542 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node537 + description: "des actions issues du pilotage de l\u2019am\xE9lioration continue." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node543 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.2 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node544 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node543 + description: 'identifie :' + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node545 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node544 + description: "les modifications \xE0 apporter au SMSI : organisation, processus,\ + \ etc. ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node546 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node544 + description: "les actions correctives et pr\xE9ventives \xE0 mettre en \u0153\ + uvre ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node547 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node544 + description: "des opportunit\xE9s d\u2019am\xE9lioration continue." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node548 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node543 + description: "d\xE9cide de les mettre en \u0153uvre ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node549 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node543 + description: "pr\xE9cise les d\xE9lais de mises en \u0153uvre. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3 + ref_id: 6.3.1.3 + name: "Conclusions du pilotage de l\u2019am\xE9lioration continue du SMSI " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node551 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.3.1.3 + description: "L\u2019organisme : " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node552 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node551 + description: "produit et tient \xE0 jour un tableau de bord de suivi des actions\ + \ issues du pilotage de l\u2019am\xE9lioration continue ; " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node553 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node551 + description: "formalise la proc\xE9dure relative \xE0 l\u2019am\xE9lioration\ + \ continue ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node554 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node551 + description: "int\xE8gre ou fait r\xE9f\xE9rence \xE0 cette proc\xE9dure dans\ + \ :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node555 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node554 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node556 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node554 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node557 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node551 + description: "conserve des informations document\xE9es comme preuves du pilotage\ + \ de l\u2019am\xE9lioration continue. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:6.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6 + ref_id: '6.4' + name: "Modification du syst\xE8me de management de la s\xE9curit\xE9 de l\u2019\ + information " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node559 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:6.4 + description: 'A paraitre dans la prochaine version du 3CFv2 ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:7 + assessable: false + depth: 1 + ref_id: '7' + name: 'Documentation ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:7.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7 + ref_id: '7.1' + name: 'Gestion documentaire ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node562 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.1 + description: 'A paraitre dans la prochaine version du 3CFv2 ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:7.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7 + ref_id: '7.2' + name: "Manuel du syst\xE8me de gestion de la s\xE9curit\xE9 de l\u2019information " + - urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2 + ref_id: 7.2.1 + name: 'Gestion du manuel SMSI ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:node565 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.1 + description: 'A paraitre dans la prochaine version du 3CFv2 ' + - urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2 + ref_id: 7.2.2 + name: "\xC9l\xE9ments du manuel" + - urn: urn:intuitem:risk:req_node:c3cf-v2:node567 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "L\u2019organisme int\xE8gre ou fait r\xE9f\xE9rence aux \xE9l\xE9\ + ments suivants dans :" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node568 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node567 + description: "le manuel du syst\xE8me de management de la s\xE9curit\xE9 de\ + \ l\u2019information, ou ;" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node569 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node567 + description: "le manuel de l\u2019organisme approuv\xE9/certifi\xE9." + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node570 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La lettre d\u2019engagement du Dirigeant Responsable " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node571 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La politique de s\xE9curit\xE9 de l\u2019information " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node572 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "le(s) titre(s), le(s) nom(s), les missions, les obligations de\ + \ rendre compte, les responsabilit\xE9s et les pouvoirs des personnes vis\xE9\ + es au 3.3. " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node573 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "un organigramme montrant les rapports hi\xE9rarchiques en mati\xE8\ + re d\u2019obligation de rendre compte et de responsabilit\xE9 entre les personnes\ + \ vis\xE9es aux 3.3 " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node574 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "une description g\xE9n\xE9rale des ressources humaines, en termes\ + \ d\u2019effectifs et de cat\xE9gories, et du syst\xE8me qui est en place\ + \ pour planifier la mise \xE0 disposition du personnel " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node575 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La description du sch\xE9ma de notification interne " + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node576 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de gestion des incidents de s\xE9curit\xE9 de\ + \ l\u2019information / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node577 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de notification \xE0 l\u2019autorit\xE9 (\xE0\ + \ venir) / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node578 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de gestion des organismes en interface / Mis \xE0\ + \ disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node579 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de gestion des sous-traitants r\xE9alisant des\ + \ activit\xE9s du SMSI / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node580 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La politique de contr\xF4le de fiabilit\xE9 du personnel / Mis\ + \ \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node581 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de suivi de la sensibilisation / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node582 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de suivi de la formation / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node583 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure d\u2019\xE9valuation de la conformit\xE9 du SMSI\ + \ / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node584 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure d\u2019\xE9valuation de l\u2019efficacit\xE9 et\ + \ de la maturit\xE9 du SMSI / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node585 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure d\u2019am\xE9lioration continue / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node586 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de gestion des changements du SMSI (\xE0 venir)\ + \ / Approuv\xE9" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node587 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de gestion documentaire / Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:node588 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.2.2 + description: "La proc\xE9dure de modification du manuel SMSI (\xE0 venir) /\ + \ Mis \xE0 disposition" + implementation_groups: + - sec + - urn: urn:intuitem:risk:req_node:c3cf-v2:7.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7 + ref_id: '7.3' + name: "Programme de s\xFBret\xE9 " + - urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:7.3 + description: "L\u2019organisme int\xE8gre ou fait r\xE9f\xE9rence dans son programme\ + \ de s\xFBret\xE9 aux \xE9l\xE9ments suivants : " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node591 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La liste des risques au regard de la s\xFBret\xE9 " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node592 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La liste des syst\xE8mes d\u2019information critiques \xE0 la\ + \ s\xFBret\xE9 " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node593 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: 'Le plan de traitement des risques ' + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node594 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La liste des organismes en interface pr\xE9sentant un risque pour\ + \ la s\xFBret\xE9 " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node595 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La liste des mesures techniques et organisationnelles visant \xE0\ + \ d\xE9tecter, r\xE9agir et se r\xE9tablir \xE0 la suite d\u2019un incident\ + \ de s\xE9curit\xE9 de l\u2019information " + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node596 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La proc\xE9dure de gestion des risques (appr\xE9ciation, traitement\ + \ et suivi des risques)" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node597 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La proc\xE9dure de gestion des organismes en interface" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node598 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La proc\xE9dure de v\xE9rification des ant\xE9c\xE9dents" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node599 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La proc\xE9dure de suivi de la sensibilisation" + implementation_groups: + - sur + - urn: urn:intuitem:risk:req_node:c3cf-v2:node600 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:c3cf-v2:node590 + description: "La proc\xE9dure de suivi de la formation " + implementation_groups: + - sur diff --git a/tools/3cf/3cf-v2.xlsx b/tools/3cf/3cf-v2.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..6e72e186a6adb1cf0d31c41acb61dd34d2c65afc GIT binary patch literal 46034 zcmeFX^OI&l*CkrEZQEv-ZQHhuF00G7ZM(W`+tyRIef#}pZrr&sGk?KMMw~oxBK9vQ zbFaPjTA7M6pkQb~5I|5sKtRMmd(>@uF2F!Q_z*xqs6bF4IwB7Cu4eYG2C80;W-fXR zo_4lGgXsG@v0!A`v$z~*;Kj=MT=LN4)s-Cm_hkZpX@!4 zZNYFK)~xI2Z-K2F=9qnS=TG3JfMV#ncIj-pr78ZdR-zm4kx60|^_0 zBE>K)Xkryy#`?thYe)Zr|6&bp{z(goJHq-zjlB>!h;aQ5EIT>VNi;>U1sZ9A`1Qgp zTNs{=i!9hPA}HnL9&oeq!F5U?7xW1ImmPb`$hNJk`y+Nkg(=%P4j#XZi)qobhGInGs*y`Sl_$ zjGNH|N8gsF9)Ywoz{JQY@1AC!*K?zxZz2C%H#KZ@Q2`B-j z_E+BNjm^BWvN(BYCTI@e?UD<;`ERk93#$KChPdwu(_a?EGEIBN@xmA820oJ+jag2V znVrV>f2;66LuLp1i|Rj+Spo$D!U2K;_OxaEZ>aHbaJDgaaIpCg!TrAo0{+Kx|6>2o z9)FW&tp}OlMs9+;gXe!cCEA-M^K?fG)#gN9yOtjLvkkeFdC>SK-AjE&E@h^k^$J{B_)N?4}Li=rC^#d9l51(esXP%V19@sShGWTQWHEkrv&jGgU%*^1geWSsoPN>D+C%?Lrk<18DD0j;3r zB*4_WJCu`am7Iu1J?<$431Fq4W~B80ar+z^9!!3K1OKZ4QbV*aLG)%k6^R} zCS_%CCMlr4zH%m}lA7c$VVSjEbpqj~tY*@HDwylvYr>YX97>`o3)KyT%0z~KoaEL? zhS$zL?K>9zr5Yta@Bl6-t2J`u0&k7ug_66CsT*$vVa|xmkqXiS{7DSSVBdrScSWDl zBzl`TdxR{wNxR_lOgbuVISM}coA8wQtu;SRcGz)H8jR2s-L^gmlj-P_83)8_SsS|F zi%@hB*S^-v`IiZHx1Q80QPePJVwI#>X+nZ>tO|t{4^!9Nk%DWPh-#G5FbkGgY@F{R z|N7XQvLL9jz!Vuec*0{cCQ5N@>33OUWrM;Ao~W(v{0|KU)e(Xu)Knm?lrRfD z`=+R{udx>ie7p|%GR(Ix`Q0nA94>;`ZlgK3@S;;pEYcvR{o=$2w@>uPzDMFU9}!H` z^=Kl>YRz}y!?LDt*QKxJ66}u>IQ5k4)cLY|G3rVyx*N@edrGE)ivXorIn=5Z6+ZV- zWp2WB0w}x1mz2g2ZX|bn0YxifT`^n3Yoti^5aZW?FQ>mEV>`yGX{v_myD^3G!O?Qy z$g@eN+OpXtlIyKsSe9lsG#i=cJ-HM2V&ZD(wNW=m`nS?4yVE@1 zD}(yv7S;I`6B>ry%i1n^bWJ1znM1P2hN5H{iHVhL@{;b`>A+h6I=KpOn+(dl zz}FLnl{w)8be+IMyiJ{U2L_fTaKpy*cOU`t<{k4eeE1R6m51ikO$tK z9-OKOx*%V>#MVtFd51bN>}biVZ_3o&e7-=dZI;_^PDc^iV74UQy$5PwUX(O8723rP zOeRMm9j)hI*9L0+E*+yrfT1rane6Aeh``^6q1&wSASHJXYj8#bzj49;eZAK9H&K|a%_|jEchpyu2<^nLwE26z?K-25f6=`(v%>#3GMW0K zY?DHN@J*m7GwD!g`cK&|gFOS=Np742g-65n(f%+M&iO2%z8?HfH};QZYW=QjIXrXt zgB+??*IU}?_|Lzh^*; z4#|cf3FJCa5JKSXeZCuP!na8tT@N zV$|UkkP*#gtGcxxCZ3~vfSFn%F5J6v?A^p?fgG`dO4UZDh^n3XbakeKYN2eVVjPv$71#%+&)PI=M@p*n9rAJ!FiRY4r@o=xXgnFK(JI> zhAoj%ir@*Oc{uVQq1ixq2JbE4cA-s#l25~qE6(Y*1R=V>VKbM#oWH%)xkD{l1vr56?Im3H|p+Ct1E%3HjfSPiDUa$MQQw z8GC&1H=8IKd)^;kZU}t#bU+X%Zu#Z@h_;O(Z=6t{n!_DR%R?Oa^1eft&LCt1*&&|Q zO5^R-K%4XHX0?xW(dK);2CR<0;A_~+gs|B!@i7aU0N`V zm~HWog!AvSR zm6k@9Y!dnLxdPdCn?+P^Cx^;d+cz4ful1GyQ)N#a+^z}nNaiO0J01es?03m$ zr-=!O-al#wsP~2>11z<)=$nCwiR7B$_MQqkHU`OBe9YXK=TeG zh2l0* zpYm3MS(Ee!rCwPf#`@-%3Y(?oWP7nQK=8!;vf{%|V~ z;zv$#VW>x1;pmi~;#Wp~Rw~k<kc(8nLosa}WG}t?TSLDRW0UlZ*J9+ErQ@8y`^o!ML z-b;$|&-gxM71(JZ>$uluy_Pm2Tk`L$zosPY5YqT1e*z!kBIDNyDIWtjPCgWMkUv)p zH)+9?evfkyNMcIr5J1jxt&8ExW+vNdMqWP;Y*Mu+Fz{?+8;mV*p1ICiU23@i8eN?4 zp0-ckqV+V_8r(V-pVDy>pG_mrpDlUDutw7jS|$X3-Sz)=eB{u*i_1uSw*CRuz3Wdl z@+S*8YMWu#;r#h$V*Jmvq`R8mYx%F+j=%&0g8y%{JlZ%KGPn02it_Eo4jlO2h>BwvD--&v?+oSN(Ta9pisch6eCO0DwxcQmyVmAkw?+{!!dIdb}))QvH*la z2RoILd^XnFWEqN@ynTzt`ikO`Km@JQ(A=bI*gUpW5VDbb_;>||Y@UiHF0~XY88qaQ ztBtInOg5gaNWz(!YDG4GI+^Gc2tdonutyXV-+vCZKr8GKt?TKeBu?1Fjyr~*Yw^NM zg6a+9Z4T#%#E}+!W0S6R;N3yE3FS&qp2hH#OMagk=K{!@ix0U_2xTx3sj*=3v3>`K zp5s=lZ&DmymNkg0-ZW7jMyN2rL3e`AcTiL_CGR-C>mW5-z&H`3HjtGHmdR9zv0jt9!w*gGZ5-G8Sat4B2K{?%>0|q%>aeJu6S#^j z-6qtha*Y6+#4IZF2OQSOSoN?>4rXSCs6I`;>IHwT8_n|2+wUTvh7nBQ#2EOGDX!lh zz}bqWlq;3UNhp=}iPj6|=R{W;sx|2@D4*OSqOwmZuNNw!WGrWp~Lo+wz z&u1f)tfUUj(UOQ^F;42^1oWK$%^cE9@9!}|D{0Q%d(&94a+i!AxjGsxj;0DgZ^o`t zqbam{0oL9b=q`8~S0c}em!A(rvhb2)1X9Z zlVR{TXci4>(K8JlQRF=E*EQN0LXZ-LcE$DUy)S)@RJBr7FvNUrfIZQQ+!p?gJ*)r- z>fmipphotDXFkGhUGT!|Q$(!t$`v|zX-x}xt#-gD)nn%C_c*K6ft*eeA+WKDL0LYx zz#g8ef`Zr`4Xi82&Gwi+?-#WF>q6y@+W^PZjJYd&dXC$A*tS-N!(flD{GEVj`sr^+ z-__*Z(1EoQF;9K0uI9cOk;NaZ*+>Jz`5Dwr_FaC;lE9?Hv)n`o9FI{xZUx%73G4km z6R)4(7HQ#1pe+rd_MBtY69+M+6ir3d7Mk%K9%r3E?8+U)saZudSm`xZ*I8G5@W0b8 z!sJGkl?&Z5X%;;d1Mw@6KxP+xQ9Ou_bdjZr%LXOZn&&tkQE--Yj?vCEd98$?P1rww zFv%45`c_o{C`MweDx-wT_aK8s_Au2hz%*YpW+*aWU;Cf~YIgVt}Z zh3oHjJm`(WIN-0IKh5{yJUaZQebjSUxsfCMoO3XGQLwG$X}w6b(+1xmlu9&YiqY0+ z3EQa3CriIJ8mMJA;-r84-*n1X(iEV`|LmjTf88?H|7QTWSelu+x-kCNi}gR%DLZL1 zHjC+>^+x-IPq!N!h?JTiua+F#>7h2;7R%fp8B=j(o2dT#C3ZZ~7QG@;9b^O#@L`d@ zyEs~uc$$Gr>#B3W70q-&znEg#M*jV7hJS>mC9xSPy?u|8*FGHA^m0=QY3JU$zeP;c z+&UEFq9+t#2CuOc)_F+(x1vR9slR3&WfNPzieE}9QB+AB4V|7J6~+ZoWVOZ6w_;uY zZY75}Oy)e_Z!=;Bfo=G@pW52}gTYYSEnp3bdaEMbxLEV9*{-Dk7y38hVKR#=n{;ti7n74ToIi$NfQIUQYvRFOXo{{;5$8Z7 z?9>l~%B7gv!7gIbyl>)(71QkM1CjKCQ@p^CSA8~F)v|T2*d*I`u*ITuU&wEbvD?m} zhjvZV^r_Nr{~l<+`nr|Vw3Tz#B0p6_y6C@roZ2^^;R-~!!1K=I8JsYMNV#u8GSGWy zc;64z2^az^lkI85m^tf@odj&F-8BL@%>}89&7TZ3t9{?V$C0b9jN6pIU;Bnzoo-#> zu6%ybmaWF=K@Ww6j1Ibtv_Vj7C82wP`#m1lMh64n9+XgG4#22Za^4XR)0SLNqAL}G zxX4P3vP+ZzE*x8(Ew^TdL(eN#>}Vf|VB$+6L_LCym!a~2OJ)M*16Kzb1O*LWO{xUXNG38DpRpQQ(Q2EpgoDl$ z#eWW$H)PETv)~^ST?NELPs1vQ{oD>%bF8ARZQ0~`5jT0_v(~X49lsR5x)(6iQ>g;? zm%TU3rN-U<%jlo~CJ!5_C1n+!ON+F#0dmnVq!$4@Un^nf}2j{stNgN=|XiGEsIZ!CT3#Qy13-N}Z{+wW;O2>m}Wm zR18Oq6qp0T|HmIgf#A9Et~EbK(N6x9h>W0FH>FVT_-OQ{M1Ul>p_*Q+NPBD?7|tu* z?~`erx|@SN;3v!{CXADF;IRIm;AP)F>Sy@lPrq zbVg5jL8Y{#CRI>0;*7ZV#an{6oV9y)sW zEDFB9<~%w^FKVj3A%h;zW&{hR|Kgpe_#*Ms;_zpZLSEvUKi-V8|6_CUpcYV|6j{pOpkHY9taX4~vtd}aKKgtp@?5oT%<@aTObSZYXh59u zeJHEO6x9f!E-0pS4gMMSOGvquchI8gRwRA4`yv=(|IN+_+{r0%d%7o|0Iv44+>e?M zI4hIJG^5f6j^6%0O@VRNh@VQ=ERlN4@G>#QsGEj50fr%0D|;rksC-xzM8@l5vEwLe zSK`%&lZUAIK2dBDQz^1C43j%GUZSV3Np+&dKI(;JzwRR%o&uWmSwN{&I!|N+WLi-h zw&q-J;9&-`92^n3aDzsmdHb2K?++dh~HF4Ul80u(MAPGyL<6h_S!9@`R4}V$Yfg+SU!g z6r7#`p#`A@nd%-oYVqRipb?718sCXF;)rykqU?{?zu?$*RMC6rKVmb#q3r9S5-c9+ zZnZwl-Y-UFUcSW@9Ek`JP`~?fz?Ge_NK_|!zkEygvm)-5CM5~5dAA^0Dw74ky*Re- z?7&c3qK|O#;!Vj$A|1$2Ul~CDXp1|qLXcsHN~Tw!EI?8G!RDEOXhd0@%FI`cm>?C1 z7X$>iXt#5qphzO{=e!bg*MGYi*Tgy1dhGD#8_pzZBgHs$omx6 z_m#=i{9_zEL~tbf1!o&In@Nl?I4RX9DImGXL+KQ8Gc4e$%xz<_@lggPc!y#gXvjOJ zGcN*ZrVq$IGZ|xDjQ`8h!jH{{&A|@@^cMjb2<>0QKa1YQ(#YA&RK?ZV%HHC?w8PQw zNoU>Flw)1w?{Hi^ws9zsd?4jSYHW16cxNWz#O0tW3YgGCk_V7>XA;yINZIExmAEQO zc9*3gQ+V&Cq{v+Cd4U7QvzBN68y9=PI2fIVhlGZP(x0ghE{nV`U7st)@BORg;*K*w zlpn{}aB$p99=~PhnI*?{8D_8NtwQg&^Gy@vwDG$9=#?qQmEYZ-UYqAF;;6vKY1FXs z`d-`OFe8C3L)t1M0s=g43(pp{R`?>oEq5-*SMEWd0&p0ioN)#tW@`oq~=-jp%?mlq3e%bUx_ zMQyLmS^pK|=(aK2OO4JMS7tF_cGSZ$82P*LB@njg z?(OPMSyWwIzMQNN;K$4?W_>!h28GCOo>3+B7k$MoIuKqF0toR-2)hSxV_prX+ifW9 zn%cjZw5LCguOQ#{jC>X+T{w%rOJ_rGwET80-hSUH-TAz68t5C$-hlyf*YeDF7#*FP zz(1~^2aVaagki^AzMl|(Hdelq6_RQO>rUv0k$j>q;CG&$oPB-Xkpu` z-`!rPs!Fdpeb+3`O8I6rPzm9EHNUx%;Pr`gQcm6w_-1?A`_Fg%+B4+T1Br~NH zbNP9bhg{e5Ui2OcZ?!!mF30nk3^dvAKn`v@x$#!EhrCI`wW^;mOb)VKC2 zr>`KhZ=`m0+gxD2JiA2ZetEmS-yhv2g*A5efjc>O0*dixoe)1wI7$K&SzYh1tFt%_ zX1vU^BqS&e`0Z;gXt&t-G(QAB#w>pT^?|1Ne0CdIUIJDKc?A3)>k`euuvi0C_UqGt zk3%uujW!7vg*d=B_|o9_+m^3IoljRt<0-<%#rGbb#7n*&!{$6W=HA}n;9Zl#sD;8y z=j=w_4Il4C?o|#xKktUm_oMCSy5-~g{KJE69vJMJu1A%b%g2q(U#4f@1rZyzEi`UH zh0I~wP|~56jNP%s+tN8^mFnTb;mU{ccK(kFs3V`N=BFqnuP)4Os_qHnl!`^cx|TLV z!0+&I>d)$;1KiJn@yqk-yw)$_rQ^bmb4N-`*jL=Bp1@3$Z6|i0RXNP*<4C`;!n0KP zZ1j#3)A_B(C=4FJvjS2sHh-v;t*0LfAMB0U#B$Ed3zoqE^!FaNZT=yxwj=ZeRtx)Dl+I2?`VBs7wWWI9$5;91cb2aT zzn*M2jH4=o-egG|1h|Bn)IdYKyhqdK4^5tP85g^|bEmww?Jhl(KInaA&HXym8 zu9^*W-KK-$xVi&)2Y3%8ol3f_9(sSw+(;#`c&mKYVmEEHpz&<3)0k7-UD_Qc%|`9^ zQ}U&5(_EGvuR?5IML94H`sAb3h9Q?YeLKJ5D8ug|pplU^=@~oP)>ImL){KukObm-nhee>%!sns_%HER2;F3k;zcV9j12y*;>zXO~c)uVfI1;*Vkq)b9;1__;T z9C+|xzj0Ysy6x)Pg%vW*IIm8&3JKrbHE*8Jp9hQcroG-b0EIeSN->Bb*VYGU<5Ejl zAt13`l_!tAfI@ypuk6@+f-R*)2Z8Jt#q4_sM~_oP;|k&|R!I~@tHzJVv&1s|2cX!7 z&nEQe=VAO=j1nMXwC4OfLWw3BD)=FFJy|2;v#YP?51g8q2FCnNlrFXNpZ(jB1vS=a_@=5GN+2T5fQRg=wHh-jSfX{*_G>*&OhpDzFAU#VU3bC<0 z#4qF6p>Rl(V`Zw{V4TYwK)hNcCUR0iFHPKMvf{(Z6a_?ehr?obcadOS7T-? zx_A~Kq^339*|K!?g$IU!^#idn%`OxNX7*-3!TKusa*Kl1$Gfb9WsZ$UV#f{pZO^|0 zo<(@OGy7HYcSD-2j_}W6G1_)*?sjji8VlAx9$dI}A0f+8>fCy345Dg+*fV4IeaC|< zg2j`-Jd$IfKO&bV1)-2cJ`AG1ZrTe zQn$1pJaR`}34Q4Ta)L0SStp+OM@f_k2gA|sdiO8BD})M5JI*m1+bd5^hp}!$)5ksGWjGFLxX#zf8?# zb1Z4erkYXL9yJ1sP=TnxaRzt{bLJ|Yxi1+FQI4VKs4TxhS~m1@FchyU;Y(=ks|n=H z?L43u3wroXt)<)GRFIK-F7;5b%)vpT3K#e_N-XIH7E8GRzP%X>-ED^^P6PYpN_LX= zZU?v7FYZ2kI ze9kwS==BB8iVdmx;*nE38$w^82B(Mzx57&RROhn`eF=+IEdstO?^x@ zv~H?&^v~In-Erg4%FXw#5l_~23ntS%8{KW+-R{_?676kp%?=YMHE*}c-l@oaI>AoT zefTR}qWd9A)QgM<>Z~kc*NyrE+ox%HzoK!k7i)s3zE7ZUghq#|4pZzazGz%WvyDFY zxQ%drTWnZEV%tvwp77C_1=WN%iTK1Vs5gg|N&Y7!7&u!4|t zy4PltCHMH4gz2RN=n3{rmVi#~G%)0)HhviU2yfa(&Q7Bu`yie$h8p(#l#6r*5xg2^ zn&7Y^-u)TE8`cz;ie)T{X~oFy_TPwcVD4e$69hr9i=c!UVe@F#Zd%Qf6gO3FCgNb3 zz(WpiILVgZC}$h6L@s0s(SOGaE#_ffIQ}4&d)TjsO$%aZL<@gv^LETLpr=qYcko0n zUm+y3bl?PZRr}ZhiAaIA!cyv`3c2{-3;$w)dy_|E{1eiQsvFgc;g2@b$7(7R$`2$9Qx+|E2?aN559kI^J z&zQU$=sB1?DXsQ!RlD%3nY)Xd+Gh67O+YAe2DXCU3a1@I8u|;(es@=hCq^lC%i?NY z^xHrVT4hE%d)4{QI=|8Yn}Onc>RsAi&y9mlZA}>x%yUPt`N7F}qcU%SlGnCkfkMr< z0GmiIcu3OPa#?Ka$+HEY;5jzo;Tg6^gl4Sx6^;t1QW^>9)*!zf41(fKT!)s8J?=fk zpqogz2Km+4+B^{ZSx2{xNQo@C5Q+IuP{&$*uU2biBZN#`Boj992N*LVURJ$viBA)^ z4lOQ70A7w|dhLamPK=1;PPVz0kn%H8rA#lC@|fz2pg?9?&7sL_~Hd8 zhxr%I4QJW!cv|PUV6_fm9#DHqn-YYLWC-J1+~vJ_vs{$j`P$qywtyfIOS+%?6N`_4 zPkt*u-GbAw7n5d%7c`@PR}ut4ux|z_x_Fm));(k+038EpgNjL{VzJIVrD-CRz~6!D zy;@1hzF`$!C~PCmrSyrr?Cj_?&&RwNtLUyTDrz>CRcCZIbF^j*oxE*?^>v9azzgOa ziDdeg#_YJw1PIf#h(fV;>4iXo2{nVi`J<$@a{Oc#5R~|SdKRiMT4}#Y2(KNP;sR}J z!0RI{)=^sf7g|bZ$xce+c|6VidpYS$>7(WDZ`yw@^`+knfh&mO*Xz9|p$FMd9SigI zcGyBNu+%`I-oKNC;i6Pv7Qu^3+he%ekO1LfEJikta39k$h1TFT$e5w<6zV`ErMI$h zXv`i^WbsK2v8K&@A?Z3p<4ex-o)QnG|VnYH{>QEiSaMLA{x8^7`-v)tH8N#JSmHJ`N5j681m(GBO zUy8V`;#pSNnng1dvj35?5T-#*s%V5E=4le+9He2egw=i0V*!tC$SV{Xe!K2C=ff)> zTisCC*EWX0t<9FY6g1`@A{$MJ5a$mUIZ?wJ$fNkHJ_7J2Q;L~k z;uW@bn1r6*V(E2wAh47H5iNX%@|rbkdB8jM5VR@IK{QeIde_$?!FODRe#ihgd9zac zc}c0V1W$Bvt3}mO*E_ApQWQ5r0Du0k?hoBhK9ykrU};69U>zGhT&dBo(5aC}VW^}- zJz3T;jIw4oC1(pug1@!=_fGX`Yj^Rwha0Ma%TO|RU0jLjS8e2mfl^6JV zFf0dd&~}CL79v1CkT)7D6E^aru?btDp(NnGgBCp%v0PYYs@$;NfiZ@sx5oZK*8dO1 z8)aziE06>IOdP!;d5*?0#yZlOJZtI>>zi88zmpPSkeU>rJZ*MM{_q3jd<(S=qK;L? zkq!=;HFQipe0NJJ7#qV1`O{1|ic=T(!vx^-)#0yP5M`I?AY`;uL#O>vq_h=BQNggq z>8O0jpyC$%);4@)#fsCVTF(E#RneX1OYVQO+_4dTC-7vlb2T zv;X=n;`zNlo;?6Q;_`lO!SE->P&>t?7A0}daLDJF;Sja9^l!~+6~-_8eIKe80lY|! z>AJIcagXDO*WelZ5nNtuWy*kVt5RCJDcvO4Ra(>BjLk^L#g=f`Qc!XcJH_UxtAwRa zpho-{z1gC;JpSL2;Xh~>75-9%Ng(pq`hrnbXGC7Mi?LG!fyk!N_-rTixt$y?YXgjA z1iNnNd(suc&+)c+B&F3FSscR?2D7|xd?=Ved<%;hX>uO~e~qde{0Ejpd&{i6mBlQg@n0$@jPP$WuVD0gke;HBMq0s^!kxe z_KDcoV|1jHQfqmwisA>uGa>Qgl1<*^TTgj!O@$t_q_*xh9@_;$La>MO<>5jKfoMW;kn?Q%3q*{x=LT!>K{0)Bo&UD=8*PXdRG#>PCw9N3^ecq$NI#6Q zF7?5T46%@4gxrJJ52p$30BOSfu*p?M9&U`_H^~%Eoa02%33vtgfUweI1~uXRyW6xT zonm%yU?dfCWLIW$9JQ55M0dsX`N2kzZPJ=;ew_i(3AzjxAW+jOog|`89+>zyXh4PN zoP3*3UnQg_88)GY%)Kl`ZrjMJkTd) zc7#cSGw~P^tYEhMp_B=VwzK!h+sl}tU}~-X4}L6MmDbTIvm0NwX%z4RUwM?3T`qrX z9YvA}WBCz;P#6~!be2Rd>}^A;p7o;guhT9%U?)%p4Sas7_oew(>$vm_9N1j%C{&zu zg6nv;YbJ?EP9=x&5$n_)#M9RVH{0%Co_i5PiKWv+@yf4DylU?8?37o3YR(Fx#+p|Y z5rm(sCfbw&lATFHm(M;!yyqDKkE&~$#71W`lPm=KE_OtaM94bnfr_2znEF<;iHWzz z!0K-SR${=DyyT3!Yc{6V{ve33TK#b4udZzkJrSgumXl7StXb2&anR`b>-3n_~uMv$Miv}!y*QBb;@{)XA}6aTv;3FB_3$SxN`Y2 zN$(8HVa=;Fo4**51S&;XsFLQF<}tdmnW2sAl^Ir6(>7)nuW=fi$anm`1$AvS6h{}< zfLAg0zV+uNYxbc0swx8bWTMM*8D%mT1v#o;W!pjv6C^e-{<>VAsMT#cnRMCH{5%#s zBC&lLxr%&zm$;X=*-IQgY|52mAl;+QU%W_+FLk+o(|oh-lnGpDW!a7yeAw2HcuwqK zNcs4{n4xpqGpEx#azGw<|IxO&*nYlM)?5vmf_#L6BSI``Hr8JQ3u_B0<}(EB+?Iuu z2|tz4N?4T^?b{1xlThB+tay%nO`K@(vS+IEl( zR-)Xf(hIVv!pF4`*VTi9fzmNvj{BNrrTFfQIf&3P|Mbh-Z}yryk(}4384g|tNyU@n zK6lt~ySY{+jo0{?byhCE#j;8GBKx^Jo>Z1hL1Vv4JL^)DRdjn~js_18>6b~QPh5AL zQ|?7XI1~$&g*vuFCk#9gl3~?;QOSXAq{VXFQ1ha`izGj(kN3Na2Jibc0so*s^s+1W z23S=|7hOocQTArXrO`ty5iIWFVUAMct#3_n&jIG*jgsv%_0{GU>0!`obB~)+;cUNE zpQ^a14qfyk5x8Uy!Aq{{q1&-xPa7vm>P{^wqqBc47ghqv0W-@F4XAGW)hf*A)Jgt1 z+kyBeE|5Vv*1#=9Wo>j+V{U=H*-EhvIQzcG%f+|~=c)&_8bXDK%6*hwiJ~HUI}1Ep zHNp1hO$4urE=~;(_rN5JZ8#GlkV$#^TUaJbEzzeFaE(jl4Y3^b^PsAaZ^0pU@Hln} zgUIS;!VnGaACG|` zml*p1GJJe2n@anb)cL=^8cw!Wd6#B53nx1AgD{VlvF%8Ol$pdARxR_x0TEpEy<*2> z+)?MDup>eb(2^psnyevCl@(RL7MXPd5sV(Df~ge*==hG7P|ps$KxX_9#6ajlue9WS z96#+AAT7X5MV>%Ql;YynZF*oG%J;*I>c75k*AXqld>>}<;5&A+i78Xm*>ZW8ifEZu z_#kZWAGUnB{3;>}{EPSZ@0O>rp2cEwbqv7rS9nD3-qju|agEsEbOm0SB_I{@zCZVP z|55_93)f5iH~(6FzlZs2qFdzerX(*d1#ORY6ZV1VKmD3h1#Y0y<OiGn0QUI9`?VLXmQUNlx+|nKaW!%naIB6?>XSg)=8-Rl2ZWE{J zHZC1p4<^2b)z(gtmd6CFrPXM>iKW<~J}_52%!UC0*O1Xn)p6%_R`}M))gLyIRB7_Z zmp5%AxCx;@qjgcHCQ`4VI6;ERd3p84nS7{d0gP|ZQ-~zX)SKK;N;-;|2fH>7ZwE@5Xb@O#KWeIZe3SbYf96e?Z!n#P%bLdb zQK62IQzFkV$ZCU7VDRnDODN-=Eh)qY!?@t|q~1NX4SfD&^)8YQjy!;Lp1YG41_Z{2 zIOETrycHDbe#rOCTr67eWg-y7gY-Z;ZbPe2Co%=ZsS4=@95;UwDx(w;jRc!ktwG}?18D)yC01qKRV>9E6hG^L zecbw%?7SPe9R2R6DW2^z5|2zjV-jBX0|@(*_>8y>bN~s^81!l83}UaATu9Qmwu`H=tZWjL~K;Q0lV5mb3;3}TC_|xBC<#06u7Zf($+uUAcw(C z)?wf3{GCF4yc<=Q7Ndq?EZjYb$}a?p=D8E0xFZ%DHwMr+!(YFD&(q9%zp^PQN5mjS z6A_=`dDle7n7a(co6pfKJ0Ar_=z)&vcqcRQ!o*gD^ru8!B1>jajy$(ILbX*`W>OnV z{~E3Kbc$Y+*VoRCl_i`-?pqRC4>o_u56gd^jw7ASd3tSyDQX$YkH=T=z`T2UWkA0~ z>;c?*Lw#J(q^zAFzh9~a%Dg0Tcb16SiR!~}!&J9ti2l73n;d(6op&dP@^U zgTf*ag8@IuMyDx>7E5hWex^YNo{@lq^1M^@>rBDkD(yKn$2OKUrdii^K&Bxveo8N6 zVXcT4<|J1wt^U<850oOrpqDZ82T&sxXWMxI(p!3}@X6P zJr8F4RL$7N>g!IM_?433E9nC1nvX#3=qJ*y`m1zABq@Q#)`Yd5yHQHQbOE6tJuMLC zm*(;oJMt(d!D?<3m@73E(h}nMeKDUt63}coiA7$XV?dWLz3(&%hrG{7{BZMOV6ZNJ zU6^b=>J{gR@9l$19)sWGm4|~oA#JQu)P_mDfHZ}giZx|j@5d8IZsqhKCdKeUNw8Al zoMaHsa`vA=f1FXpqK1sS83K)&f zBrki@P~@$zp;pbCIY_E_6N)~36)WY9C>{r4hv6>u;^iYDfLCgZsE3fC>u9qB*Dl_! zaD9=h9k*#-jtO2A11JeRR9dJ3v`0}x1;&GL+;{AIzA4&-y~-sU1X#e}1hMfC8&;`X zC$J^zjNp+cI1|U`ZYgz8E-Hm99lA=%TcVWlh__ahkPJcWWX&)C`QSAhbh_A9b#?8K z{0TW>NR;Y-r^IPq)&CD&Zxt3t*My7W9^Bm>f?FWCyTd?mcXxMpcXx-u3BldnAz^Tr zU;)m2|K8{BoSW&3>XKEmrdB^)Z|`Fh2#5nLYret}@wEjXMP4guoxF9&O3%!c+sOJ9 zin0W;Krq^dlZ*CfMW0X(ioH(tq$_@!mbUQ@aQ)L@e(zYYZ-YN4k>*sHWsBPco4_{|H6IB+aouOzHlV{+ zkLC4rX|lf;p@KN>Q8p&Bfo9E-p0Fn_fQnM2K2+=dKEk=!MH2=V6x?)5YuBCQvnpC7 zz(qsd*W{~=6XMqEumTuC>+ndDeRQ<|T!)o1@+i*%ulsJ9)7`faq0D6o`Z3a?`Vl-xI5J`1&N%v>6$zUK*E0oU3FXvk|v7z@dm$H0%1FNhYjZHtOMx_}B+GCbKxv z{LZxTUmU@oT*r8w@1=A>;>LX=3X`(kn}tv?S{?Td1A7KF&q!mvMmv9v!(d2dj()=p zeeLy4*%!=zByfZHO9z5@fTP5U#G+9CWVGOZc<5i=~(Gmt}9-_eTylmEq z89BK8g@6Q|CXbmuT!D7d^MlaN`N?NXAX;wjy06!H$D?1u#u*B|{|vSJnWNc##-t(y zv~44~WQ$2ps5#ALFuzc`k5$%Ogam%Ty0*>Q*S3e6`J+1%dCh9!+b+Ah{ANxX!%J44 zgo{;AeY$>s6K~G_wm++jL%NHQcdss-TW=qUwoucaU*x|kQb){CmIfhgC_V$v)M0&2 z8{f-T$L+mW%X*IJfo*ZlI3o}@ z9R@fcLR7iKr+Twtw!`HzWqJF=~*%Wz& z-vJMuTVFgKSA|F`zfAH<6~n50e8wWt zi#u)?My2+MJW1yG-5MU;XhzU4dN->+Gu2;exAIFBO>N(6(Q-iC!a`5VnWZ$ssBL*CI2(6*kt zR<6VbbE~9{6fp@AN!LDbrjom}7cKzJLeLv_>M(9e;%Jm!51GQHC%2u8bV8R0a^>~3 z5rmK<7(@EWB1u|$iZ#-Z#4Du5`HK9%Q1GYXTigo#f)3by3EWp(JV%X2!y?25NX@2U zOK8mPA0Fx+6-kp9xFqHKoBn*32~@gNB9>z+#&doDEfmg;@3*(D$y`>D1MBchm>BaO3+#-URmlF6pf(>1wP#@QPUaY0VX8Y zODpIoa)Wv&%Us($(la5RU7pa)H#r^_>}#vV*VMP9-w)t)tdEYEig7@+gDlownPafs3O>4kUVY@T41MTY1vd!6 z@;Z7iCD|*4&wbulJmCC=XmG;|sV?(w=beYgPL7m1ar%*A`eJI)g%JH_>kogBIwh@X zn@tfvDbZkA36x;mh0$JK2h0{kJmfMxdnbnt$q;!cI|d{Ju^Q6OiA#-XYa8_)8_a0W zS!6JO_Ht$+iP_k&wYq>)z7Ix=O$B{uFstvkRv|1+6CQpd7<#PUu{K7JMP^PO7V|ad#=;(cb+Hm_X2CZtwsPHpinvB{ zhCmZruGFMIcs1klBcVM1)nLiV!L1O*qi$zbE`ijnh~-F>uN^+Hvu3IRT49**5s@_A zj|0qB^jOEkh>|K|Vr5kN>WH|R({5Wif1MU^S)2b#LMiiLACPRp9s*sEUW3C^cC@ZX z(hwi&5J5e`XZC{Dx|($Q$&MtyD5q@(hHGngu;)fV=sI9XBPKjee0#l>%(_A$D|^|BzGl%xg6Q|p zBQ8#?-U^9h{cAVWzh2>X1f5~Da^gOa*sk01Db62w{5xwMm|DkQ24N(AxX)yebRA^; zaS*#|aO057hJnY{L=nVrz2ntybhnO&$kQRzVAwT|?dud7u3_9ET7WsRSHt7UsnOHe zC8sxN@Lo14EHWk>! zk$m%J#%(f3R(On#^!9?{GtV2QBsOQs-%6$#g9M%weU{f2zvcTU6ML2l1q zih7|SrC+rsJBN}MNx7;X)Jd&Yv#^etpZ3grF|wr5TBYytm6T6o*2tu~lV6quLM^bv zzYAU+Lp}k%%^p{{=H@r^ohXj9y^~{(lx&m&9Lo&K!O3_PhQ@nga zm8pl}+kqf_?EaGL1l%KZ_7w^kG zgRm}2V%1J&W7137@%cs6Md{bjU8)br`MKOyzvf>6t(lNIDV4Oy*)&{rsMITeIh0-` zy{iI)&E2UQJX+xryD2e-+mwh_1wW&PsdVMtjHtCTZ_y*$;a`;DdP{Vlvd z3NaNzCV88mr;MY^o|aYiOedGg6>7+bM1^lJ4{F$sasSJ2%=I`n_ob9=`ndIGOo-sP z@>i{~M6xa;llb#aRVwUqO7qig zv2k@G+ynd&dgdBstlvZ{&EYB<%~xsz9ptH-Nh%_D=SM5cjs>0zC@n+R23@C3>zrCd z9j4)vjF8<6R$=-SR$>KLJ(ugHW6&falA0MZAE|BqP8&OUFa0b?)I?sozyV2=C0vSY zINA{f*E4aDLz+T?)n1E;I1#4%4qWV+m4xVV1YcA+1Z&SKp@gfnV(b2|E`Kyz%8By_ zRd^?(me_9hf(b09l2S{`?j!0hqOiC^%Lim=&!H*WrGNNqh*nW>E9&BCdsBl%gx>~e z8T0ECP0#P22fE>YRXh_+@Kc}1-yifh#?FyK$iAF2G@}z@+nN{^%^Na3;OW(+Ta4vV zEbWJLtj=_K$o}#ZQ}UkR{@r6#;D(AybeOY`ircq$ckTT))BcIEK%O|1T{S#dbvf|< z>xb$kFc%&b?qs#A!`%xia{@tCF`8SYyH-MjM1{##{WzpVv+E{g>}%~Q(jlRA;yLQ2 zc8Waa1{TGA;xJC86!UaEqD4#+yZX>N+o=wdn6qPm6R|=Q24h`|oU2rEQQ%q?jOY7w zn?|`Woc)f^6JBLk#*|Vn=tC($q%Y_rE#o;s0x|vSexipHTfQ3uk!qKlju=L6{-fu} zmL~a^u!X6S9BDprfdBKe?9d{Ts9;rxM$1l+Pk9f3tMV^tV>F39*^G^OxZ`apz+JM5Z$Mor+0X(1f_cEV8ujY5CzKZvEYld{fv3n#Fx+0jM za!$NJ?MiRtD^3BmO(RtCVHPmy4a*@=ZVU)kyz~D4urWS6*JT~~N>fTN? z2pRL~yMD=Pp%THYBki*e#R;zK{F>JVRG0yH+h1sH3%MIw&%w@1 z@wx_YI(aX@vh8{OG_dUV3-ywaB8L)bR2#5llei>3MDrH#R9%qi0p~#sAszE6L>z9B z%2APc4oa^cekOe645psmcou69U$pmc&4&vk5hVww*!_P7GA)+Oti{SI> z>?!=NElqsY8Q#?{c7@rRc)kV&_kF(w(S2;x*6x>_!@u{OR$UyHZ=~|Q;_kH?E9r*1 zh{;xFJ&}mvOg}=@dCnkDcjb}K(M?f=NC&5AwD6v7eez48xQ}n6BY{@0-?B=qiPb#E z7Gck;NcWsj2&`7k%^^@y;o8%)EiLA;*AuIX=Sh2++xLCVB<$!~Ynk|x6V&8Yw2Of{ zx$G=`x^j+6-NMRDUc6@y-I{N#)DLqR!G6~p9Q1o8QcRU(VDv8dpk{UR#rdjG>VZn5 z5;n42HzQAl2)2??)LXU<%nss17g!5k55y*V)6rPxs9vM6Ge$t@5Y6a&7s00qL4J8( z%d!upD3QSGz)Rg-ol}#WcaxLwpynT6MF1)fhMS^IzbdGnqW@7yo<9SlfsqJV#OPZJ zVc}Ot3D6iU1c${wlSPYcP3}k5AUjoiD3pE*K8gOG+b6pW@)Xg4(GY~!T?_HKnG*L1@8 z^orA!8mdk8EK^fLxCb&)YgF)YBZN62;YjiHf_x}?#R@H@tm`ndmy)|yBC4d}UBr^1 zEa?d4VS_ZDbZ1VA_m=pN8GrYFX(8GPJBu$^;sU{MrcN1CLAaD8Xt(^wf4f;RzV#1@ zmcHnzGxWb31$p5sW7iPV4==#bJ5fu+VhLS4w0&_xAufc-&5;g3H9+`W{)EA5a9H`Mo>N|qNHv`whiLG(?%-xIF#FG2Jl zRL^v;%*79$zbTzAwjIXM=J_OvO7w8h8RFp%CG^6pL6oolLgXlsP}e0yEtqIdbvDMS zUoHD6CVn?SXi-q_+dAC&VQl;kBkzuQZK(u0{vv0-7_FHTr0xALWt7!HV_q^B9gBMB zm0dC@4XSA8M{=kX-rK(wI_Wvor-U>NnZ*YPtB@q40YVXp*cQd(rglraJ>Gxs3uvU9 z=Hw9*@;$Sm?)5{${r$VfduMdL9;z)84{g-ekY`CUaO^+=!BX`!kvE1oi?Yvu&q*1* zn~nDn`MDn@Yy8RVB4e0E67_3^B0Jeis=>(jM$#ss&(g1>V-P`l&H#Zwbdl8vr5*?`He%W zlR>);6JsU(;IwMF>Sv9j7;GZR=%ynj?jDy)^&O(eIS#Q6ZI9vlXm^1%gPh}5olp?3 zc;Y%i5k7yVIP<6MRIQRSuQT7+2qmTN(3y(mOqk7V$xZL*sC&<8ILQxjOJY>0u){c6 zERSjoiddRvVx4*}oX!O$z}4~qTRV5uJFc7iV#CBH>l;G8@c3FtXh~{~zA~nF1cug- z{RZ{HVDPrSseYpqN$#Y2pIWE72c1J3Gxsl)W(4a+T3bEjyYHWfViIzb8OvDTq_>EW ze-Ndg+GO9m_`J_rbzx4p7^nZ`?>)=6!2B~9RA_8&1y5c0slzdGCM09h6Vt)0=S%H} z^>+z?>yRRw_g&q}Z!@?(GPn2?7gW~?>zKSp3RJBsMhQ6XQF5NIt9f2C-3+#SVWo6& zsMv{ga=~aqp5Gf*)WgWYpw4JvvyEBqUB@EhkMzLuMK6d2p`TrX;Q5ZY=4nqb4LLVOL{|^a<kSNmwV_j+mi*t@joWztO&6Z+xU~ioiXI!48{YaX%WOU--K_qAlEw-;&Zw=u9 z10A6Kd-Sb=eE3$%>Iicw8rQ?dl>7e1hIiOqtBFy-T9QM~wIti_Hd?GsdV+v+l5DSD|Kyt&*}op!CHCyIQw1XSEB zl!9AwtTo59w!>9E^*5ODL+pF|S62?YxI)>Em%VUVy5SgY0wga{^J`>=`~uw#Se^hn zX5pbh=M59OTFlS#cW$WMh+u;V<7+YlRz^e|R9yU6YpX~4uJFFCTXGL22U`bP_&yv3imge5zl-G3H;4a2s%NcD}l+f`Ia3d8=) zFQHqfgyVOrk|R(pa{SAkPq{$9{3zocvtr3JoPZdNy3XVEi7Kbd^DE9;z_Yvl)`v9p zVk!viady(jfNvi&=L%MULm%(Om@a#Q+w!ekc$?K1p^FJ6ap_Vz`f||w1oI6+*(&7- zD<|^oVPU9xmqUhmH1L1e1^@fW^WREf;dcNva)FTsEcH2;PHc+q4tH-HxonWy$u4;G z?dPWV5-HuNx@3|!m9r7psq5>JGwDYb4L_dO_5wf0p7uU&JNiFB{U0BJ9}kB8|8xTW zohE+%+Y0=b{P9+KKUVnhNOoHI@bt<0wiobL`T73&Gw}0I$KEHEkl&l(c_Ns%<2>E4 z(KFzs`SV%b=R?}(RXEW9ZL09|xH0hM-f`qNlU|+Uu-O5vaO;Ga;%fSqA6_n6%FL`H zX-xDuC|eOVWnz=*{`lcr8=0wQK-?Tz;Ok}o=kwU!=X+t`XGdUHAnEa17sm@|?B&ng z<5(411DV_h62HA}&Lb~y7iK+YHSqaypH^8-Ahexfe%G@2M>d<);{dGUzYAek!f>s6 z*+=DIw%oclN0wYRpA;LmxKoym%(Z3D2>%zKVStv8)su|YhhQw;JTr(gnj?{ z8&FvAFqCff;6j*IJWJq~Yw$duebAowsKES2%iD^Eo2|AI`0^EhU5|URzAc#X`;Hk!v37tVk+-rm`-B!oHD$}v9sio;{6qivT}((ob!zkO_09>2 zKXdCDfG1Huls@d7Xv^Qm3a?ynDf>w<4Tq^=Ha(VvCqvh+0-)dNb5aXxU+LL z_FaTz?OB0^r6Qn`ID2 z-qm?u`vpdbRqQJO)qgQ5?$3suRU+rf0ml%V!=Gj%2imnZ1OzJTQqVkx-0rOgV~Y;9 zP4)pn2fL?!n$E8*o9Pm*zdaz4$XNZ>Dk&{8Y<&~Kiuux^I%!=Plolx}sn!B&+C<6k z-tBb5&X0z{UyCiXMsUcTvWz$vx{YLs=O|esS78q(S_O-jez*AZ1dL!XQeb&zcfAsq zWmn0_=b3gc+VQ)U0oQp9afu?_t`CS3+#?@XNzTrkm2;N;ae*yRE@g)Cv8MjHfOLvrKK`d# zpH4+6G=-AD5Us0F{Jd9v=- zC_`4c&aBnzmKz0lS%uFHX6`ZmuB@{ z&rQr{d8YObno-q^9UWvl&VL{t5A?;XXfrF2KRm@vrk0&_)lKG*4)p&^Vj(zvn|wnR zTTind@d(53(?zAq=$*OA+*%ja=^Eumm5lqa^xhMt-9HuaR5)h_U~pQavt~0C97V$hmFt#Ot0D-LA$M zjViX!!!nnE&eTE-*Rf$q$=cDp6yc^W?Gt=ZR6Xav`iP;@>;rgka~z8Pz$oF7g(wk%#F&_}c0 zJ6-?os9x&Z)8V8e={J(YfW6lubNqg7_q2&xc9915P#W z(YH(RNSPp>-mayP6aR?GXHWVfkqk$6rCREe)7cn`{r`f{J|6#Y_cIdROP;AikxEW6 z!*d8o!r2SXBXYG}D0H0N5-v*gOf84VD)dZG+loBIQQ{B842zPk`;-$PrGzPn3^Yy6BM_w^YM>BM?l-Z#U^R+KJ1@+RTeSOukS+n3LKUPXtJb{q4^0L%aFcum{ zm{C!drLUNl*L6gtux018{RP)1J&gM96S){lMfw(zV)TF?zT0aa1t(adGj=EgSYGgS zo69!|8iae}q-@uSX|RpM3!`e@d!YzsU=|8Svk2mcW5d_!r0gX+&KU`k*vSd}2Mm_j z@4*?jiq2-cn53w2T~J_X&V8uE5mMQ6grcH1%Z`%!c-h3yTFp9aAVu#Nt0c zN?FvMT0~6e$xxVSG-X$ziH90N$gadm(lHn%+aKjBUX%9Ibf|LjMSuB|S4jB~4qxn)WiIRIYG7f#FRhMy%)S_2PH>Y!)!EG& zFMa!TG=$pAK?|lX8Mf={wyjY?MbLgL>$m%->q%a;)l<5Xc`d# zu5BJ`<+dwbOd$yo@&6?ZEj|_PJNuBBgK6cA6mwbcHAPsG95{yAm})OvNArmUxZpBF zm;R3;3WK{id5I28ifNvB`X3AY@2GIFo+xxRYmi42KxQQB-Jc#_uc6WQ*u(f*|2e7b zSf`AR`Dhudop^i!zuEh3-VP?ycQMBam`pHuM{zo;?OUS6E~AqpG(ZJn!p;S$%c(BZ zIEio?r=bbQEh=cBt#={|u~T~%>EZ4`%f&osfY$G^w(i6<6S5Mqov$f0-K>e3348h4; z%^?5AQm9~S5YJlWe^Ptjj!}ZU;8b#RW{)Qzf*}7yGGZo5Unk{!_ zTisjAKA=PWu+IL=qkb}3DXRV5G6ZbP5(|T3umiy+q)qulGW<6YImK08(~T#Fs7c^O zPs!>K_rLcP==2DE2pdy2s?S}yQxzIjA4YCn?b@MPl`Q4LK`tzJnFxA?sSV&}Oub$@v(QH~2oe_Rnal8NPd+0;O{S}p=G z$%NiYcdyrY<(W?HBQ}{k9y|Ga;uE-r9eikE7;cE_1 z*oz@d8mU$z-r7=~!>r!%h}*UR*FvaF)Lor|p@6669ir8mmj0X-t02XuT$Km5eh>v| zzJE1;XH@X(Lkpq_%4(e>9E0Jm#fftJ-=syaczvH`V*N6aV4n>bhLobmnf;@wEfnO* zRnkQav>N_SnFAxoueszSuKZwQ{QvS`0d*a0+0o)>`LfYNcxB zr^}SOUT*Q<>PcqcN<3$gvMR9rK=+gw!%N!m-!G-6h>f$|QApp`=E={nwQ$0Y>yF1g ztg7C{UP3yvM^3~vshjO4n5qY9712Bq#65z67Xfy9gtL%e6ch#U#I?ErZiF)S$Qbz_ zQS)mnE=e7j_QVWVuoP-?0Zn+3N@L71Q4J*}wc{rZwHP!yM{aJpcC6XApi6880A8|1 z!SBBY)IuzKSLEqub+sTp2k$Mf+*i@U@aP-L#d+QA0z`sJCqRYX!mh1%E$yP?Nl%>sMz9TuxbjPAx#?XVUG%_C&E z$esK*OTM0e=Z7Q)o+Xi7sFOkbLXnzEj*`q8bK_sj>H)UxHU}-EeXXAO#6buwo7b-H zjyU$>6vQ!rfw@k))0{;(oWsEu+iH-(^&pI|@#q4!FHWHDj8)I?R?Dw()BL%>sGsGI ze{?u6Wk|--Jar;c`nXq!>S$8A+I-1IEfH%+L+i>{>&uz0++8G(aF=f`6Wi+Vawd;9 zYA$l0#ojuwK0MZ;L zYMJ3Gp7m6HA(1q#u8f$JxBy$LjX?h<0yA|KMW`iWHs@Wi&Awlid5nG92vD6#d(>Zz!gRt+%O(1=@wO*WEB1Yepr}>^Es zO|di)jS(7&Dd6L8agT<{(Gu4VhGF~fuPnkFl!-LCk|`SfshxPPx!eQ>N2(UvNWHOr zmw#Hca;C7&XOIjv-9n6s`5L!nQOfZ{QAOugXeG{=wa3zJn-K@VLh@G<2^pUKj|a91 zsZb@Or=&3V*2CVdCDMDzFtS>tR@u_`=@8{1 zS=ThS3`Cbrq*&{eT{xYXsRT@IeAt={oc)Zg5UCS|D@bz?SMN-vjOqpW>`$ekJGcLB zLM@e%6kE?v45Fi{L-JI^j@CZcigWXypSCxJRQ#P+>YY?^xNibmkk-VwEn7Wr!?5{P z{rB)j&UG{gw+ViE4sr9MxoQ%Atj}L*|KBZcQj08Roc8$h)U*6K_EpuGwj#mELN=pe zSael#!{chAh7JdN;Ex?uVI33O*A=JEb7PG@*0!oA8wzty9VddP~dsuAJVczaw3>=jHRNF1ayc_|HL?{v~Sad z@Bmb^7-dGzad5$5PGU0F=(A$YGc75I*G+P4vZ_i-#$xZ2U2ac{%MxK+Ft{v|QtN!_ z)z(Cs=Bt)R)-Z1uGjE7CFIbk+XXem_Y=a_NqdH2AtfR!v7_+C7%#2t^w!r^wq}%v0{4$7&?1KlBBdwaI>z z>oie<*^qt7RqdreR_?0mxxcQG%AhsWNwY!{;iW|gN?dYhd%DiI*d~=}VO5dkt(|^O z3W9Q(ZDv*5?-Wyj?y_7o?WhXbuBTUH%42X(GA-jFkIK7pptwh43(KN*nF}M&h)hs( zT7&Rt!6mNMxd z>jJRCU_aqfx7PZ-Ik~*Of;8BvZZd&fg&X)NU9%K7LA9o^zKDX8;;Tz7W|rSnkRoFM zML4k|(f~-}FSq4bZgWlV2*~SSpCoV~i+Eg9lEi+K9aHX5vstYH2D0wR=#btKks-EWT z&!ZL%9}Lt~wQBl$lKY0U+IN4NECLm+S$^&Druo&jbVS)c@w7c|wD0GXOlmc$2^j?7 zvEyzpffR_4v58PMjxY#4qbh04noSNvj~G~U!YVm*D;(dQ>TE>I-{3ndb;x^5UjAsJ z(38`JrTyC{-Wn8zF^;{Tcf>7gQJ>2KME6~V&6^3U{oo%3L32zYFX_UuHX^c^Hr8vo z$%$2i46vP5kH%!xO{Pwz$aGvfq;0H}Q?<2%7`Dvlo3`cY>U{yKMGVm($z*{D5kd7I z5wKOXJ$2-osA$DEE#QBDeZi4PP};*C=DfibkBv(4;jfc|5RDB=Xvw2Wt^5_WCc_Hs ztX817U9Nshg2sUak{SqtXOhi!MVH0@#tr=Klg2Of?8n42H?k80w(6i~?i0>R9!(`f zJ(KIx)dGgH^iYkpn{-Y#h9t@f{XHY;5+xVGUccv}agM^H;1>qtBez7f+0r2+W$$2E z80-U3DzQs7JzI-wj`UZ@g+FYfk`za7zG#TL2gKEOHVl7c`46Eb%MBvzM!R=RyKoZz zbV7XtDC7_%NM~v|@-fi)i8S&o%vj;Mr_hWya?^Z-2DEBT?%7MU`Z=IBR@FaGhb0F z+VV1kvRpg5j;JIEOL)qOSA9i)zknNF?m2s9SpmBAzaqJd;@_e)_^0aHs>M7+PWdS` zf8Mk-L@St_a~80ZUxI740n>t7aa&ikrimoY^Gb5T*#>s75~cu8(u%->y5c3yp3vkQ z`R%_GNl%l8WecD~q>|c&x+39vm&xKBg2qOdS`IeaebKXP!#BF@TK6SSOtV5LLcZng zwCu+h`r$+sNCEA%E1wF{nhSt#2N8|#Uxp(55o?ZV#%rc(B^?M*fomTOYneE$bZ2_% zkR5%|bKdZdY##h^0XmV`%y9t=K{6ph3#zxm>G!XY2geSjtZiJUmgW+SW(XsNz_UDR zPF!pmjw37~ZoS0Jv>hp;6mIuz_gowbaiP7{3V{2x9$qTMUu?C{6Y!oZpu|75s)5Gf zp!?{Ds8%=IOh`wO0;Vobeh1JCS{j89+A_vdbXeNmD*RNLj6E)Je)_C@oY7M2IARma zt$JZ;j9tY~YG2cFy&*&;Q2v_BMI4c^qWUxE|Xldy}0h&HnsN=TdnZ-A+dcKMvVG>k$gkJSJ4_L z;`5IsYDb}PY(AygUj^T(*b8&u;o;z&d{oVLjCX$Ih80x?y|5SNnMyJyEd8siHn1Go zsVn$uEf#*Hv&PfVQQ?|4XKw3gQBLQAZv8EJX$#Uyi6ydwf!`)o7;UAdH2`0FCKY>3 zAr}t2$Th(t*9K`mstur;16?vdXMla#H|n94a+oDXSj6v{z_TbbO}7?~3M_d^LdR(^e1A+Qc^f-gog`35VirrMt$pPYM4Y25DsnFfxsU zT!L`pU=o;O54fk1!GV)#kUgAAW&j;?7ya9|f8dE9_Ol_ilM(}2)`Mm9n!Jj+)+m~@ z9WhxNbo+^PJvvP4eA zwjHKQEUGS+VvT{~#O@N31hb^(MovHIuL!tYheSvbw{Q7)abHe#MJHX6s z{ns*~i>0>AM%uKo({p6zi&ATWLW$#2@SUU77p4=K^=ilbxPMh2GK@XUq2}){{8)Jx zvTt?lydRpuJr4KRZZi9Z(#qw+r5|xLM!SJ>!?OJbW2l5Bg7w59ShEjRz-HD^xwZRg zwt^sBx7p@yc^JZtqcd;xqVb@%O&wmw26eIdjm=yadT6mC3b^Hmd_)y$ksM~Ad+~39 za;W@zp`wR}mTmAE*GpVuG?289X?MKWG^y~VDP8BMWjRdiBm!ZWZ zoHeW~Ib#=XvgBx1O0BBe#G1+83dh|JoTpLau5D*JWY~2bJ}!LB^J!V%&@6vX^QDGa zDW*GBB$LoH0*hK!Ec`{1G{!2Wbc`Hht+_*c*4lE?`CFUFBCw+snPML3DGg_alGJK8 zPV0ilQB$p?%8JKPYuGEhV0nA6gOBW+XOR>Txf&JGvfZ=@Cz1`b*YMU$R53Ka%Ov&J z5pdU{*)EyN`S9-`95fc^#CPMamSv_FL?65RY~)AVtmvZrn0Ip>o5qI;K5Wbr1(`M> ztcGP`=m1N^QDc1mmYgKDZa<~nxpdc!I1XBrzQQYdgLm&?YrxMwMBo`ZqSW^;g;Ul> z$Q_VFDOG%)W`lPVgf~+zxn_dW*U?Pf^RzRUc8}Fa@fA=`sJMfQ(aXXVE%;qmI|(}Z zwrajEEMx$8_#enAW6Eg}xNd}dE9t&-7S9Z5pE>JZ#^&;o81nwIfjm}Q#JDY+(x)Tz zcU7)z-;J_(?pIU(YzEmQH$@SMQ?|NNSq>)7G_gRy228aYNy!GKPb=Rh*2N4YAs4oV z(%P5p{%qcWSe*OsGNAxfGpG8|;61nCku<$@)r>=}NUkb5hOaD}A3J;GRGAmCc!XsL ztYn9IBK*ipb!wrp6?sS}^eJQL$3}$HO$rUaC;ymdQV!&`y-fvC{roAyO?Uj)lSYg5C)s{Ch+uRg$DOT6AIf6@HEeG1&IiirE_7Y*bEnb6CqM;ovd zFqvoPpYr?)&LZZV{Z4_pd`G^-qDHPr>;pWxOe4G}R588cIkUvgA#7cAPdA;bznH~t zJG1+dlH^LM7{9SXrohoP=m_rq@kFBh8GcVaexW4*Ci|WupQ|rtcFg>4P*kt~R?*d8PS<5agQR0#rrOU@$RI^}-wjwrNTPO83#1>N3pd7@=n96L+vWzu`YVeT& zkt7um0o0Opw^9O@aKVG8efr!u*jTjL|5HW>-Iv}%3_}?6LN7PfcX7p-c9v(+=`Ux^ zkEjHfq?QvZBhFQsHuT1LM_evYNl=?EHf36Xg|4Gik_K9v-;s+t)*!H0^-eyaU*Vs5 z?!ngaNP%!}$Fo(IL}K|S1HEM;J_4dX#);n3WLmAj z|7R`vh&b^NTjq=Ot;R!N@J?$i(U4FgwA^@_c6$HTu5gB{!( zM~X=mbhQ|UstU4nbpF^y``+)3-eB-tQrNG2k6mOZ60Z1=+*w;lDf@mfkd6wwcGFTNs! zM5)PBCX&ssNQO_eIb)iujxp|ukFe& zW`-+WG*fa#L#k|YgJfA_wWc*UHkv^ZROWt6WzVC14O>=I!9foDeklF58%@2Or>ASU zFh#=vI%RT4D*h>xIB#}q@)U-MR0z0vVX@n9=k`v5SF%c_}{(L|^#^iZBS)y&0>O_%K=&ub`kgV#e=G9GVrQ znd#y)e=!Rj3TS@!_LGvt(7iHG#fV(lz_XQfk;jV^{(=z2+z7T#=ZB10*U`XWG=0l< z?3uqiFPa3{c)EDJe#J=2DQ@`6dqzrd0qj=DxqIA`AEu4FEP5f5*Yng^*4<6~*{zLY zeroxzpLHNb&coC-fTo<~K ztO@d&Y}crPgA-X_w(f%Nyl?A9+l``BS?2Rc%UGCv_@9Ct3tOiLCm*Y3=GWo1i6rL> zeCnirE!uXJ!=kblBW?fDk`yP9+FVu&^m*J$TKgSR&KTn84V#PXA zIK0(^#KXwJg?XysbaSxF8k3i=L}_h^DanKy8(~zQ@y$CRY7-7_(s!zH{xKx^tGQK; z#uaeGRTTvBD1EpeblY{pL(>axe-C63lgo~{;n6Dptuq~@B`(6$h6UHTl5VA4xwQWc zTD51tL@=8ffM%TAr!I102Alm;mxa+h)ASD;d4DfA5zCRjI>|3`;J=fNzuwZ-@ib{& zKVV0Nj_ohG>{?Zc+RJ?SKnI6mShGw|($u}uN)`7E)^fi5)ykcsjSi*IU!04zlqwN! zPO4WdI#AafwIKpaB-0&7M>He(rCqQ3rtS|@eMn*GU5Zn*UAPtLmejuQRD@-=0@qv_ za6-B|#_4>8@T$?zSZ#qD^@+mm3_Jh%lf=K#!1X4G5|(juT7vWk*k*#ruJ-?@y{~?Y zs{7s^LJ4UJLAnQ|ONNk6K^Q{1M;e5oOBx&+2I=mWZWWOZ=?>`zNu}gHKA+F`ed2xo zgZF!Wn7QWK=U#iQz3;X5I(zTg2TZm3yG%CR29H{;uX@Y?oh1o~3hQ=h$q|Ly>Iw1< zXfleM0qEAS-kL%$i8$&2UU+H*l20HBmF%w z2jq10st}WAfa9k_9@S}S3ANg~e1(-1*?0djRlIcPYz^K)eTmTKc`FPUus&6nINtt1 z)XS!Rwl6>h#Rc(5fN8zs5sYn+H@r1b6Q7lcf!MUtQ(dU#sC#A0UMW~uU&I_)!pks1 zz+>YXOB(XEsSZ$CE!1ihY(^Ywxs)u*H`u~7X{+8BNG&!mE|)mB-%8lFRCtyGv{5dS zoNlCMT3})MU<1H9P6Ot)0z2@>ESFHP1{dWrT$S;RBIx;SWD`iczKwi%tPk7SyCqkx z0@Ew2F59_eANUXmbKxGVOjr(+v_l@EAOi9-_9+oOkgiAv0n4gAycBg{c1YbquEGjc z(^Rgt%eCk%MM#B^To1|1K$!n`rk7Dv0g&dsQvtN=U$88I0hhQ zlba;}k4jW|biSLJ@)(G#K|T9@P$yCxPJ|Mhg?BD*!&u(-4M!1a-W?Cj_q}D&VQ^N8 z5(d-$M4@N?igO&y`BgO4T%S7sHWmX6kU?Jwa4w+32dkw~wo-$pvwMT|8hoR*&eGhS zt=Zj~p`R{)m2*X%EdRQWd2@5Se0TZd&2`fCTe$x#TWEhhh4Jm^WKh@fQkH-KN~NRE zsgR7Z$C+l!J#&uI0=-jPV|EADwFMf(_v_OLfy7RzPUKH9A_(l|umiuOt5jI}7)Jcl zfsq+}yI|LXS7UP68gVRb-irAp`oe;@7pxB`Pf^a?fsR740`o$}X2Z zH`0gNEw%E8euM=RDxRADU3{?AVZk=B(Z zM&qjvWTpH+;(NspOhX{~N~hmnpOUIs9tvI=B>M>Si{dzV1d#;=C$)1c(mS;ImSf@G+vs`OHf0WK`X7I3n6 zd}GLqoF~9s;`o)bQ(FA*ynLDJ&`zskgJ-c!8wc!Q53T{;!M%9E3`;RTb(F{injh+= zl}TPyAeH*aOffFAy?80&#h(6C{t&u<>3QMqzauDMpE+bHZIgrrz`lvHVUI4y{;n5!=}-GX)-* zd`#Y~sh*-VVhcAP3GgB1_UCRe^m8A3>+P>H4akf_jG59qMWmW=Nuej}$ z$~Mamow!Z81;<6C}CS!-VR`NYg1vXmrob?~79JZo8uO+Ad zYFOJWpGmR-bKa&?{&gO2wLXg=Q}EnOzQgS0cN~&iY#+Bsm1Jn&>`1E`DH4C4)n1P0 zSNUDjodE6XsBWs8$u3S-y?ym|DSEbs;Vif>tKBv

UT*9CfMK!@}tN`Zt>?Lo6sHXCtqzYt$>zxJH9FI=QxvJJf2`w1sm zo39*FhFyzBf`5^%35*H1b)SC&({iICC3ZTf(J3G^dR(zJgB^Qp@i zxn{OTOjmI%GmdX6hj$#pW8l79S28z0Dy}*`L4c|R4{QF8RMsXXzbh~|`=DLmapGuM z%g9Vf96`<#7p}MH+(Q|AVBKvF+6RmFn(<}*QVePfY|>g*6@u4cU7JOkIgS2oE{*B| zrKKYvVyztSh71C5z3?FGGLr3#R4oKp=gq)LOrr2@P37Ege~ua~vHJ zGRX$rZqLS(b|uVQx6Zm2eL#5-E(LTv1_iwgEhxjEo(^hL`%%9m1gx@+>yq;ED(?Xq zI!`OQ3%(iK=dtymLZUAd6GcPh=S=Ne6}>_~!rf7&74hGQE}GNM9=Wc!2q2=&gA#HEF@Ewcr$ z+60_E#)B^{1o3Hd*-g;b{KoT*UVFnZhD1xtUR)6qh_ukak z%afV?6ff+Dj8}0JD_W}!Rm|4(^%w{#XA3 z{T0GZ_H6Do)b0D-_`3`Um+H^4*T`-7?+rpj9Kx!$c$`oZsdl?Se*I%X0jcd)O<%vL z(M`LVxT0SQzw7lo2Ij3=A-tT>sHb@XqeCM(x1^yLb8(^GjCp|U1I#R+^BP4FGjywJ zB&9p}WPecV*QWOH=v+g22`4mLTFf|*7)`9zRbyV936xRME?D6ro8>6YUrZ*msh=%5 ziHK5BZW37x>wgKRTTNO%A<%#XpE|HYCLYj-uk6F?SHp*nArGmP8cAES(p=KY?46cy zkMlCIB-y|kX1JGx@-}J>H|BW$oVt1tr;YIvC_o-KTsxnN#Caiqv;%kGlhj~pJ zEnj!~mqAdaFcZ`l11^(<4UKp8XkS|lw;X7s&iZ{L3}dz0x(A*>ZfAM8P4K%ftE<4@VnX-;>NcE z#%o$O0+VEqx?qmsLkM}_Ah>>QnbCgW7j9#V!|cvs)hGAu zeG@us-%Uc7h2{Jt?1Xc23@{#fC%INq9kzay91R!JFyHVIreLRZwq=k<8{X-k_|(RW zeKSG1;CT=AS-Tx?6>YWdQn_0i)Jb*P_DUfwYL`U0G>jOQ?mbIoU7c(1HK$M%t|HMb zY}ldehf8JsUi|9H6z0VPIk< zL;5iSg>Ea|{2cMgg`dtcWT!5$)drG&K99oC zRVd<58^;y6UFR$exK#oJ!NaA6=(&Ol?z9RVb5|Z~+H_Hzc`91xPG$OClMW z@|#e!sh#qtQazP=g!?=(VxiQGAC=36J=)2F)3eT1u=n0;%3OdafhU9}+`_rY_sE0+ zJv1{93|N}2>r*KEhbOSKo>oScj9GE&1cz&eS~hx)<#G{8{MZ0hLlVUoo-QHMb8+7~ zuiigfWZ~~T;-`W+od|8|TvACzRa3`?s;b4EBjr&`oz8?7S^4h?y#F!DpH+Vv)-0OU zANblO5ZlIlLsoKy>7EGRi`U=d33rUKf`L8sCzI+1O1#$j{Qa>oTl5 z3IF<$G$jKXq)KLWiH9taM1!i}>K*g5Vk{0E+UxPHEl!)sYIu$8U{`=9OkETnhEHYF zvrC0+>rpKgld^j$(nA&tm0nE|HW5#qm3g#R`5luk12)pD2kGoToeVU`td8vR#6O zo78wVgUr6xLvppEI%}?xb3oQN1%7@&PMVrJS1YI)cayyUuZZ@yk;TvdcA8AYueF8p z)x7^JrU2lj>JV2G(Gv|=z9)vDaEGRX0-;f8)OHSzOH11}HL3$fcPzoKMC0I7&4@8o zEXksQu$$^RyNTpjX7mad6V1RwnERDR`6Cvca;8}%(HS20knwFC-jfEB(EhJF6Sd-I zblLb3RL_CHG%tm!q9857%?&(TJKoFKk_Q%dO*s(^0wR0F_}B{1ir9sEuO7s8=SpRt zrpGE(BIjH-N4_G@;4ShDBZd5I!3yT;IofK*nw@#UKuHYJkGeI{e;x3PGbf4%*!9mb zq3g0;h!+x@Pbcwi^Ix*y-|`D=>ece|se7RpnYWO-7#Fa{5AQ5|Sda&6+r3U56$9T; zicpOcCt*=g{0b0wIql7C#a)aPXF%bfMdVd)w-CGI^{pMMXr*M6`)+C(n|K=__~BP0 zSR<^KzTy>$cS!%!N>*mH98=Wc_rq)@gR=gd4qRc8JdvBowx5AxsE~r?HjJ~h)~J>< zwez&D{j0^(Z3*=c&3Zf#2b%M^tD!YdjW~l)W|-9QH@cQsKCE*FXyk^!#TlF{W~RYukRCuFx>WZ6hQlFsN`c}nsmc(syt5MRq#cxC@uE|;&sA^tRb(qO4P zHVX-j);ygSqb)J8fA<(WI^r`6CF?9gN?3^9&-nqtfO*|8S7tW)Dy!DqjDI}5DS9(T zk4fK&Roh2Ki4H^L#l^%WSr4!dkzw(#+N7d34DVu$MS|u*?d*2N`{Y; z0jqo(d($UQaWC#|-dKcjLR#g*DogM}+v1BJ;qB#SZx*W>_bZ_Vu=bEQ2)Bf7V4vgSpL@;~Vx3G=t zzn8mxOUjYq_%?^Ef~d4R8Pjt#9)n|x|7)J|#>C9NOFPWHs5H7XsJLY99ji8FuAc30whfCaABjo<_zpVN$_>84oE~iDDn8 z)76@US^zk`yb}-8ASp9VU|_i>bG-A!%XTC$Y;TNBa@YTp>rQhD)nedAyD5U-c(e7HTv8X0~WV(e9g$F_wrtwxv>i;gLV z^jj(K9Bgp13-Ba0+3`Lno8o~B$SKl)=%W#A6epwP=0j*}0NLdgV`REq_2~L<5E3@S zwGF{-`;`R{+L1l#caTqX_qc;Ncurb`Up$uivNt8FqpZ`~9#(3<)75p@cz^M&m!aL; z_}#i-BHV@xmKc4c^E=3bBd&y6RRk^l=r;qd5BHqy?!Q&e5^v{cmNOFCvUV>DpRVxy zerVwlD2@Fhlv3NTOk1PUT)%YO^fguMWBt=GW{Mr>pz8|BH{|z%;BSqBtMrbAC%z5z za1=aU-jN@eNiRAWq92$6w$qpfZ{UNEAL*fNHrfbmbgyS9Y5UXPsxNP{OYFV;pc<*7 zk+ueiSIZ=`Dp|ubJjtG{6J*8**FJ*FMwav+yiYF@W-S}Z4U#-Anwr~*#YRXHNWan3 zB65ADp+QB^e^^?N5X*mRM)1XoB<+-69!97`$t7Y#?L#UgzrkKM6O{4r%OSsB*V0jo z2<;>gVV)MUS#R^E?QwX=bBzUG#cvdssJcUQyIVJ2IHq*$DE{)Y1)0?$#1QXurZb2g zuT29zU`OXob!Zs0p@$7@q!5k(b@S7yAs6Bm5-+!Q0gyUnDUV3Vg8iuE`r*`SGSq`x zP{h!2mbSDhn_^b6N9}|#!%3N#UHm=AgOeJC2RAUs^e-8-oBqeb6x<2+_BQTE%{I2-PiwcHkFo!!E;uiHLV&& zMgvqc(BEOAOd=REVPx|*hpU3k?S6PH7l-G2-L5N~_1IO{YTXU5fkRcTY*h>(YICTU zvxbkyPYUOAF5dfmJ+n4_4Fm-WmC!CntwOj&c99szXf!dj^KkvEs4U@dvS+0x?`dzX zYV&iamf4oFgV

S7&2XN@1tZ#G32!=ZgaZlSR1SFcNMNcTsjpXuJ4jijbR+)EN| zsuhxKt8;7rGI3wbtI4fG%1$+=n`&lJuSKc4!9*G-sZv&Zi1vxVWJflKVFhg<()2;# zqn7#7=vQZjtC0YM0$7~EPsY(8`JeO%zKkrAy7HGX(a+a58<|;l9IA3P&nws2aWf*M zCl!4NMd9Hus#n+M=6)b+tg7DuDLM~C&qq_84^77E zv|+tNf^y1PX`J`e{Y7QteGcGNQuo70J~t>NI}uEM)@DoYGH@ngZY{%d`B(^{y5HIN z%D}ik?w+kM1m>gJ$5ZsKNl>71JU?FN{Y!j92a=z>5E-j$U^o&9u7@BgOn=iu-}Mtf zkAvxWz}YJB3a(xPW^8GPaG}ZcZoLzIiW$+NXjnxXp7XWBSs&t5TrwQ1hDT0Adfn{$ zzHoYHT0clJ{>nf{M{9@^LuNRrF}VH`T;Ejr?mL;bmipeWiVbPAbk}Q6%Gf^eB3eaU{Tn{Ke zSYxnHldiDUhfw@RT*+n*sX5U@Bak9M>y()5$3>-HdZOrl&%|PW z*93Y(o9T(G<|KVPin2{P3YQQABzCzoC71A*#9(!MCmo;4==Ngn0T-BpN~>03OZO$4 zwIm9yE02rtd~5ys8`%NYdRp8xgz>hnhB?R2&$Ba{e!3>)&j?PLj>Oc|1fLDe+eJev z6wjD+bJqL@p7#8#Er_Pl?hA_gGLG%&HQTULS>o|5pCs}GwBILn;C zQ`aILuLRh`6rPS@i6yNy+$Z?a^Dj zTTz?cCZ^xX)@X!2vsLO_Bgfgrw^$D))43U+yAZSA|9peG$^^?@1L9*~HtL+b-fv_>|>Gqxi_pKL6Q_ zEWG#RVGgc>O5-+v&zBAIElC_P!EuhyhnhFdYb?YuzIvwCDviDFZU!j|5RpO~bXuF; zN5Q%F$fkN8W`6rTQ25IIb+!5J;u1W}4T}S7Pdk-)R*>0tb;=20gG@9MqAn_X#~SBR z#)Oo$27MVZC-Y@6H<{KfVnS9Ks!E^T>vA zu>_5PF2)dvd<2}KwBfhP6qRpY9OqJmClM^_rVa&~DCYKm;25-0#}m2vUnF&&Tmbj2 zc?}d&J!inOEQ;;n^n6Y5uE$T7VQ0^TO@V;76)GabTZHtF$bD0nGQP!rC2x$O@svnE z;h8>L8m;X9m2SmPn@=Z=sh{JX4e;SI{ET7$SJJ-M4$GAS8k@R)x4`I|Xq zReGu!qbxhaXXbTPwU!js?M7KsM_WW3aYZC%S}d3WOCFUgAp(_PnwC_h2xUN_?$Us=Je&}*uLV9sj zX87>7s-t?v?3dI2yxWIqxUcV@hoi`-jw+!^;@l+0x*seBkt#RRCI;e5 zuN(BHo`ggiH(*x~d!MZd2l{FvbSyYFqFhYCmJYkyVCx>3f2Ll|E)-NE{84C!HLmKYO*3D?Uay1R6#pAxHBLbNe1QUEOTx){An$99COVo0g zhOHGdaO?CZ*?xSj`{*>?!`a=(Akf_%8c0nU4V@TtAA|{5NeB8)fxG+}1q7PA2Le3= zVWL<#nyWcGzJ_y|yTV-@?SG#jM4O9_!kP^NZuk@c6~ZZb81)1WoIPN?e4DZp$$adkwK-Z>s`T7ZUVKTtqN|u z2s*uezE*{2MMu~o!xM>hQ6Yr;)HX$WJ=%|mM#s{mQ9Q4+3ODsw?#lZZM`66t8KT>n zt*s-1IpZ_cTjIzyTf4NvL@)b|>gn#DM|2bed8Z9woixJVHL64}OXBw{>3TD9}lD%h9L-5`-g_WBnkf&|=5htYL^EHdHTc_n#PY6v+3!=)E z~C_zj!Kc7wH!FY3^Dc;9t1a&C}>ZN_8b_OR|qT zcNYfT5@opcfCj09kB$!2;<=na>WrQ(;=LnnCP-)DPHGO6(ZG&SR+3b=Nd&E- z_piua`QUDJxdX)gf2sdoB)0|%u-Xz81S0$!^&OpI|4aNoojo|-*fxlpxN8~X8ZX{G zY7R1&O?pxEf&*uBW=8+rLIdwZ>G%do2J+ChrZdw*a&$Vu$Zmnki zCrG}}{A&7pZF^O78i}iY=8c~a6s@kUONpNx=WisF2IoiCL|pkZR+sVQ50r7NzGX(p zh7tj<19x*bE?1`xJ6^zFR76-Qt_mxDZshzFbIG~+opzY#7ZbA|G3jw6;{zftmM;%z zkKlJV6qjWGN<@e9gi|SigcBGb5W!!GX!`o~|MKup9;PR%JEn0H^enR+h;SQSO@Od0 z4A<3E4hqG~_3K6sd7Os`%PAhusv`Htze-5aN|!V?o?cenWxNrjY*{23oDI~}{NDUH z(q|e)RYvL3>rkA@xXRH$-g;1D5IwB96=P$m`)D~QgqTS|MN+ssu&g=F)^J$#MI0q| zx!kL?w2bGysJ698+ZPt(Os~0m3qh6b)kiPHW~{$~^QU39+k(-x6~BzfHDgPkou}_B zkH3x-Ph!eLw}torj3WXgd+Scau{QLI7cOfUKE+Na(v5Es^~yopV|>?LldKfEgG4mw zhq*QU+cZ$cK$YJ)xD(mr^u^{;N2MT$UxFa%Y0nPq((cVeQe{N5Ag*@JEA^goO}*}q z!9H5T{@T5Kfy}yLhW0{*rlKYHn44Jb+CHqILbq5pZGR>at);C{XeA7psvL`l2HV`< zm2db2#aBx~H+

$3+&tkTYg{cTGaL&_=pgFzTEVYsdW}B3|-*X?NbZqF@Hu-r0Z` z)Q?~G{M2ORvLD%2`s49t*md>ygxGeNHRGC4DMjDw6>0Ogw36Sh6Ly%g^0xD$ikp9& z!ZQ=EEmnwA@psR1=ZlYsjVxTOMB5a0SZh{@Lj}cT1?eBJ=HMQWgnC#>i`LLl&l1Gg zh06R}-*x=VO;J39Q!beZ*y)(aT@VRh&lBh_$~+Q8 zjuNlM?CyDvp&FC=QK#<R`V2Y>=ZIJy#lJ!08+!hoBtE{53q|B%pS(|$0yIfnQt(i{m}}jJsb#Z z0OBuK4DlZV;4YqaF!;Yg50seE2m#}}fchW(1qcGslmB1E;Z`u13!LkZFTQ`1fO(wpnplt|0&?_Da~I6IF$ZXz<(2*f5QJh5d9VY eqx>)M{|-xP%J+c2``z)lAQhk|9pC@{^?v{&t^c?H literal 0 HcmV?d00001